| CVE-2024-0957 | WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.1 - Unauthenticated Stored Cross-Site Scripting | webtoffee | WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels | Medium | 6.1 | 2024-03-22 02:00:00 | Deep Dive |
| CVE-2023-52229 | WordPress Word Replacer Pro plugin <= 1.0 - Broken Access Control vulnerability | Save as PDF plugin by Pdfcrowd | Word Replacer Pro | Medium | 6.5 | 2024-03-20 11:26:28 | Deep Dive |
| CVE-2024-29141 | WordPress PDF Embedder plugin <= 4.6.4 - Cross Site Scripting (XSS) vulnerability | PDF Embedder | PDF Embedder | Medium | 6.5 | 2024-03-19 13:19:09 | Deep Dive |
| CVE-2023-51486 | WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.101 - Cross Site Request Forgery (CSRF) vulnerability | EDGARROJAS | WooCommerce PDF Invoice Builder | Medium | 5.4 | 2024-03-16 01:05:46 | Deep Dive |
| CVE-2024-25097 | WordPress TNC PDF viewer Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS) | ThemeNcode LLC | TNC PDF viewer | Medium | 6.5 | 2024-03-13 15:58:37 | Deep Dive |
| CVE-2024-1802 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-03-07 20:33:26 | Deep Dive |
| CVE-2024-2128 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-03-07 19:32:59 | Deep Dive |
| CVE-2024-1773 | PDF Invoices and Packing Slips For WooCommerce <= 1.3.7 - Authenticated (Subscriber+) PHP Object Injection | acowebs | PDF Invoices and Packing Slips For WooCommerce | High | 8.8 | 2024-03-07 18:49:18 | Deep Dive |
| CVE-2024-1081 | 3D FlipBook – PDF Flipbook WordPress <= 1.15.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks | iberezansky | 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery | Medium | 6.4 | 2024-02-21 06:47:57 | Deep Dive |
| CVE-2024-1090 | ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in stopOptimizeAll | imagerecycle | ImageRecycle pdf & image compression | Medium | 4.3 | 2024-02-20 18:56:51 | Deep Dive |
| CVE-2024-0984 | ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in disableOptimization | imagerecycle | ImageRecycle pdf & image compression | Medium | 4.3 | 2024-02-20 18:56:46 | Deep Dive |
| CVE-2024-1336 | ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in optimizeAllOn | imagerecycle | ImageRecycle pdf & image compression | Medium | 4.3 | 2024-02-20 18:56:45 | Deep Dive |
| CVE-2024-1335 | ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in disableOptimization | imagerecycle | ImageRecycle pdf & image compression | Medium | 4.3 | 2024-02-20 18:56:42 | Deep Dive |
| CVE-2024-1089 | ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in optimizeAllOn | imagerecycle | ImageRecycle pdf & image compression | Medium | 4.3 | 2024-02-20 18:56:37 | Deep Dive |
| CVE-2024-1338 | ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in stopOptimizeAll | imagerecycle | ImageRecycle pdf & image compression | Medium | 4.3 | 2024-02-20 18:56:32 | Deep Dive |
| CVE-2024-1349 | EmbedPress <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-02-20 18:56:32 | Deep Dive |
| CVE-2024-1425 | EmbedPress <= 3.9.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-02-20 18:56:31 | Deep Dive |
| CVE-2024-1091 | ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Plugin Data Removal in reinitialize | imagerecycle | ImageRecycle pdf & image compression | Medium | 4.3 | 2024-02-20 18:56:26 | Deep Dive |
| CVE-2024-1339 | ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Plugin Data Removal in reinitialize | imagerecycle | ImageRecycle pdf & image compression | Medium | 4.3 | 2024-02-20 18:56:24 | Deep Dive |
| CVE-2024-0983 | ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in enableOptimization | imagerecycle | ImageRecycle pdf & image compression | Medium | 4.3 | 2024-02-20 18:56:21 | Deep Dive |