| CVE-2024-44020 | WordPress WP Free SSL plugin <= 1.2.6 - Broken Access Control vulnerability | prasadkirpekar | WP Free SSL – Free SSL Certificate for WordPress and force HTTPS | Medium | 4.3 | 2024-11-01 14:17:09 | Deep Dive |
| CVE-2024-10223 | HT Team Member <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember Shortcode | htplugins | WP Team – WordPress Team Member Plugin | Medium | 6.4 | 2024-10-30 06:43:36 | Deep Dive |
| CVE-2024-8871 | Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.5 - Reflected Cross-Site Scripting | fatcatapps | Pricing Table WordPress Plugin – Easy Pricing Tables | Medium | 6.1 | 2024-10-30 05:32:15 | Deep Dive |
| CVE-2024-50466 | WordPress DarkMySite – Advanced Dark Mode Plugin for WordPress plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) vulnerability | DarkMySite | DarkMySite – Advanced Dark Mode Plugin for WordPress | Medium | 4.3 | 2024-10-29 16:34:22 | Deep Dive |
| CVE-2024-7985 | FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload | softaculous | FileOrganizer – WordPress File Manager | High | 7.5 | 2024-10-29 15:31:55 | Deep Dive |
| CVE-2024-9505 | Beaver Builder – WordPress Page Builder <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 6.4 | 2024-10-29 13:53:56 | Deep Dive |
| CVE-2024-50415 | WordPress Ads.txt & App-ads.txt Manager for WordPress plugin <= 1.1.7.1 - Stored Cross Site Scripting (XSS) vulnerability | Pagup | Ads.txt & App-ads.txt Manager for WordPress | Medium | 5.9 | 2024-10-29 08:46:13 | Deep Dive |
| CVE-2024-10000 | Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Stored Cross-Site Scripting via Ask a Question Functionality | masteriyo | Masteriyo LMS – Online Course Builder for eLearning, LMS & Education | Medium | 6.4 | 2024-10-29 05:32:39 | Deep Dive |
| CVE-2024-10008 | Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege Escalation | masteriyo | Masteriyo LMS – Online Course Builder for eLearning, LMS & Education | High | 8.8 | 2024-10-29 05:32:38 | Deep Dive |
| CVE-2024-50496 | WordPress AR For WordPress plugin <= 6.6 - Arbitrary File Upload vulnerability | webandprint | AR For WordPress | Critical | 10.0 | 2024-10-28 20:54:41 | Deep Dive |
| CVE-2024-8392 | WordPress Post Grid Layouts with Pagination – Sogrid <= 1.5.6 - Authenticated (Admin+) Local File Inclusion | delabon | WordPress Post Grid Layouts with Pagination – Sogrid | High | 7.2 | 2024-10-26 08:36:02 | Deep Dive |
| CVE-2024-9613 | FormFacade – WordPress plugin for Google Forms <= 1.3.6 - Reflected Cross-Site Scripting | manidoraisamy | FormFacade – Embed Google Forms in your website | Medium | 6.1 | 2024-10-26 02:31:32 | Deep Dive |
| CVE-2024-8959 | WP Adminify – Best WordPress Custom Dashboard Plugin <= 4.0.1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | litonice13 | WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer | Medium | 6.4 | 2024-10-24 11:34:09 | Deep Dive |
| CVE-2024-8667 | HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.10.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Publication | nlemsieh | HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce | Medium | 4.3 | 2024-10-24 07:35:57 | Deep Dive |
| CVE-2024-10250 | Nioland <= 1.2.6 - Reflected Cross-Site Scripting via s | SteelThemes | Nioland - SaaS & Software Startup Tech WordPress Theme | Medium | 6.1 | 2024-10-23 13:58:41 | Deep Dive |
| CVE-2024-49627 | WordPress WordPress Image SEO plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability | Noor Alam | WordPress Image SEO | Medium | 4.3 | 2024-10-20 10:11:43 | Deep Dive |
| CVE-2024-9219 | WordPress Social Share Buttons <= 1.19 - Reflected Cross-Site Scripting | maxfoundry | Social Share Buttons | Medium | 6.1 | 2024-10-19 03:09:51 | Deep Dive |
| CVE-2024-9593 | Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution | Scott Paterson | Time Clock Pro | High | 8.3 | 2024-10-18 17:32:31 | Deep Dive |
| CVE-2024-9674 | Debrandify · Remove or Replace WordPress Branding <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | morceaudebois | Debrandify · Remove or Replace WordPress Branding | Medium | 6.4 | 2024-10-18 11:02:56 | Deep Dive |
| CVE-2024-49231 | WordPress WordPress Video plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | cyclop | WordPress Video | Medium | 6.5 | 2024-10-18 09:52:22 | Deep Dive |