| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-44738 | WordPress Posts and Users Stats Plugin <= 1.1.3 is vulnerable to CSV Injection | Patrick Robrecht | Posts and Users Stats | 高危 | - | 2023-11-07 17:08:56 | Deep Dive |
| CVE-2022-45348 | WordPress amr users Plugin <= 4.59.4 is vulnerable to CSV Injection | anmari | amr users | 高危 | - | 2023-11-07 16:52:15 | Deep Dive |
| CVE-2022-46804 | WordPress Export Users Data Distinct Plugin <= 1.3 is vulnerable to CSV Injection | Narola Infotech Solutions LLP | Export Users Data Distinct | 高危 | - | 2023-11-07 16:43:31 | Deep Dive |
| CVE-2023-46777 | WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF) | - | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha | 中危 | - | 2023-11-06 11:06:58 | Deep Dive |
| CVE-2023-4153 | BAN Users <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update & Privilege Escalation | webxmedia | BAN Users | High | 8.8 | 2023-09-13 02:54:12 | Deep Dive |
| CVE-2023-4779 | User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | specialk | User Submitted Posts – Enable Users to Submit Posts from the Front End | Medium | 6.4 | 2023-09-06 06:41:22 | Deep Dive |
| CVE-2023-4023 | All Users Messenger <= 1.24 - Subscriber+ Message Deletion via IDOR | Unknown | All Users Messenger | 中危 | - | 2023-08-30 14:22:04 | Deep Dive |
| CVE-2023-3958 | WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery | frogerme | WP Remote Users Sync | High | 8.5 | 2023-08-16 04:36:01 | Deep Dive |
| CVE-2023-4374 | WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View | frogerme | WP Remote Users Sync | Medium | 4.3 | 2023-08-16 04:36:01 | Deep Dive |
| CVE-2023-4308 | User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content' | specialk | User Submitted Posts – Enable Users to Submit Posts from the Front End | High | 7.2 | 2023-08-15 07:32:37 | Deep Dive |
| CVE-2023-4142 | WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | High | 8.0 | 2023-08-04 02:04:31 | Deep Dive |
| CVE-2023-4141 | WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | High | 8.0 | 2023-08-04 02:04:29 | Deep Dive |
| CVE-2023-4139 | WP Ultimate CSV Importer <= 7.9.8 - Sensitive Information Exposure via Directory Listing | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | High | 7.5 | 2023-08-04 02:04:27 | Deep Dive |
| CVE-2023-4140 | WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | Medium | 6.6 | 2023-08-04 02:04:25 | Deep Dive |
| CVE-2023-3459 | Export and Import Users and Customers <= 2.4.1 - Missing Authorization to Authenticated (Shop Manager) Arbitrary User Password Change | webtoffee | Export and Import Users and Customers | High | 7.2 | 2023-07-18 02:39:25 | Deep Dive |
| CVE-2023-34005 | WordPress Front End Users Plugin <= 3.2.24 is vulnerable to Cross Site Request Forgery (CSRF) | Etoile Web Design | Front End Users | Medium | 6.5 | 2023-07-17 14:46:13 | Deep Dive |
| CVE-2019-25138 | User Submitted Posts <= 20190312 - Unauthenticated Arbitrary File Upload | specialk | User Submitted Posts – Enable Users to Submit Posts from the Front End | Critical | 9.8 | 2023-06-07 01:51:22 | Deep Dive |
| CVE-2023-2488 | Stop Spammers Security < 2023 - Reflected XSS | Unknown | Stop Spammers Security | Block Spam Users, Comments, Forms | 中危 | - | 2023-06-05 13:38:59 | Deep Dive |
| CVE-2023-2489 | Stop Spammers Security < 2023 - Admin+ Stored XSS | Unknown | Stop Spammers Security | Block Spam Users, Comments, Forms | 中危 | - | 2023-06-05 13:38:59 | Deep Dive |
| CVE-2023-2545 | WordPress Plugin Feather Login Page 安全漏洞 | featherplugins | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha | High | 8.1 | 2023-05-31 02:40:21 | Deep Dive |