| CVE-2024-9049 | Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 6.4 | 2024-09-27 06:53:58 | Deep Dive |
| CVE-2024-8771 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 4.3 | 2024-09-26 15:30:34 | Deep Dive |
| CVE-2022-4541 | WordPress Visitors <= 1.0 - Unauthenticated Stored Cross-Site Scripting via HTTP Header | nitinmaurya12 | WordPress Visitors | High | 7.2 | 2024-09-26 09:29:43 | Deep Dive |
| CVE-2024-43237 | WordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerability | Steve Burge | WordPress Tag Cloud Plugin – Tag Groups | Medium | 5.3 | 2024-09-25 14:49:00 | Deep Dive |
| CVE-2024-6845 | SmartSearchWP < 2.4.6 - Unauthenticated OpenAI Key Disclosure | Unknown | Chatbot with ChatGPT WordPress | - | - | 2024-09-25 06:00:05 | Deep Dive |
| CVE-2024-8658 | myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database Upgrade | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 5.3 | 2024-09-25 05:32:10 | Deep Dive |
| CVE-2024-7385 | WordPress Simple HTML Sitemap <= 3.1 - Authenticated (Admin+) SQL Injection | ashishajani | WP Simple HTML Sitemap | Critical | 9.1 | 2024-09-25 03:27:41 | Deep Dive |
| CVE-2024-9073 | GutenGeek Free Gutenberg Blocks for WordPress <= 1.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | wpopal | GutenGeek Free Gutenberg Blocks for WordPress | Medium | 6.4 | 2024-09-25 02:05:27 | Deep Dive |
| CVE-2024-6590 | Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update | javmah | WPGSI: Spreadsheet Integration | Medium | 6.3 | 2024-09-25 02:05:25 | Deep Dive |
| CVE-2024-8434 | Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates | themehunk | Easy Mega Menu for WordPress – ThemeHunk | Medium | 4.3 | 2024-09-25 02:05:24 | Deep Dive |
| CVE-2024-9069 | Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | besnikac | Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) | Medium | 6.4 | 2024-09-25 02:05:07 | Deep Dive |
| CVE-2024-8437 | WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulation | hahncgdev | WP Easy Gallery – WordPress Gallery Plugin | Medium | 4.3 | 2024-09-24 07:30:46 | Deep Dive |
| CVE-2024-8436 | WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Authenticated (Subscriber+) SQL Injection | hahncgdev | WP Easy Gallery – WordPress Gallery Plugin | Critical | 9.9 | 2024-09-24 07:30:46 | Deep Dive |
| CVE-2024-8267 | Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute | princeahmed | Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player | Medium | 6.4 | 2024-09-24 06:40:55 | Deep Dive |
| CVE-2024-8791 | Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation | smub | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | Critical | 9.8 | 2024-09-24 02:31:01 | Deep Dive |
| CVE-2024-8680 | MailChimp for Wordpress <= 4.9.16 - Authenticated (Administrator+) Stored Cross-Site Scripting | dvankooten | MC4WP: Mailchimp for WordPress | Medium | 4.4 | 2024-09-21 08:35:55 | Deep Dive |
| CVE-2022-4533 | Limit Login Attempts Plus <= 1.1.0 - IP Address Spoofing to Protection Mechanism Bypass | devfelixmoira | Limit Login Attempts Plus – WordPress Limit Login Attempts By Felix | Medium | 5.3 | 2024-09-19 03:59:15 | Deep Dive |
| CVE-2024-8850 | MC4WP: Mailchimp for WordPress 4.9.9 - 4.9.16 - Reflected Cross-Site Scripting | dvankooten | MC4WP: Mailchimp for WordPress | Medium | 6.1 | 2024-09-19 03:59:14 | Deep Dive |
| CVE-2024-8714 | WordPress Affiliates Plugin — SliceWP Affiliates <= 1.1.20 - Reflected Cross-Site Scripting | iovamihai | Affiliate Program Suite — SliceWP Affiliates | Medium | 6.1 | 2024-09-13 15:10:38 | Deep Dive |
| CVE-2024-8522 | LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields' | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Critical | 10.0 | 2024-09-12 08:30:47 | Deep Dive |