| CVE-2024-10852 | Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Export | northmule | Buy one click WooCommerce | Medium | 4.3 | 2024-11-13 02:02:29 | Deep Dive |
| CVE-2024-49026 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft | Microsoft Office 2019 | High | 7.8 | 2024-11-12 17:54:21 | Deep Dive |
| CVE-2024-50478 | WordPress 1-Click Login: Passwordless Authentication plugin 1.4.5 - Broken Authentication vulnerability | swoopbrandon | 1-Click Login: Passwordless Authentication | Critical | 9.8 | 2024-10-28 12:32:27 | Deep Dive |
| CVE-2024-49306 | WordPress WP Content Copy Protection & No Right Click plugin <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability | wp-buy | WP Content Copy Protection & No Right Click | Medium | 5.3 | 2024-10-20 10:13:40 | Deep Dive |
| CVE-2024-10055 | Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode | ninjateam | WP Click to Chat – Email, Live Chat, Call & Book Now Buttons | Medium | 6.4 | 2024-10-18 07:35:26 | Deep Dive |
| CVE-2024-49281 | WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability | Ninja Team | Click to Chat – WP Support All-in-One Floating Widget | Medium | 6.5 | 2024-10-17 19:15:28 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-9071 | Easy Demo Importer – A Modern One-Click Demo Import Solution <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | sigmadevs | Easy Demo Importer – A Modern One-Click Demo Import Solution | Medium | 6.4 | 2024-10-04 09:30:41 | Deep Dive |
| CVE-2024-38749 | WordPress Olive One Click Demo Import plugin <= 1.1.2 - Sensitive Data Exposure vulnerability | Olive Themes | Olive One Click Demo Import | Medium | 5.3 | 2024-08-13 10:22:40 | Deep Dive |
| CVE-2024-6872 | Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme Update | templatespare | TemplateSpare – 1000+ WordPress Starter Templates & Full Site Migration Tool | 1-Click Import/Export & No-Code Builder | Medium | 4.3 | 2024-08-03 11:37:39 | Deep Dive |
| CVE-2024-6546 | One Click Close Comments <= 2.7.1 - Unauthenticated Full Path Disclosure | coffee2code | One Click Close Comments | Medium | 5.3 | 2024-07-27 01:51:07 | Deep Dive |
| CVE-2024-6836 | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update | amans2k | FunnelKit – Funnel Builder for WooCommerce Checkout | Medium | 4.3 | 2024-07-24 05:31:56 | Deep Dive |
| CVE-2024-6397 | InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.44 - Authentication Bypass to Admin | instawp | InstaWP Connect – 1-click WP Staging & Migration | Critical | 9.8 | 2024-07-11 03:33:20 | Deep Dive |
| CVE-2024-5641 | One Click Order Re-Order <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | cedcommerce | One Click Order Re-Order | Medium | 6.4 | 2024-07-04 07:32:28 | Deep Dive |
| CVE-2024-5192 | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload | amans2k | FunnelKit – Funnel Builder for WooCommerce Checkout | Medium | 6.4 | 2024-06-29 04:33:28 | Deep Dive |
| CVE-2024-4615 | Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Horizontal Nav Menu Widget | elespare | EleSpare – News, Magazine and Blog Addons for Elementor | Medium | 6.4 | 2024-06-13 07:31:53 | Deep Dive |
| CVE-2024-4898 | InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation | instawp | InstaWP Connect – 1-click WP Staging & Migration | Critical | 9.8 | 2024-06-12 11:05:08 | Deep Dive |
| CVE-2024-32715 | WordPress Olive One Click Demo Import plugin <= 1.1.1 - Arbitrary File Download vulnerability | Olive Themes | Olive One Click Demo Import | 中危 | - | 2024-06-09 16:53:52 | Deep Dive |
| CVE-2024-34433 | WordPress One Click Demo Import plugin <=3.2.0 - PHP Object Injection vulnerability | OCDI | One Click Demo Import | Medium | 4.4 | 2024-05-09 12:00:35 | Deep Dive |
| CVE-2023-6810 | ClickCease Click Fraud Protection <= 3.2.4 - Improper Authorization to sensitive information exposure via get_settings | eranfl | ClickCease Click Fraud Protection | Medium | 4.3 | 2024-05-07 09:31:49 | Deep Dive |