| CVE-2024-10581 | DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update | designinvento | DirectoryPress Frontend | Medium | 4.3 | 2025-02-15 11:26:47 | Deep Dive |
| CVE-2024-12037 | Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.4 | 2025-01-31 11:11:11 | Deep Dive |
| CVE-2024-13504 | Shared Files – Frontend File Upload Form & Secure File Sharing <= 1.7.42 - Limited Unauthenticated Stored Cross-Site Scripting via File Upload | anssilaitila | Shared Files – Frontend File Upload Form & Secure File Sharing | High | 7.2 | 2025-01-31 05:22:35 | Deep Dive |
| CVE-2024-13584 | Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.19 - Authenticated (Contributor+) Stored Cross-Site Scripting | videowhisper | Picture Gallery – Frontend Image Uploads, AJAX Photo List | Medium | 6.4 | 2025-01-22 03:21:31 | Deep Dive |
| CVE-2024-12696 | Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via videowhisper_picture_upload_guest Shortcode | videowhisper | Picture Gallery – Frontend Image Uploads, AJAX Photo List | Medium | 6.4 | 2025-01-18 07:05:10 | Deep Dive |
| CVE-2023-45002 | WordPress WP User Frontend plugin <= 3.6.8 - Broken Access Control vulnerability | weDevs | WP User Frontend | Medium | 4.3 | 2025-01-02 11:59:47 | Deep Dive |
| CVE-2024-11722 | Frontend Admin by DynamiApps <= 3.25.1 - Unauthenticated SQL Injection | shabti | Frontend Admin by DynamiApps | Medium | 5.9 | 2024-12-21 09:23:55 | Deep Dive |
| CVE-2024-55864 | WordPress plugin My WP Customize Admin/Frontend 跨站脚本漏洞 | gqevu6bsiz | My WP Customize Admin/Frontend | 中危 | - | 2024-12-17 04:43:54 | Deep Dive |
| CVE-2024-11721 | Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation | shabti | Frontend Admin by DynamiApps | High | 8.1 | 2024-12-14 08:26:40 | Deep Dive |
| CVE-2024-11720 | Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Stored Cross-Site Scripting | shabti | Frontend Admin by DynamiApps | High | 7.2 | 2024-12-14 08:26:39 | Deep Dive |
| CVE-2023-31073 | WordPress Shortcode to display post and user data plugin <= 1.2.0 - Broken Access Control vulnerability | Jose Vega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 4.3 | 2024-12-09 11:31:00 | Deep Dive |
| CVE-2024-11457 | Feedpress Generator – External RSS Frontend Customizer <= 1.2.1 - Reflected Cross-Site Scripting | spartac | Feedpress Generator – External RSS Frontend Customizer | Medium | 6.1 | 2024-12-07 11:09:54 | Deep Dive |
| CVE-2024-9689 | Post From Frontend <= 1.0.0 - Post Deletion via CSRF | Unknown | Post From Frontend | - | - | 2024-11-05 06:00:08 | Deep Dive |
| CVE-2016-15042 | Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload | nmedia | N-Media Post Front-end Form | Critical | 9.8 | 2024-10-16 07:31:50 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-39319 | aimeos/ai-controller-frontend has IDOR vulnerability in account profile page | aimeos | ai-controller-frontend | - | - | 2024-09-26 16:07:01 | Deep Dive |
| CVE-2024-8290 | WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation | wclovers | WCFM – Frontend Manager for WooCommerce | High | 8.8 | 2024-09-25 06:49:01 | Deep Dive |
| CVE-2024-8246 | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | High | 8.8 | 2024-09-14 03:19:27 | Deep Dive |
| CVE-2024-8268 | Frontend Dashboard <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call | vinoth06 | Frontend Dashboard | High | 8.8 | 2024-09-10 02:05:11 | Deep Dive |
| CVE-2024-8427 | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update | wpshuffle | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin | Medium | 4.3 | 2024-09-06 06:50:55 | Deep Dive |