| CVE-2024-47356 | WordPress Create theme <= 2.9.1 - Cross Site Scripting (XSS) vulnerability | catchthemes | Create | Medium | 5.1 | 2024-10-06 10:01:28 | Deep Dive |
| CVE-2024-8242 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Authenticated (Subscriber+) Limited Arbitrary File Upload | inspireui | MStore API – Create Native Android & iOS Apps On The Cloud | Medium | 4.3 | 2024-09-13 15:10:46 | Deep Dive |
| CVE-2024-8269 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration | inspireui | MStore API – Create Native Android & iOS Apps On The Cloud | High | 7.3 | 2024-09-13 15:10:39 | Deep Dive |
| CVE-2024-2541 | Popup Builder <= 4.3.6 - Sensitive Information Exposure via Imported Subscribers CSV File | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | Medium | 5.3 | 2024-08-29 12:31:09 | Deep Dive |
| CVE-2024-43264 | WordPress Create by Mediavine plugin <= 1.9.8 - Sensitive Data Exposure vulnerability | mischiefmarmot | Create by Mediavine | Medium | 5.3 | 2024-08-26 20:12:13 | Deep Dive |
| CVE-2024-7651 | App Builder – Create Native Android & iOS Apps On The Flight <= 4.3.3 - Unauthenticated Limited SQL Injection via app-builder-search | appcheap | App Builder – Create Native Android & iOS Apps On The Flight | Medium | 5.6 | 2024-08-21 05:30:24 | Deep Dive |
| CVE-2024-7628 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.2 - Authentication Bypass to Account Takeover | inspireui | MStore API – Create Native Android & iOS Apps On The Cloud | High | 8.1 | 2024-08-15 02:30:37 | Deep Dive |
| CVE-2024-6836 | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update | amans2k | FunnelKit – Funnel Builder for WooCommerce Checkout | Medium | 4.3 | 2024-07-24 05:31:56 | Deep Dive |
| CVE-2024-37495 | WordPress Create by Mediavine plugin <= 1.9.7 - Cross Site Scripting (XSS) vulnerability | mischiefmarmot | Create by Mediavine | Medium | 6.5 | 2024-07-21 07:26:58 | Deep Dive |
| CVE-2024-37948 | WordPress Caxton – Create Pro page layouts in Gutenberg plugin <= 1.30.1 - Cross Site Scripting (XSS) vulnerability | PootlePress | Caxton – Create Pro page layouts in Gutenberg | Medium | 6.5 | 2024-07-20 08:29:38 | Deep Dive |
| CVE-2024-5902 | UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter | smub | UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds | High | 7.2 | 2024-07-12 21:30:46 | Deep Dive |
| CVE-2024-6328 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.14.7 - Authentication Bypass | inspireui | MStore API – Create Native Android & iOS Apps On The Cloud | Critical | 9.8 | 2024-07-12 10:59:56 | Deep Dive |
| CVE-2024-5192 | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload | amans2k | FunnelKit – Funnel Builder for WooCommerce Checkout | Medium | 6.4 | 2024-06-29 04:33:28 | Deep Dive |
| CVE-2024-5601 | Create by Mediavine <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Schema Meta Shortcode | mischiefmarmot | Create | Medium | 6.4 | 2024-06-27 07:44:27 | Deep Dive |
| CVE-2024-4632 | WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | brainstormforce | CartFlows – Funnel Builder & Checkout Plugin for WooCommerce | Medium | 6.4 | 2024-06-19 08:33:58 | Deep Dive |
| CVE-2023-6696 | Popup Builder – Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | High | 8.1 | 2024-06-15 02:02:01 | Deep Dive |
| CVE-2024-2544 | Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | High | 7.4 | 2024-06-15 02:01:58 | Deep Dive |
| CVE-2023-6492 | Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices | dgwyer | Simple Sitemap – Create a Responsive HTML Sitemap | Medium | 4.3 | 2024-06-14 03:35:42 | Deep Dive |
| CVE-2024-2506 | Popup Builder <= 4.2.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | Medium | 6.4 | 2024-06-01 06:51:49 | Deep Dive |
| CVE-2024-1679 | Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Templates | ukrsolution | Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce | Medium | 6.4 | 2024-05-02 16:52:35 | Deep Dive |