| CVE-2024-3473 | Header Footer Code Manager Pro <= 1.0.16 - Reflected Cross-Site Scripting via message | 99robots | Header Footer Code Manager Pro | Medium | 6.1 | 2024-05-02 16:57:17 | Deep Dive |
| CVE-2024-3601 | Poll Maker – Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Email Enumeration | ays-pro | Poll Maker – Versus Polls, Anonymous Polls, Image Polls | Medium | 5.3 | 2024-05-02 16:52:54 | Deep Dive |
| CVE-2024-3897 | Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure | ays-pro | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | Medium | 5.3 | 2024-05-02 16:52:48 | Deep Dive |
| CVE-2024-3500 | ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets | wpmet | ElementsKit Pro | High | 8.8 | 2024-05-02 16:52:38 | Deep Dive |
| CVE-2024-3215 | Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.3 | 2024-05-02 16:52:30 | Deep Dive |
| CVE-2024-4406 | Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability | Xiaomi | Pro 13 | 高危 | - | 2024-05-02 15:02:49 | Deep Dive |
| CVE-2024-4405 | Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability | Xiaomi | Pro 13 | 高危 | - | 2024-05-02 15:02:41 | Deep Dive |
| CVE-2024-33911 | WordPress The School Management Pro plugin <= 10.3.4 - SQL Injection vulnerability | Weblizar | School Management Pro | High | 7.6 | 2024-05-02 11:10:19 | Deep Dive |
| CVE-2024-33635 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Arbitrary Post/Page Deletion vulnerability | Piotnet | Piotnet Addons For Elementor Pro | High | 7.5 | 2024-04-29 08:23:22 | Deep Dive |
| CVE-2024-33634 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability | Piotnet | Piotnet Addons For Elementor Pro | Medium | 5.4 | 2024-04-29 07:44:51 | Deep Dive |
| CVE-2024-33632 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Cross Site Request Forgery (CSRF) vulnerability | Piotnet | Piotnet Addons For Elementor Pro | Medium | 5.4 | 2024-04-29 05:58:58 | Deep Dive |
| CVE-2024-33631 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Authenticated Stored Cross Site Scripting (XSS) vulnerability | Piotnet | Piotnet Addons For Elementor Pro | Medium | 6.5 | 2024-04-29 05:07:56 | Deep Dive |
| CVE-2024-33633 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Reflected Cross Site Scripting (XSS) vulnerability | Piotnet | Piotnet Addons For Elementor Pro | High | 7.1 | 2024-04-29 05:06:17 | Deep Dive |
| CVE-2024-3682 | WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File | renehermi | WP STAGING – WordPress Backup, Restore & Migration | Medium | 5.3 | 2024-04-26 09:29:52 | Deep Dive |
| CVE-2024-32676 | WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability | LoginPress | LoginPress Pro | Medium | 5.3 | 2024-04-25 10:43:41 | Deep Dive |
| CVE-2024-32677 | WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability | LoginPress | LoginPress Pro | Medium | 5.3 | 2024-04-24 15:24:52 | Deep Dive |
| CVE-2024-32793 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability | Paid Memberships Pro | Paid Memberships Pro | Medium | 5.4 | 2024-04-24 14:56:56 | Deep Dive |
| CVE-2024-32794 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability | Paid Memberships Pro | Paid Memberships Pro | Medium | 4.3 | 2024-04-24 14:55:50 | Deep Dive |
| CVE-2024-32952 | WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Reflected Cross Site Scripting (XSS) vulnerability | BloomPixel | Max Addons Pro for Bricks | High | 7.1 | 2024-04-24 08:24:27 | Deep Dive |
| CVE-2024-32951 | WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Unauthenticated Plugin Settings Reset vulnerability | BloomPixel | Max Addons Pro for Bricks | Medium | 6.5 | 2024-04-24 06:59:04 | Deep Dive |