| CVE-2024-54274 | WordPress Octrace Support plugin <= 1.2.7 - Reflected Cross Site Scripting (XSS) vulnerability | Octrace | WordPress HelpDesk & Support Ticket System Plugin – Octrace Support | High | 7.1 | 2024-12-13 14:24:50 | Deep Dive |
| CVE-2024-54233 | WordPress Advanced Control Manager plugin <= 2.16.0 - Reflected Cross Site Scripting (XSS) vulnerability | overclokk | Advanced Control Manager for WordPress by ItalyStrap | High | 7.1 | 2024-12-13 14:24:28 | Deep Dive |
| CVE-2023-41951 | WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.6.14 - Broken Access Control vulnerability | rtCamp | rtMedia for WordPress, BuddyPress and bbPress | Medium | 4.3 | 2024-12-13 14:24:25 | Deep Dive |
| CVE-2023-33928 | WordPress WordPress Backup & Migration plugin <= 1.4.0 - Broken Access Control vulnerability | WebToffee | WordPress Backup & Migration | Medium | 4.3 | 2024-12-13 14:23:30 | Deep Dive |
| CVE-2022-47429 | WordPress Coming Soon Landing Page and Maintenance Mode WordPress Plugin plugin <= 2.2.0 - Broken Access Control | 8Degree Themes | Coming Soon Landing Page and Maintenance Mode WordPress Plugin | Medium | 5.3 | 2024-12-13 14:23:16 | Deep Dive |
| CVE-2024-9290 | Super Backup & Clone - Migrate for WordPress <= 2.3.3 - Unauthenticated Arbitrary File Upload | azzaroco | Super Backup & Clone - Migrate for WordPress | Critical | 9.8 | 2024-12-13 09:27:29 | Deep Dive |
| CVE-2024-11012 | Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text | ninjateam | Notibar – Notification Bar for WordPress | Medium | 6.3 | 2024-12-13 09:27:28 | Deep Dive |
| CVE-2024-11832 | Beaver Builder – WordPress Page Builder <= 2.8.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 6.4 | 2024-12-13 08:24:48 | Deep Dive |
| CVE-2024-12300 | AR for WordPress <= 7.3 - Missing Authorization to Unauthenticated Limited File Upload | webandprint | AR for WordPress | Low | 3.7 | 2024-12-13 03:24:35 | Deep Dive |
| CVE-2024-11766 | WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress | Medium | 6.4 | 2024-12-12 05:24:24 | Deep Dive |
| CVE-2024-10124 | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation | themehunk | Vayu Blocks – Website Builder for the Block Editor | Critical | 9.8 | 2024-12-12 05:24:22 | Deep Dive |
| CVE-2024-11765 | WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more | Medium | 6.4 | 2024-12-12 05:24:21 | Deep Dive |
| CVE-2024-11351 | Restrict – membership, site, content and user access restrictions for WordPress <= 2.2.8 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | tickera | Restrict – membership, site, content and user access restrictions for WordPress | Medium | 5.3 | 2024-12-11 12:24:19 | Deep Dive |
| CVE-2024-11868 | LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2024-12-10 12:25:00 | Deep Dive |
| CVE-2024-11205 | WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | High | 8.5 | 2024-12-10 04:23:41 | Deep Dive |
| CVE-2023-23716 | WordPress Zendesk Support for WordPress plugin <= 1.8.4 - Broken Access Control vulnerability | zendesk_official | Zendesk Support for WordPress | Medium | 4.3 | 2024-12-09 11:31:54 | Deep Dive |
| CVE-2023-23887 | WordPress Easy Google Analytics for WordPress plugin <= 1.6.0 - Broken Access Control vulnerability | Shahjada | Easy Google Analytics for WordPress | Medium | 5.3 | 2024-12-09 11:31:46 | Deep Dive |
| CVE-2023-24375 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 - Broken Access Control vulnerability | miniOrange | WordPress Social Login and Register | Low | 3.5 | 2024-12-09 11:31:41 | Deep Dive |
| CVE-2023-25455 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.6.0 - Arbitrary Content Deletion vulnerability | miniOrange | WordPress Social Login and Register | Medium | 5.3 | 2024-12-09 11:31:33 | Deep Dive |
| CVE-2023-28165 | WordPress Backup Bank: WordPress Backup Plugin plugin <= 4.0.28 - Broken Access Control vulnerability | Varun Sharma | Backup Bank: WordPress Backup Plugin | Medium | 4.3 | 2024-12-09 11:31:20 | Deep Dive |