| CVE-2024-12616 | Bitly's WordPress Plugin <= 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update | bitlydeveloper | Bitly's WordPress Plugin | Medium | 4.3 | 2025-01-09 11:11:03 | Deep Dive |
| CVE-2024-12605 | AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Cross-Site Request Forgery to Settings Update | opacewebdesign | Opace AI Scribe: SEO Content Creator & Humaizer for OpenAI & Anthropic | Medium | 4.3 | 2025-01-09 11:10:58 | Deep Dive |
| CVE-2024-11929 | Responsive FlipBook Plugin Wordpress <= 2.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting | mpc | Responsive FlipBook Plugin Wordpress | Medium | 6.4 | 2025-01-09 11:10:58 | Deep Dive |
| CVE-2024-12206 | Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion | stylemix | Pearl – Header Builder | Medium | 4.3 | 2025-01-09 11:10:57 | Deep Dive |
| CVE-2024-9939 | WordPress File Upload <= 4.24.13 - Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php | nickboss | Iptanus File Upload | High | 7.5 | 2025-01-08 08:18:17 | Deep Dive |
| CVE-2024-11635 | WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution | nickboss | Iptanus File Upload | Critical | 9.8 | 2025-01-08 07:18:39 | Deep Dive |
| CVE-2024-11613 | WordPress File Upload <= 4.24.15 - Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion | nickboss | Iptanus File Upload | Critical | 9.8 | 2025-01-08 06:41:36 | Deep Dive |
| CVE-2024-11270 | WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation | wpwebinarsystem | WebinarPress – Webinar System for WordPress | High | 8.8 | 2025-01-08 04:18:00 | Deep Dive |
| CVE-2024-11271 | WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Webinar Updates | wpwebinarsystem | WebinarPress – Webinar System for WordPress | High | 8.8 | 2025-01-08 04:17:59 | Deep Dive |
| CVE-2024-12112 | Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | hassantafreshi | Easy Form Builder by WhiteStudio — Drag & Drop Form Builder | Medium | 6.4 | 2025-01-08 03:18:11 | Deep Dive |
| CVE-2024-11816 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution | wpextended | The Ultimate WordPress Toolkit – WP Extended | High | 8.8 | 2025-01-08 03:18:11 | Deep Dive |
| CVE-2024-11916 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | wpextended | The Ultimate WordPress Toolkit – WP Extended | High | 7.4 | 2025-01-08 03:18:11 | Deep Dive |
| CVE-2024-12713 | SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 5.3 | 2025-01-08 03:18:10 | Deep Dive |
| CVE-2025-22503 | WordPress Admin debug wordpress – enable debug Plugin <= 1.0.13 - Cross Site Request Forgery vulnerability | digitalzoomstudio | Admin debug wordpress – enable debug | Medium | 4.3 | 2025-01-07 14:57:38 | Deep Dive |
| CVE-2024-11826 | Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | mdmag | Quill Forms | Conversational Multi Step Forms, Surveys & quizzes | Medium | 6.4 | 2025-01-07 11:11:12 | Deep Dive |
| CVE-2025-22349 | WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability | WP Marka | WordPress Auction Plugin | High | 7.6 | 2025-01-07 10:48:41 | Deep Dive |
| CVE-2024-12719 | WordPress File Upload <= 4.24.15 - Missing Authorization to Authenticated (Subscriber+) Limited Path Traversal | nickboss | Iptanus File Upload | Medium | 4.3 | 2025-01-07 09:22:15 | Deep Dive |
| CVE-2024-12781 | Aurum - WordPress & WooCommerce Shopping Theme <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Demo Content Import | Laborator | Aurum - WordPress & WooCommerce Shopping Theme | Medium | 4.3 | 2025-01-07 06:40:59 | Deep Dive |
| CVE-2024-8857 | WordPress Auction <= 3.7 - Editor+ Stored XSS | Unknown | WordPress Auction Plugin | 中危 | - | 2025-01-07 06:00:06 | Deep Dive |
| CVE-2024-8855 | WordPress Auction <= 3.7 - Editor+ SQL Injection | Unknown | WordPress Auction Plugin | 中危 | - | 2025-01-07 06:00:05 | Deep Dive |