| CVE-2024-11382 | Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | commonninja | Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites | Medium | 6.4 | 2025-01-07 04:22:23 | Deep Dive |
| CVE-2024-12419 | Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting | tobias_conrad | WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms | Medium | 6.5 | 2025-01-07 03:21:56 | Deep Dive |
| CVE-2024-11934 | Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | formaloo | Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce | Medium | 6.4 | 2025-01-07 03:21:55 | Deep Dive |
| CVE-2024-12528 | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | pantherius | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress | Medium | 6.4 | 2025-01-07 03:21:55 | Deep Dive |
| CVE-2024-11930 | Taskbuilder – WordPress Project & Task Management plugin <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppm_tasks Shortcode | taskbuilder | Taskbuilder – Project Management & Task Management Tool With Kanban Board | Medium | 6.4 | 2025-01-04 08:22:52 | Deep Dive |
| CVE-2024-12701 | WP Smart Import : Import any XML File to WordPress <= 1.1.2 - Reflected Cross-Site Scripting | xylus | WP Smart Import : Import any XML File to WordPress | Medium | 6.1 | 2025-01-04 07:24:23 | Deep Dive |
| CVE-2024-11733 | WordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution | hcabrera | WP Popular Posts | High | 7.3 | 2025-01-03 22:22:06 | Deep Dive |
| CVE-2024-56302 | WordPress ConvertCalculator for WordPress plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability | jorisderuiter | ConvertCalculator for WordPress | Medium | 6.5 | 2025-01-02 12:01:32 | Deep Dive |
| CVE-2024-56245 | WordPress Premium Blocks plugin <= 2.1.42 - Cross Site Scripting (XSS) vulnerability | Leap13 | Premium Blocks – Gutenberg Blocks for WordPress | Medium | 6.5 | 2025-01-02 12:01:20 | Deep Dive |
| CVE-2024-56022 | WordPress Preloader by WordPress Monsters plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability | WordPress Monsters | Preloader by WordPress Monsters | High | 7.1 | 2025-01-02 12:01:11 | Deep Dive |
| CVE-2023-46644 | WordPress WordPress CTA plugin <= 1.5.8 - Broken Access Control vulnerability | Blend Media | WordPress CTA | Medium | 6.5 | 2025-01-02 12:00:28 | Deep Dive |
| CVE-2023-45636 | WordPress Backup & Migration plugin <= 1.4.1 - Broken Access Control vulnerability | WebToffee | WordPress Backup & Migration | 中危 | - | 2025-01-02 11:59:53 | Deep Dive |
| CVE-2024-12636 | Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.2.7 - Cross-Site Request Forgery | wplegalpages | Privacy Policy Generator – WPLP Legal Pages | Medium | 4.3 | 2024-12-25 04:22:04 | Deep Dive |
| CVE-2024-12272 | WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion | wptravelengine | WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor | High | 8.8 | 2024-12-25 03:21:32 | Deep Dive |
| CVE-2024-12032 | Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection | themefic | Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin | Medium | 6.5 | 2024-12-25 03:21:31 | Deep Dive |
| CVE-2024-12268 | Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | cyberchimps | Responsive Blocks – Page Builder for Blocks & Patterns | Medium | 6.4 | 2024-12-24 11:09:49 | Deep Dive |
| CVE-2024-12100 | Bitcoin Lightning Publisher for WordPress <= 1.4.1 - Reflected Cross-Site Scripting | getalby | Bitcoin Lightning Publisher for WordPress | Medium | 6.1 | 2024-12-24 05:23:45 | Deep Dive |
| CVE-2024-12622 | WordPress Simple Shopping Cart <= 5.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | mra13 | Simple Shopping Cart | Medium | 6.4 | 2024-12-24 05:23:44 | Deep Dive |
| CVE-2024-11938 | One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode | wpswings | One Click Upsell Funnel for Woocommerce | Medium | 6.4 | 2024-12-21 07:03:00 | Deep Dive |
| CVE-2024-12771 | eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset | implecode | eCommerce Product Catalog Plugin for WordPress | High | 8.8 | 2024-12-21 07:02:59 | Deep Dive |