| CVE-2024-12184 | WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download | cimatti | Contact Forms by Cimatti | Medium | 5.3 | 2025-02-01 03:21:12 | Deep Dive |
| CVE-2025-24563 | WordPress Cleanup – Directory Listing & Classifieds plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | themeglow | Cleanup – Directory Listing & Classifieds WordPress Plugin | High | 7.1 | 2025-01-31 08:24:40 | Deep Dive |
| CVE-2024-13220 | Google Map Professional <= 1.0 - Reflected XSS | Unknown | WordPress Google Map Professional (Map In Your Language) | 中危 | - | 2025-01-31 06:00:16 | Deep Dive |
| CVE-2024-12275 | CanvasFlow <= 1.5.5 - Reflected XSS | Unknown | Canvasflow for WordPress | 中危 | - | 2025-01-31 06:00:04 | Deep Dive |
| CVE-2024-13216 | HT Event – WordPress Event Manager Plugin for Elementor <= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor | devitemsllc | HT Event – WordPress Event Manager Plugin for Elementor | Medium | 4.3 | 2025-01-31 05:22:33 | Deep Dive |
| CVE-2024-13397 | WPRadio – WordPress Radio Streaming Plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | casterfm | WPRadio – WordPress Radio Streaming Plugin | Medium | 6.4 | 2025-01-31 02:24:19 | Deep Dive |
| CVE-2024-13596 | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) SQL Injection | pantherius | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress | Medium | 6.5 | 2025-01-30 13:42:07 | Deep Dive |
| CVE-2024-13742 | iControlWP – Multiple WordPress Site Manager <= 4.4.5 - Unauthenticated PHP Object Injection | paultgoodchild | iControlWP | Critical | 9.8 | 2025-01-30 13:42:00 | Deep Dive |
| CVE-2024-13453 | Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution | smub | Contact Form & SMTP Plugin for WordPress by PirateForms | High | 7.3 | 2025-01-30 11:10:20 | Deep Dive |
| CVE-2024-13732 | Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via section_tag Parameter | cyberchimps | Responsive Blocks – Page Builder for Blocks & Patterns | Medium | 6.4 | 2025-01-30 08:21:25 | Deep Dive |
| CVE-2024-13509 | WS Form LITE and PRO <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting | westguard | WS Form LITE – Drag & Drop Contact Form Builder | High | 7.2 | 2025-01-28 06:38:42 | Deep Dive |
| CVE-2024-12807 | Social Share Buttons for WordPress <= 2.7 - Admin+ Stored XSS | Unknown | Social Share Buttons for WordPress | 中危 | - | 2025-01-28 06:00:11 | Deep Dive |
| CVE-2024-11135 | Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees | imithemes | Eventer - WordPress Event & Booking Manager Plugin | High | 7.5 | 2025-01-28 04:21:33 | Deep Dive |
| CVE-2024-13117 | Social Share Buttons for WordPress <= 2.7 - Unauthenticated Image Upload & Path Traversal | Unknown | Social Share Buttons for WordPress | 中危 | - | 2025-01-27 06:00:12 | Deep Dive |
| CVE-2024-13562 | Import WP – Export and Import CSV and XML files to WordPress <= 2.14.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | jcollings | Import WP – Export and Import CSV and XML files to WordPress | High | 7.5 | 2025-01-25 11:22:35 | Deep Dive |
| CVE-2024-13370 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.5 | 2025-01-25 07:24:20 | Deep Dive |
| CVE-2024-13368 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 4.3 | 2025-01-25 07:24:17 | Deep Dive |
| CVE-2024-13458 | WordPress SEO Friendly Accordion FAQ with AI assisted content generation <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | qchantelnotice | WordPress SEO Friendly Accordion FAQ with AI assisted content generation | Medium | 6.4 | 2025-01-25 07:24:16 | Deep Dive |
| CVE-2024-12113 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 4.3 | 2025-01-25 07:24:16 | Deep Dive |
| CVE-2024-13599 | LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.4 | 2025-01-25 07:24:16 | Deep Dive |