| CVE-2022-37328 | WordPress History Timeline plugin <= 1.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | Themes Awesome | History Timeline (WordPress plugin) | Low | 3.4 | 2022-09-23 14:23:40 | Deep Dive |
| CVE-2022-36791 | WordPress Torro Forms plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | Awesome UG | Torro Forms (WordPress plugin) | Medium | 5.4 | 2022-09-23 14:22:10 | Deep Dive |
| CVE-2022-40310 | WordPress Rate my Post – WP Rating System plugin <= 3.3.4 - Race Condition vulnerability | Blaz K. | Rate my Post – WP Rating System (WordPress plugin) | Medium | 4.3 | 2022-09-23 14:20:52 | Deep Dive |
| CVE-2022-40671 | WordPress Rate my Post – WP Rating System plugin <= 3.3.4 - Cross-Site Request Forgery (CSRF) vulnerability | Blaz K. | Rate my Post – WP Rating System (WordPress plugin) | Medium | 4.3 | 2022-09-23 14:19:18 | Deep Dive |
| CVE-2022-38703 | WordPress Button Plugin MaxButtons plugin <= 9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | Max Foundry | WordPress Button Plugin MaxButtons (WordPress plugin) | Low | 3.4 | 2022-09-23 13:52:19 | Deep Dive |
| CVE-2022-40213 | WordPress GS Testimonial Slider plugin <= 1.9.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | GS Plugins | GS Testimonial Slider (WordPress plugin) | Medium | 4.1 | 2022-09-23 13:50:58 | Deep Dive |
| CVE-2022-38095 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability | AlgolPlus | Advanced Dynamic Pricing for WooCommerce (WordPress plugin) | Medium | 5.4 | 2022-09-23 13:41:53 | Deep Dive |
| CVE-2022-36798 | WordPress Mega Addons For WPBakery Page Builder plugin <= 4.2.7 - Cross-Site Request Forgery (CSRF) vulnerability | Topdigitaltrends | Mega Addons For WPBakery Page Builder (WordPress plugin) | Medium | 5.4 | 2022-09-23 13:40:26 | Deep Dive |
| CVE-2022-37339 | WordPress Meet My Team plugin <= 2.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | Fullworks | Meet My Team (WordPress plugin) | Medium | 4.1 | 2022-09-23 13:39:11 | Deep Dive |
| CVE-2022-37338 | WordPress Blossom Recipe Maker plugin <= 1.0.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | Blossomthemes | Blossom Recipe Maker (WordPress plugin) | Medium | 4.1 | 2022-09-23 13:35:05 | Deep Dive |
| CVE-2022-37330 | WordPress WHA Crossword plugin <= 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | WHA | WHA Crossword (WordPress plugin) | Medium | 5.4 | 2022-09-23 13:33:42 | Deep Dive |
| CVE-2022-40217 | WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Edit/Upload vulnerability | XplodedThemes | WPIDE – File Manager & Code Editor (WordPress plugin) | Medium | 6.5 | 2022-09-21 19:09:08 | Deep Dive |
| CVE-2022-38073 | WordPress Awesome Support plugin <= 6.0.7 - Multiple Authenticated Persistent XSS (Additional Interested Parties) | Awesome Support Team | Awesome Support (WordPress plugin) | Medium | 5.4 | 2022-09-21 19:07:43 | Deep Dive |
| CVE-2022-36365 | WordPress WHA Crossword plugin <= 1.1.10 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | WHA | WHA Crossword (WordPress plugin) | Medium | 5.4 | 2022-09-21 19:06:25 | Deep Dive |
| CVE-2022-36383 | WordPress Word Search Puzzles game plugin <= 2.0.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | WHA | Word Search Puzzles game (WordPress plugin) | Medium | 5.4 | 2022-09-21 19:05:05 | Deep Dive |
| CVE-2022-36390 | WordPress Event Calendar – Calendar plugin <= 1.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability | Totalsoft | Event Calendar – Calendar (WordPress plugin) | Medium | 4.1 | 2022-09-21 19:03:45 | Deep Dive |
| CVE-2022-36386 | WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability | Soflyy | Import any XML or CSV File to WordPress (WordPress plugin) | Critical | 9.1 | 2022-09-21 19:02:24 | Deep Dive |
| CVE-2022-40219 | WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability | SedLex | FavIcon Switcher (WordPress plugin) | Medium | 5.4 | 2022-09-21 19:00:58 | Deep Dive |
| CVE-2022-29489 | WordPress Sucuri Security plugin <= 1.8.33 - Cross-Site Request Forgery (CSRF) vulnerability | Sucuri Inc. | Sucuri Security (WordPress plugin) | 中危 | - | 2022-09-16 20:22:51 | Deep Dive |
| CVE-2022-38139 | WordPress RD Station plugin <= 5.2.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | RD Station | RD Station (WordPress plugin) | Medium | 5.4 | 2022-09-13 13:59:20 | Deep Dive |