| CVE-2023-0709 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_last_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:14 | Deep Dive |
| CVE-2023-0693 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:13 | Deep Dive |
| CVE-2023-0694 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:12 | Deep Dive |
| CVE-2023-0695 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:12 | Deep Dive |
| CVE-2023-1888 | Directorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege Escalation | wpwax | Directorist: AI-Powered Business Directory, Listings & Classified Ads | High | 8.8 | 2023-06-09 05:33:09 | Deep Dive |
| CVE-2021-4381 | uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route | stylemix | Directory Listings WordPress plugin – uListing | Critical | 9.8 | 2023-06-07 01:51:55 | Deep Dive |
| CVE-2021-4383 | WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Content Injection | labibahmed42 | WP Quick FrontEnd Editor – WordPress Plugin | High | 8.1 | 2023-06-07 01:51:53 | Deep Dive |
| CVE-2021-4378 | WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting | labibahmed42 | WP Quick FrontEnd Editor – WordPress Plugin | Medium | 6.4 | 2023-06-07 01:51:50 | Deep Dive |
| CVE-2021-4374 | WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update | ValvePress | WordPress Automatic Plugin | Critical | 9.1 | 2023-06-07 01:51:44 | Deep Dive |
| CVE-2021-4370 | uListing <= 1.6.6 - Missing Authorization | stylemix | Directory Listings WordPress plugin – uListing | Critical | 9.8 | 2023-06-07 01:51:43 | Deep Dive |
| CVE-2021-4371 | WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change | labibahmed42 | WP Quick FrontEnd Editor – WordPress Plugin | Medium | 4.3 | 2023-06-07 01:51:42 | Deep Dive |
| CVE-2019-25145 | Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection | smub | Contact Form & SMTP Plugin for WordPress by PirateForms | High | 7.2 | 2023-06-07 01:51:34 | Deep Dive |
| CVE-2021-4364 | JobSearch WP Job Board < = 1.8.1 - Missing Authorization on jobsearch_update_job_import_schedule_call() function | eyecix | JobSearch WP Job Board | Medium | 4.3 | 2023-06-07 01:51:31 | Deep Dive |
| CVE-2019-25141 | Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update | smub | Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more | Critical | 9.8 | 2023-06-07 01:51:29 | Deep Dive |
| CVE-2021-4361 | JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Arbitrary Options Update | eyecix | JobSearch WP Job Board | High | 8.8 | 2023-06-07 01:51:29 | Deep Dive |
| CVE-2021-4363 | WP Quick FrontEnd Editor <= 5.5 - Reflected Cross-Site Scripting | labibahmed42 | WP Quick FrontEnd Editor – WordPress Plugin | Medium | 6.1 | 2023-06-07 01:51:28 | Deep Dive |
| CVE-2021-4357 | uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion | stylemix | Directory Listings WordPress plugin – uListing | Critical | 9.1 | 2023-06-07 01:51:26 | Deep Dive |
| CVE-2021-4352 | JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Settings Change | eyecix | JobSearch WP Job Board | Medium | 5.3 | 2023-06-07 01:51:21 | Deep Dive |
| CVE-2021-4345 | uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion | stylemix | Directory Listings WordPress plugin – uListing | Medium | 6.5 | 2023-06-07 01:51:18 | Deep Dive |
| CVE-2021-4346 | uListing <= 1.6.6 - Unauthenticated Arbitrary Account Changes | stylemix | Directory Listings WordPress plugin – uListing | Critical | 9.8 | 2023-06-07 01:51:17 | Deep Dive |