| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-9364 | SendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log Deletion | smackcoders | SendGrid for WordPress | Medium | 4.3 | 2024-10-18 04:32:56 | Deep Dive |
| CVE-2024-49280 | WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.6 - Cross Site Scripting (XSS) vulnerability | Weblizar - WordPress Themes & Plugin | Lightbox slider – Responsive Lightbox Gallery | Medium | 6.5 | 2024-10-17 19:16:53 | Deep Dive |
| CVE-2024-49302 | WordPress WordPress Portfolio Builder – Portfolio Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability | portfoliohub | WordPress Portfolio Builder – Portfolio Gallery | Medium | 6.5 | 2024-10-17 18:50:42 | Deep Dive |
| CVE-2024-49322 | WordPress Job Board Manager for WordPress plugin <= 1.0 - Privilege Escalation vulnerability | CodePassenger | Job Board Manager for WordPress | - | - | 2024-10-17 17:38:30 | Deep Dive |
| CVE-2024-9347 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.9 - Reflected Cross-Site Scripting | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 6.1 | 2024-10-17 03:32:50 | Deep Dive |
| CVE-2024-49258 | WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Download vulnerability | Limbcode | WordPress Gallery Plugin – Limb Image Gallery | Medium | 6.5 | 2024-10-16 13:45:18 | Deep Dive |
| CVE-2024-49260 | WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability | Limbcode | WordPress Gallery Plugin – Limb Image Gallery | Critical | 9.9 | 2024-10-16 13:38:04 | Deep Dive |
| CVE-2021-4452 | Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting | edo888 | Translate WordPress – Google Language Translator | High | 7.1 | 2024-10-16 07:31:52 | Deep Dive |
| CVE-2020-36839 | WP Lead Plus X <= 0.99 - Cross-Site Request Forgery | bc2018 | WordPress Landing Page – Squeeze Page – Responsive Landing Page Builder Free – WP Lead Plus X | High | 8.3 | 2024-10-16 06:43:45 | Deep Dive |
| CVE-2022-4973 | WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function | WordPress Foundation | WordPress | Medium | 4.9 | 2024-10-16 06:43:42 | Deep Dive |
| CVE-2016-15041 | MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting | mainwp | MainWP Dashboard: Self-hosted WordPress Management for Agencies | High | 7.2 | 2024-10-16 06:43:40 | Deep Dive |
| CVE-2019-25215 | ARI-Adminer <= 1.1.14 - Missing Authorization and No Direct File Access Restrictions | arisoft | ARI Adminer – WordPress Database Manager | High | 7.3 | 2024-10-16 06:43:34 | Deep Dive |
| CVE-2012-10018 | Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting | sekler | Mapplic Lite | High | 8.3 | 2024-10-16 06:43:33 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2020-36838 | Facebook Chat Plugin <= 1.5 - Missing Capabilities Check | Facebook Chat Plugin – Live Chat Plugin for WordPress | High | 7.4 | 2024-10-16 06:43:28 | Deep Dive | |
| CVE-2021-4449 | ZoomSounds <= 5.96 - Unauthenticated Arbitrary File Upload | ZoomIt | ZoomSounds - WordPress Wave Audio Player with Playlist | Critical | 9.8 | 2024-10-16 06:43:25 | Deep Dive |
| CVE-2021-4443 | WordPress Mega Menu <= 2.0.6 - Arbitrary File Creation | quadlayers | QuadMenu – Mega Menu | Critical | 9.8 | 2024-10-16 06:43:24 | Deep Dive |
| CVE-2024-9595 | TablePress <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting | tobiasbg | TablePress – Tables in WordPress made easy | Medium | 6.4 | 2024-10-12 08:41:07 | Deep Dive |
| CVE-2024-9047 | WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php | nickboss | Iptanus File Upload | Critical | 9.8 | 2024-10-12 06:51:12 | Deep Dive |
| CVE-2024-7514 | WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal | webtoffee | Comments Import & Export | Medium | 6.5 | 2024-10-11 08:30:45 | Deep Dive |