| CVE-2024-6562 | affiliate-toolkit <= 3.5.5 - Unauthenticated Full Path Dislcosure | cservit | affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display | Medium | 5.3 | 2024-08-09 09:30:14 | Deep Dive |
| CVE-2024-7548 | LearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | High | 8.8 | 2024-08-08 05:31:46 | Deep Dive |
| CVE-2024-5668 | Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes | fooplugins | Lightbox & Modal Popup WordPress Plugin – FooBox | Medium | 6.4 | 2024-08-08 04:31:33 | Deep Dive |
| CVE-2024-6869 | Falang multilanguage for WordPress <= 1.3.52 - Missing Authorization to Translation Update and Information Exposure | sbouey | Falang multilanguage for WordPress | Medium | 5.4 | 2024-08-08 04:11:38 | Deep Dive |
| CVE-2024-6494 | WordPress File Upload < 4.24.8 - Unauthenticated Stored XSS | Unknown | WordPress File Upload | - | - | 2024-08-07 06:00:06 | Deep Dive |
| CVE-2024-6651 | WordPress File Upload < 4.24.8 - Reflected XSS | Unknown | WordPress File Upload | - | - | 2024-08-06 06:00:03 | Deep Dive |
| CVE-2024-7484 | CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload | crmperks | CRM Perks Forms – WordPress Form Builder | High | 7.2 | 2024-08-06 01:49:57 | Deep Dive |
| CVE-2024-6498 | CollectChat < 2.4.4 - Admin+ XSS | Unknown | Chatbot for WordPress by Collect.chat ⚡️ | - | - | 2024-08-05 06:00:08 | Deep Dive |
| CVE-2024-6872 | Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme Update | templatespare | TemplateSpare – 1000+ WordPress Starter Templates & Full Site Migration Tool | 1-Click Import/Export & No-Code Builder | Medium | 4.3 | 2024-08-03 11:37:39 | Deep Dive |
| CVE-2024-3238 | WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion | looks_awesome | WordPress Menu Plugin — Superfly Responsive Menu | High | 8.8 | 2024-08-02 06:41:38 | Deep Dive |
| CVE-2024-2455 | Element Pack - Addon for Elementor Page Builder WordPress Plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL | BDThemes | Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin | Medium | 6.4 | 2024-08-01 12:43:27 | Deep Dive |
| CVE-2024-6770 | Lifetime free Drag & Drop Contact Form Builder for WordPress VForm <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting | vikasratudi | VPSUForm – Drag & Drop Contact Form Builder with Email Automation | High | 7.2 | 2024-07-31 05:30:57 | Deep Dive |
| CVE-2024-6569 | Campaign Monitor for WordPress <= 2.8.15 - Unauthenticated Full Path Disclosure | vibhorchhabra | Campaign Monitor for WordPress | Medium | 5.3 | 2024-07-27 08:36:23 | Deep Dive |
| CVE-2024-6591 | Ultimate WordPress Auction Plugin <= 4.2.7 - Missing Authorization to Unauthenticated Email Creation | nitesh_singh | Ultimate WordPress Auction Plugin | Medium | 5.8 | 2024-07-27 01:51:03 | Deep Dive |
| CVE-2024-6589 | LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | High | 8.8 | 2024-07-25 10:59:52 | Deep Dive |
| CVE-2024-6836 | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update | amans2k | FunnelKit – Funnel Builder for WooCommerce Checkout | Medium | 4.3 | 2024-07-24 05:31:56 | Deep Dive |
| CVE-2024-5861 | WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection | saadiqbal | WP Easy Pay – Payment and Donation form Builder for Square | Medium | 5.3 | 2024-07-24 03:17:16 | Deep Dive |
| CVE-2024-37239 | WordPress Branda plugin <= 3.4.17 - Cross Site Scripting (XSS) vulnerability | WPMU DEV - Your All-in-One WordPress Platform | Branda | Medium | 5.9 | 2024-07-22 09:14:17 | Deep Dive |
| CVE-2024-37259 | WordPress WP Extended plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability | WP Extended | The Ultimate WordPress Toolkit – WP Extended | High | 7.1 | 2024-07-22 09:04:54 | Deep Dive |
| CVE-2024-37262 | WordPress Online Booking & Scheduling Calendar plugin <= 4.4.2 - Reflected Cross Site Scripting (XSS) vulnerability | vCita.com | Online Booking & Scheduling Calendar for WordPress by vcita | High | 7.1 | 2024-07-22 09:02:50 | Deep Dive |