| CVE-2024-11893 | Spoki – Chat Buttons and WooCommerce Notifications <= 2.15.15 - Authenticated (Contributor+) Stored Cross-Site Scripting | spoki | Spoki – Chat Buttons and WooCommerce Notifications | Medium | 6.4 | 2024-12-20 06:59:09 | Deep Dive |
| CVE-2024-54386 | WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability | pushmonkey | Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart | High | 7.1 | 2024-12-16 14:14:08 | Deep Dive |
| CVE-2024-11410 | Top and footer bars for announcements, notifications, advertisements, promotions – YooBar <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | sharabindu | Yoo Bar – Floating Notification & Promo Bar for Website | Medium | 6.4 | 2024-12-12 04:23:12 | Deep Dive |
| CVE-2024-11436 | Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! <= 1.4.19 - Reflected Cross-Site Scripting | genetechproducts | Pie Forms — Drag & Drop Form Builder | Medium | 6.1 | 2024-12-07 01:45:48 | Deep Dive |
| CVE-2024-51653 | WordPress UPDATE NOTIFICATIONS plugin <= 0.3.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | akira1891 | UPDATE NOTIFICATIONS | High | 7.1 | 2024-11-19 16:32:21 | Deep Dive |
| CVE-2024-52408 | WordPress Push Notifications for WordPress by PushAssist plugin <= 3.0.8 - Arbitrary File Upload vulnerability | pushassist | Push Notifications for WordPress by PushAssist | Critical | 9.9 | 2024-11-16 21:44:42 | Deep Dive |
| CVE-2024-10233 | SMSAlert - WooCommerce <= 3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_subscribe Shortcode | cozyvision1 | SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery | Medium | 6.4 | 2024-10-29 11:01:36 | Deep Dive |
| CVE-2024-1955 | Hide Dashboard Notifications <= 1.3 - Missing Authorization to Authenticated(Contributor+) Plugin Settings Modification | wprepublic | Hide Dashboard Notifications | Medium | 4.3 | 2024-06-21 02:05:43 | Deep Dive |
| CVE-2024-5207 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2024-05-30 05:33:15 | Deep Dive |
| CVE-2024-34369 | WordPress Web Push Notifications – Webpushr plugin <= 4.35.0 - Cross Site Scripting (XSS) vulnerability | Webpushr Web Push Notifications | Webpushr | High | 7.1 | 2024-05-06 18:32:39 | Deep Dive |
| CVE-2024-33683 | WordPress Hide Dashboard Notifications plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability | WP Republic | Hide Dashboard Notifications | Medium | 4.3 | 2024-04-26 10:33:18 | Deep Dive |
| CVE-2024-1205 | Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring <= 1.2.2 - Authenticated (Subscriber+) Arbitrary File Upload | israelb1 | Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring | High | 8.8 | 2024-03-20 06:48:27 | Deep Dive |
| CVE-2024-1489 | SMS Alert Order Notifications – WooCommerce <= 3.6.9 - Cross-Site Request Forgery | cozyvision1 | SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery | Medium | 4.3 | 2024-03-13 15:27:22 | Deep Dive |
| CVE-2023-6875 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Critical | 9.8 | 2024-01-11 08:33:06 | Deep Dive |
| CVE-2023-7027 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2024-01-03 04:29:34 | Deep Dive |
| CVE-2023-6629 | POST SMTP Mailer <= 2.8.6 - Reflected Cross-Site Scripting via msg | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 6.1 | 2024-01-03 04:29:34 | Deep Dive |
| CVE-2023-5620 | Webpushr < 4.35.0 - Unauthenticated Stored XSS | Unknown | Web Push Notifications | 高危 | - | 2023-11-27 16:22:07 | Deep Dive |
| CVE-2023-35041 | WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF) | Webpushr Web Push Notifications | Web Push Notifications – Webpushr | High | 8.8 | 2023-11-13 02:12:19 | Deep Dive |
| CVE-2021-4422 | POST SMTP Mailer <= 2.0.20 - Cross-Site Request Forgery Bypass | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 4.3 | 2023-07-12 06:52:35 | Deep Dive |
| CVE-2023-3082 | Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2023-07-12 04:38:46 | Deep Dive |