| CVE-2024-3849 | Click to Chat – HoliThemes <= 3.35 - Authenticated (Contributor+) Local File Inclusion | holithemes | Click to Chat – HoliThemes | High | 8.8 | 2024-05-02 16:52:55 | Deep Dive |
| CVE-2024-2667 | InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload | instawp | InstaWP Connect – 1-click WP Staging & Migration | Critical | 9.8 | 2024-05-02 16:52:53 | Deep Dive |
| CVE-2024-33678 | WordPress ClickCease Click Fraud Protection plugin <= 3.2.7 - Cross Site Request Forgery (CSRF) vulnerability | eranfl | ClickCease Click Fraud Protection | Medium | 4.3 | 2024-04-26 10:42:22 | Deep Dive |
| CVE-2024-0900 | Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! <= 2.1.2 - Missing Authorization to Subscriber+ Arbitrary Post Creation | elespare | EleSpare – News, Magazine and Blog Addons for Elementor | Medium | 4.3 | 2024-04-23 08:32:54 | Deep Dive |
| CVE-2023-7046 | WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score <= 7.0 - Sensitive Information Exposure via insufficiently protected files | gowebsmarty | WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan | High | 7.5 | 2024-04-09 18:59:01 | Deep Dive |
| CVE-2024-2702 | WordPress Olive One Click Demo Import plugin <= 1.1.1 - Broken Access Control vulnerability | Olive Themes | Olive One Click Demo Import | High | 8.2 | 2024-03-20 09:36:45 | Deep Dive |
| CVE-2024-21749 | WordPress 1 click disable all Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF) | Atakan Au | 1 click disable all | Medium | 5.4 | 2024-02-28 16:31:09 | Deep Dive |
| CVE-2024-23514 | WordPress Click To Tweet Plugin <= 2.0.14 is vulnerable to Cross Site Scripting (XSS) | ClickToTweet.com | Click To Tweet | Medium | 6.5 | 2024-02-10 08:16:23 | Deep Dive |
| CVE-2024-0869 | Instant Images <= 6.1.0 - Authenticated (Author+) Arbitrary Options Update | connekthq | Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy | High | 8.8 | 2024-02-05 21:21:34 | Deep Dive |
| CVE-2023-5041 | Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection | Unknown | Track The Click | 高危 | - | 2024-01-17 14:27:27 | Deep Dive |
| CVE-2023-52197 | WordPress Ads Invalid Click Protection Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | Impactpixel | Ads Invalid Click Protection | Medium | 5.9 | 2024-01-08 20:25:06 | Deep Dive |
| CVE-2023-51361 | WordPress Sticky Chat Widget Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS) | Ginger Plugins | Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button | Medium | 5.9 | 2023-12-29 11:01:30 | Deep Dive |
| CVE-2023-29102 | WordPress Olive One Click Demo Import Plugin <= 1.1.1 is vulnerable to Arbitrary File Upload | Olive Themes | Olive One Click Demo Import | Critical | 9.1 | 2023-12-20 19:09:58 | Deep Dive |
| CVE-2023-49771 | WordPress Smart External Link Click Monitor [Link Log] Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS) | Peter Raschendorfer | Smart External Link Click Monitor [Link Log] | High | 7.1 | 2023-12-14 15:48:21 | Deep Dive |
| CVE-2023-49770 | WordPress Smart External Link Click Monitor [Link Log] Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS) | Peter Raschendorfer | Smart External Link Click Monitor [Link Log] | Medium | 5.9 | 2023-12-14 15:45:10 | Deep Dive |
| CVE-2022-4954 | Waiting: One-click countdowns <= 0.6.2 - Authenticated (Administrator+) Cross-Site Scripting | pluginbuilders | Waiting: One-click countdowns | Medium | 5.5 | 2023-10-20 06:35:15 | Deep Dive |
| CVE-2023-41856 | WordPress Click To Tweet Plugin <= 2.0.14 is vulnerable to Cross Site Scripting (XSS) | ClickToTweet.com | Click To Tweet | High | 7.1 | 2023-10-02 08:42:01 | Deep Dive |
| CVE-2023-4000 | Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery | pluginbuilders | Waiting: One-click countdowns | Medium | 6.3 | 2023-08-31 05:33:12 | Deep Dive |
| CVE-2023-3999 | Waiting: One-click countdowns <= 0.6.2 - Missing Authorization | pluginbuilders | Waiting: One-click countdowns | Medium | 6.3 | 2023-08-31 05:33:05 | Deep Dive |
| CVE-2023-36678 | WordPress WP Content Copy Protection & No Right Click Plugin <= 3.5.5 is vulnerable to Cross Site Scripting (XSS) | WP-buy | WP Content Copy Protection & No Right Click | Medium | 5.9 | 2023-08-05 22:46:28 | Deep Dive |