| CVE-2024-9942 | WPGYM <= 67.1.0 - Unauthenticated Arbitrary File Upload | dasinfomedia | WPGYM - Wordpress Gym Management System | Critical | 9.8 | 2024-11-23 07:38:06 | Deep Dive |
| CVE-2024-9660 | School Management <= 91.5.0 - Authenticated (Student+) Arbitrary File Upload | dasinfomedia | School Management System for Wordpress | High | 8.8 | 2024-11-23 07:38:04 | Deep Dive |
| CVE-2024-10886 | Tribute Testimonials – WordPress Testimonial Grid/Slider <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | boomdevs | Tribute Testimonials – WordPress Testimonial Grid/Slider | Medium | 6.4 | 2024-11-23 03:25:50 | Deep Dive |
| CVE-2024-10869 | GuardGiant Brute Force Protection <= 2.2.6 - Reflected Cross-Site Scripting | guardgiant | WordPress Brute Force Protection – Stop Brute Force Attacks | Medium | 6.1 | 2024-11-23 03:25:47 | Deep Dive |
| CVE-2024-10792 | Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels <= 3.5.5 - Reflected Cross-Site Scripting | getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell | Medium | 6.1 | 2024-11-21 09:32:50 | Deep Dive |
| CVE-2024-11371 | Theater for WordPress <= 0.18.6.2 - Reflected Cross-Site Scripting | slimndap | Theater for WordPress | Medium | 6.1 | 2024-11-21 08:31:12 | Deep Dive |
| CVE-2024-11388 | Dino Game – Embed Google Chrome Dinosaur Game in WordPress <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | tahmidulkarim | Dino Game – Embed Google Chrome Dinosaur Game in your website | Medium | 6.4 | 2024-11-21 02:06:42 | Deep Dive |
| CVE-2024-50541 | WordPress Advanced Control Manager plugin <= 2.16.0 - Stored Cross Site Scripting (XSS) vulnerability | overclokk | Advanced Control Manager for WordPress by ItalyStrap | Medium | 6.5 | 2024-11-19 16:32:09 | Deep Dive |
| CVE-2024-51807 | WordPress AgendaPress plugin <= 1.0.8 - Stored Cross Site Scripting (XSS) vulnerability | Black and White | AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress | Medium | 6.5 | 2024-11-19 16:31:55 | Deep Dive |
| CVE-2024-11036 | GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.1.5 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earnings | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | High | 7.3 | 2024-11-19 11:02:29 | Deep Dive |
| CVE-2024-10388 | WordPress GDPR <= 2.0.2 - Unauthenticated Stored Cross-Site Scripting | welaunch | WordPress GDPR | High | 7.2 | 2024-11-19 07:35:27 | Deep Dive |
| CVE-2024-11069 | WordPress GDPR <= 2.0.2 - Missing Authorization to Unauthenticated Arbitrary User Deletion | welaunch | WordPress GDPR | Medium | 6.5 | 2024-11-19 07:35:26 | Deep Dive |
| CVE-2024-52431 | WordPress WP Video Robot plugin <= 1.20.0 - SQL Injection vulnerability | Pressaholic | WordPress Video Robot - The Ultimate Video Importer | Critical | 9.3 | 2024-11-18 14:37:54 | Deep Dive |
| CVE-2024-52408 | WordPress Push Notifications for WordPress by PushAssist plugin <= 3.0.8 - Arbitrary File Upload vulnerability | pushassist | Push Notifications for WordPress by PushAssist | Critical | 9.9 | 2024-11-16 21:44:42 | Deep Dive |
| CVE-2024-9887 | Login using WordPress Users ( WP as SAML IDP ) <= 1.15.6 - Authenticated (Administrator+) SQL Injection | cyberlord92 | SAML IDP (Identity Provider) – Login with Website Users | High | 7.2 | 2024-11-16 09:36:34 | Deep Dive |
| CVE-2024-10728 | PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation | wpxpo | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | High | 8.8 | 2024-11-16 04:29:15 | Deep Dive |
| CVE-2024-10015 | ConvertCalculator for WordPress <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and type Parameter | jorisderuiter | ConvertCalculator: Build Cost, Price, Quotation, ROI Interactive Calculators | Medium | 6.4 | 2024-11-16 03:20:50 | Deep Dive |
| CVE-2024-9192 | WP Video Robot <= 1.20.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update | pressaholic | WordPress Video Robot - The Ultimate Video Importer | High | 8.8 | 2024-11-16 03:20:45 | Deep Dive |
| CVE-2024-10104 | Jobs for WordPress < 2.7.8 - Contributor+ Stored XSS | Unknown | Jobs for WordPress | - | - | 2024-11-15 06:00:03 | Deep Dive |
| CVE-2024-10260 | Tripetto <= 8.0.11 - Unauthentiated Stored Cross-Site Scripting via Form File Upload | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | High | 7.2 | 2024-11-15 05:30:56 | Deep Dive |