| CVE-2021-25076 | WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting | Unknown | WP User Frontend – Membership, Profile, Registration & Post Submission Plugin for WordPress | 高危 | - | 2022-01-24 08:01:24 | Deep Dive |
| CVE-2021-24968 | Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation | Unknown | Ultimate FAQ – WordPress FAQ and Accordion Plugin | 中危 | - | 2022-01-24 08:00:59 | Deep Dive |
| CVE-2021-24965 | Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting | Unknown | Five Star Restaurant Reservations – WordPress Booking Plugin | 中危 | - | 2022-01-24 08:00:57 | Deep Dive |
| CVE-2021-24858 | WP Cookie User Info < 1.0.9 - Admin+ SQL Injection | Unknown | Cookie Notification Plugin for WordPress – WP Cookie User Info | 高危 | - | 2022-01-24 08:00:50 | Deep Dive |
| CVE-2021-24423 | UpdraftPlus < 1.16.59 - Admin+ Stored Cross-Site Scripting | Unknown | UpdraftPlus WordPress Backup Plugin | 中危 | - | 2022-01-24 08:00:45 | Deep Dive |
| CVE-2021-44777 | WordPress Email Tracker plugin <= 5.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion | Prashant Baldha | Email Tracker (WordPress plugin) | Medium | 5.4 | 2022-01-19 20:38:59 | Deep Dive |
| CVE-2021-25037 | All In One SEO < 4.1.5.3 - Authenticated SQL Injection | Unknown | All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic | 中危 | - | 2022-01-17 13:00:36 | Deep Dive |
| CVE-2021-25036 | All In One SEO < 4.1.5.3 - Authenticated Privilege Escalation | Unknown | All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic | 高危 | - | 2022-01-17 13:00:34 | Deep Dive |
| CVE-2021-36920 | WordPress plugin Download Monitor <= 4.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability | WPChill | Download Monitor (WordPress plugin) | Medium | 4.8 | 2022-01-14 19:11:39 | Deep Dive |
| CVE-2021-23227 | WordPress PHP Everywhere Plugin <= 2.0.2 is vulnerable to Cross Site Request Forgery (CSRF) | Alexander Fuchs | PHP Everywhere (WordPress plugin) | Medium | 5.4 | 2022-01-13 20:27:29 | Deep Dive |
| CVE-2021-25022 | UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting | Unknown | UpdraftPlus WordPress Backup Plugin | 中危 | - | 2022-01-03 12:49:15 | Deep Dive |
| CVE-2021-36886 | WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery (CSRF) vulnerability | CipherCoin | Contact Form 7 Database Addon – CFDB7 (WordPress plugin) | Medium | 6.5 | 2021-12-22 18:06:47 | Deep Dive |
| CVE-2021-36885 | WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability | CipherCoin | Contact Form 7 Database Addon – CFDB7 (WordPress plugin) | Medium | 6.1 | 2021-12-22 18:06:39 | Deep Dive |
| CVE-2021-36887 | WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) | Tarteaucitron | tarteaucitron.js – Cookies legislation & GDPR (WordPress plugin) | Medium | 6.1 | 2021-12-20 20:08:23 | Deep Dive |
| CVE-2021-36889 | WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities | Tarteaucitron | tarteaucitron.js – Cookies legislation & GDPR (WordPress plugin) | Low | 3.4 | 2021-12-20 20:08:22 | Deep Dive |
| CVE-2021-36888 | WordPress Image Hover Effects Ultimate plugin <= 9.6.1 - Unauthenticated Arbitrary Options Update leading to full website compromise | Oxilab | Image Hover Effects Ultimate (WordPress plugin) | Critical | 9.8 | 2021-12-15 18:06:58 | Deep Dive |
| CVE-2021-24951 | LearnPress < 4.1.4 - Admin+ SQL Injection | Unknown | LearnPress – WordPress LMS Plugin | 超危 | - | 2021-12-13 10:41:26 | Deep Dive |
| CVE-2021-36911 | WordPress Comment Engine Pro plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability | @rex1989 | Comment Engine Pro (WordPress plugin) | Medium | 4.8 | 2021-12-10 16:47:40 | Deep Dive |
| CVE-2021-24930 | Bookly < 20.3.1 - Staff Member Stored Cross-Site Scripting | Unknown | WordPress Online Booking and Scheduling Plugin – Bookly | 中危 | - | 2021-12-06 15:55:32 | Deep Dive |
| CVE-2021-24718 | ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting | Unknown | Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder | 中危 | - | 2021-12-06 15:55:24 | Deep Dive |