| CVE-2024-8529 | LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields' | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Critical | 10.0 | 2024-09-12 08:30:46 | Deep Dive |
| CVE-2024-7862 | Blog Introduction <= 0.3.0 - Settings Update via CSRF | Unknown | blogintroduction-wordpress-plugin | - | - | 2024-09-12 06:00:07 | Deep Dive |
| CVE-2024-5799 | CM Pop-Up Banners for WordPress < 1.7.3 - Contributor+ Stored XSS | Unknown | CM Pop-Up Banners for WordPress | - | - | 2024-09-12 06:00:03 | Deep Dive |
| CVE-2024-8045 | Advanced WordPress Backgrounds <= 1.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via imageTag Parameter | nko | Advanced WordPress Backgrounds | Medium | 6.4 | 2024-09-11 07:31:33 | Deep Dive |
| CVE-2024-3899 | Envira Gallery < 1.8.15 - Author+ Stored XSS | Unknown | Gallery Plugin for WordPress | - | - | 2024-09-11 06:00:02 | Deep Dive |
| CVE-2024-7770 | Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload | bitpressadmin | File Manager | High | 8.8 | 2024-09-10 10:59:05 | Deep Dive |
| CVE-2024-7112 | Pinpoint Booking System <= 2.9.9.5.0- Authenticated (Subscriber+) SQL Injection | dotonpaper | Pinpoint Booking System – Version 2 | High | 8.8 | 2024-09-07 11:17:04 | Deep Dive |
| CVE-2024-6849 | Preloader Plus – WordPress Loading Screen Plugin <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | maxsdesign | Preloader Plus – WordPress Loading Screen Plugin | Medium | 6.4 | 2024-09-07 08:37:03 | Deep Dive |
| CVE-2024-8427 | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update | wpshuffle | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin | Medium | 4.3 | 2024-09-06 06:50:55 | Deep Dive |
| CVE-2024-6835 | Ivory Search – WordPress Search Plugin <= 5.5.6 - Information Exposure via AJAX Search Form | vinod-dalvi | Ivory Search – WordPress Search Plugin | Medium | 5.3 | 2024-09-05 06:41:39 | Deep Dive |
| CVE-2024-6846 | SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge | Unknown | Chatbot with ChatGPT WordPress | - | - | 2024-09-05 06:00:02 | Deep Dive |
| CVE-2024-7627 | Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition | bitpressadmin | Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress | High | 8.1 | 2024-09-05 02:04:25 | Deep Dive |
| CVE-2024-8121 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 5.4 | 2024-09-04 06:49:06 | Deep Dive |
| CVE-2024-8123 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 5.4 | 2024-09-04 06:49:06 | Deep Dive |
| CVE-2024-8106 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 6.5 | 2024-09-04 06:49:05 | Deep Dive |
| CVE-2024-8102 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update | wpextended | The Ultimate WordPress Toolkit – WP Extended | High | 8.8 | 2024-09-04 06:49:05 | Deep Dive |
| CVE-2024-8119 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via page | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 6.1 | 2024-09-04 06:49:04 | Deep Dive |
| CVE-2024-8104 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download | wpextended | The Ultimate WordPress Toolkit – WP Extended | High | 8.8 | 2024-09-04 06:49:03 | Deep Dive |
| CVE-2024-8117 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option | wpextended | The Ultimate WordPress Toolkit – WP Extended | Medium | 6.1 | 2024-09-04 06:49:02 | Deep Dive |
| CVE-2024-8319 | Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions | themefic | Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin | Medium | 4.3 | 2024-08-30 07:33:10 | Deep Dive |