| CVE-2022-3360 | LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API | Unknown | LearnPress – WordPress LMS Plugin | 高危 | - | 2022-10-31 00:00:00 | Deep Dive |
| CVE-2021-36898 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. SQL Injection (SQLi) vulnerability | ExpressTech | Quiz And Survey Master (WordPress plugin) | Critical | 9.1 | 2022-10-28 17:07:26 | Deep Dive |
| CVE-2021-36864 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability | ExpressTech | Quiz And Survey Master (WordPress plugin) | Low | 3.4 | 2022-10-28 17:05:30 | Deep Dive |
| CVE-2021-36863 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | ExpressTech | Quiz And Survey Master (WordPress plugin) | Medium | 5.4 | 2022-10-28 15:11:16 | Deep Dive |
| CVE-2021-36858 | WordPress Testimonials plugin <= 2.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | Themepoints | Testimonials (WordPress plugin) | Medium | 4.8 | 2022-10-28 15:09:34 | Deep Dive |
| CVE-2022-38104 | WordPress Accordions plugin <= 2.0.3 - Auth. WordPress Options Change vulnerability | Biplob Adhikari | Accordions – Multiple Accordions or FAQs Builder (WordPress plugin) | High | 7.2 | 2022-10-21 15:33:18 | Deep Dive |
| CVE-2022-40311 | WordPress Analytics Cat plugin <= 1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | Fatcat Apps | Analytics Cat – Google Analytics Made Easy (WordPress plugin) | Medium | 4.8 | 2022-10-21 15:32:12 | Deep Dive |
| CVE-2022-41638 | WordPress Pop-Up Chop Chop plugin <= 2.1.7 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | Chop-Chop | Pop-Up Chop Chop (WordPress plugin) | Medium | 5.4 | 2022-10-21 15:31:10 | Deep Dive |
| CVE-2022-26375 | WordPress AB Press Optimizer plugin <= 1.1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | Mammothology | AB Press Optimizer (WordPress plugin) | Medium | 4.8 | 2022-10-17 17:03:22 | Deep Dive |
| CVE-2022-3150 | WP Custom Cursors < 3.2 - Admin+ SQLi | Unknown | WP Custom Cursors | WordPress Cursor Plugin | 高危 | - | 2022-10-17 00:00:00 | Deep Dive |
| CVE-2022-41623 | WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 - Sensitive Data Exposure vulnerability | Villatheme | ALD - AliExpress Dropshipping and Fulfillment for WooCommerce (WordPress plugin) | High | 7.5 | 2022-10-14 19:37:10 | Deep Dive |
| CVE-2022-38086 | WordPress Shortcodes Ultimate plugin <= 5.12.0 - Cross-Site Request Forgery (CSRF) vulnerability | Vladimir Anokhin | Shortcodes Ultimate (WordPress plugin) | Medium | 5.4 | 2022-10-11 19:35:29 | Deep Dive |
| CVE-2021-36915 | WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability | Cozmoslabs | Profile Builder – User Profile & User Registration Forms (WordPress plugin) | Medium | 4.2 | 2022-10-11 19:34:00 | Deep Dive |
| CVE-2021-36913 | Redirection for Contact Form 7 <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability | Qube One | Redirection for Contact Form 7 (WordPress plugin) | High | 7.5 | 2022-10-11 17:04:23 | Deep Dive |
| CVE-2021-36899 | WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability | Gabe Livan | Asset CleanUp: Page Speed Booster (WordPress plugin) | Medium | 4.8 | 2022-10-11 17:02:10 | Deep Dive |
| CVE-2022-33978 | WordPress FontMeister plugin <= 1.08 - Reflected Cross-Site Scripting (XSS) vulnerability | Sayontan Sinha | FontMeister (WordPress plugin) | Medium | 6.1 | 2022-10-11 17:00:20 | Deep Dive |
| CVE-2022-2823 | Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting | Unknown | Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin | 中危 | - | 2022-10-10 00:00:00 | Deep Dive |
| CVE-2022-3137 | TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload | Unknown | Taskbuilder – WordPress Project & Task Management plugin | 中危 | - | 2022-10-10 00:00:00 | Deep Dive |
| CVE-2021-36865 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Insecure direct object references (IDOR) vulnerability | ExpressTech | Quiz And Survey Master (WordPress plugin) | Low | 3.8 | 2022-09-30 18:52:42 | Deep Dive |
| CVE-2021-36855 | WordPress Booking Ultra Pro plugin <= 1.1.4 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability | Booking Ultra Pro | Booking Ultra Pro (WordPress plugin) | Medium | 6.1 | 2022-09-30 16:53:48 | Deep Dive |