| CVE-2024-9067 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 4.3 | 2024-10-10 02:06:13 | Deep Dive |
| CVE-2024-8987 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.4 | 2024-10-10 02:06:05 | Deep Dive |
| CVE-2024-9575 | Local File Inclusion in pretix-widget WordPress plugin | rami.io GmbH | pretix Widget WordPress plugin | - | - | 2024-10-09 09:40:45 | Deep Dive |
| CVE-2024-8433 | Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting | themehunk | Easy Mega Menu for WordPress – ThemeHunk | Medium | 6.4 | 2024-10-08 09:33:14 | Deep Dive |
| CVE-2024-47327 | WordPress GEO my WP plugin <= 4.5.0.3 - Reflected Cross Site Scripting (XSS) vulnerability | Eyal Fitoussi | GEO my WordPress | High | 7.1 | 2024-10-06 11:05:43 | Deep Dive |
| CVE-2024-47368 | WordPress Premium Blocks plugin <= 2.1.33 - Cross Site Scripting (XSS) vulnerability | Leap13 | Premium Blocks – Gutenberg Blocks for WordPress | Medium | 6.5 | 2024-10-06 09:42:50 | Deep Dive |
| CVE-2024-47386 | WordPress WP Extended plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability | WP Extended | The Ultimate WordPress Toolkit – WP Extended | High | 7.1 | 2024-10-05 14:50:41 | Deep Dive |
| CVE-2024-47638 | WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | High | 7.1 | 2024-10-05 13:03:22 | Deep Dive |
| CVE-2024-44018 | WordPress Instant Chat WP plugin <= 1.0.5 - Local File Inclusion vulnerability | istmoplugins | Instant Chat Floating Button for WordPress Websites | High | 7.5 | 2024-10-05 12:16:06 | Deep Dive |
| CVE-2024-8743 | Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload | bitpressadmin | File Manager | Medium | 6.8 | 2024-10-05 06:44:11 | Deep Dive |
| CVE-2024-9375 | WordPress Captcha Plugin by Captcha Bank <= 4.0.36 - Reflected Cross-Site Scripting | contact-banker | WordPress Captcha Plugin by Captcha Bank | Medium | 6.1 | 2024-10-04 02:04:56 | Deep Dive |
| CVE-2024-8505 | WordPress Infinite Scroll - Ajax Load More <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via button_label Parameter | dcooney | Ajax Load More – Infinite Scroll, Load More, & Lazy Load | Medium | 6.4 | 2024-10-02 09:32:00 | Deep Dive |
| CVE-2024-8282 | Ibtana – WordPress Website Builder <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute | vowelweb | Ibtana – WordPress Website Builder | Medium | 6.4 | 2024-10-02 09:31:59 | Deep Dive |
| CVE-2024-8254 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 5.4 | 2024-10-02 06:46:02 | Deep Dive |
| CVE-2024-9289 | WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation | RedefiningTheWeb | WordPress & WooCommerce Affiliate Program | Critical | 9.8 | 2024-10-01 08:30:20 | Deep Dive |
| CVE-2024-9018 | WP Easy Gallery <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter | hahncgdev | WP Easy Gallery – WordPress Gallery Plugin | High | 8.8 | 2024-10-01 08:30:17 | Deep Dive |
| CVE-2024-8288 | Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute | adreastrian | Guten Post Layout – An Advanced Post Grid Collection | Medium | 6.4 | 2024-10-01 08:30:15 | Deep Dive |
| CVE-2024-9267 | Easy WordPress Subscribe – Optin Hound <= 1.4.3 - Reflected Cross-Site Scripting via add_query_arg Parameter | optinhound | Easy WordPress Subscribe – Optin Hound | Medium | 6.1 | 2024-10-01 07:30:16 | Deep Dive |
| CVE-2024-8548 | KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions | logoninc | KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin | High | 8.1 | 2024-10-01 07:30:13 | Deep Dive |
| CVE-2024-8632 | KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure | logoninc | KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin | Medium | 6.5 | 2024-10-01 07:30:13 | Deep Dive |