| CVE-2024-12504 | Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | videowhisper | Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP | Medium | 6.4 | 2025-01-23 11:13:28 | Deep Dive |
| CVE-2025-22824 | WordPress Live Flight Radar Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | lucia.intelisano | Live Flight Radar | Medium | 6.5 | 2025-01-09 15:38:58 | Deep Dive |
| CVE-2024-12464 | Chatroll Live Chat <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | chatroll | Chatroll Live Chat | Medium | 6.4 | 2025-01-07 05:23:55 | Deep Dive |
| CVE-2024-12416 | Woomotiv <= 3.6.1 - Unauthenticated SQL Injection | delabon | Live Sales Notification for Woocommerce – Woomotiv | High | 7.5 | 2025-01-07 03:21:57 | Deep Dive |
| CVE-2024-12541 | Chative Live chat and Chatbot <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Function | chative | Chative Live chat and Chatbot | Medium | 5.4 | 2025-01-07 03:21:56 | Deep Dive |
| CVE-2024-38790 | WordPress Smartsupp plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability | Smartsupp | Smartsupp – live chat, chatbots, AI and lead generation | Medium | 6.5 | 2025-01-02 12:01:09 | Deep Dive |
| CVE-2023-45828 | WordPress RumbleTalk Live Group Chat plugin <= 6.2.5 - Broken Access Control vulnerability | RumbleTalk | RumbleTalk Live Group Chat | 中危 | - | 2025-01-02 11:59:56 | Deep Dive |
| CVE-2024-11877 | Cricket Live Score <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpscore | Cricket Live Score | Medium | 6.4 | 2024-12-14 04:23:47 | Deep Dive |
| CVE-2024-11727 | NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | Medium | 4.4 | 2024-12-12 06:46:33 | Deep Dive |
| CVE-2024-12526 | Arena.IM – Live Blogging for real-time events <= 0.4.1 - Cross-Site Request Forgery to Settings Update | arenaim | Arena.IM – Live Blogging for real-time events | Medium | 4.3 | 2024-12-12 04:23:16 | Deep Dive |
| CVE-2024-12463 | Arena.IM – Live Blogging for real-time events <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode | arenaim | Arena.IM – Live Blogging for real-time events | Medium | 6.4 | 2024-12-12 04:23:13 | Deep Dive |
| CVE-2024-11384 | Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | arenaim | Arena.IM – Live Blogging for real-time events | Medium | 6.4 | 2024-12-12 04:23:12 | Deep Dive |
| CVE-2023-47830 | WordPress Live Preview for Contact Form 7 plugin <= 1.2.0 - Broken Access Control vulnerability | GusRuss89 | Live Preview for Contact Form 7 | Medium | 5.4 | 2024-12-09 11:30:40 | Deep Dive |
| CVE-2024-11601 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | High | 8.1 | 2024-11-22 05:33:41 | Deep Dive |
| CVE-2024-11104 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | High | 8.1 | 2024-11-22 05:33:40 | Deep Dive |
| CVE-2024-9542 | Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | Medium | 4.3 | 2024-11-21 11:02:20 | Deep Dive |
| CVE-2024-51781 | WordPress Firework Shoppable Live Video plugin <= 6.3 - Reflected Cross Site Scripting (XSS) vulnerability | Stefan Backor | Firework Shoppable Live Video | High | 7.1 | 2024-11-09 09:20:56 | Deep Dive |
| CVE-2024-9109 | UPS Live Rates and Access Points <= 2.3.12 - Missing Authorization to Plugin API key reset | octolize | Shipping Live Rates and Access Points for UPS for WooCommerce | Medium | 4.3 | 2024-10-25 05:35:28 | Deep Dive |
| CVE-2024-49235 | WordPress Contact Forms, Live Support, CRM, Video Messages plugin <= 1.10.2 - Sensitive Data Exposure vulnerability | videowhisper | Contact Forms, Live Support, CRM, Video Messages | - | - | 2024-10-17 17:24:18 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |