| CVE-2024-5191 | Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.17 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload | wpmudev | Branda – White Label & Branding, Free Login Page Customizer | Medium | 6.4 | 2024-06-21 06:58:19 | Deep Dive |
| CVE-2024-5756 | Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.8 | 2024-06-21 04:34:11 | Deep Dive |
| CVE-2024-4742 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.5 | 2024-06-20 02:08:20 | Deep Dive |
| CVE-2023-6692 | Ultimate Blocks – WordPress Blocks Plugin <= 3.0.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via metabox | ultimateblocks | Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor | Medium | 6.4 | 2024-06-19 05:37:44 | Deep Dive |
| CVE-2024-5021 | WordPress Picture / Portfolio / Media Gallery <= 3.0.1 - Unauthenticated Server-Side Request Forgery | nimble3 | WordPress Picture / Portfolio / Media Gallery | Critical | 9.3 | 2024-06-19 03:12:29 | Deep Dive |
| CVE-2024-3276 | FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS | Unknown | Lightbox & Modal Popup WordPress Plugin | - | - | 2024-06-18 06:00:02 | Deep Dive |
| CVE-2023-5527 | Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection | strategy11team | Business Directory Plugin – Easy Listing Directories for WordPress | High | 7.4 | 2024-06-18 05:38:14 | Deep Dive |
| CVE-2024-5860 | Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion | tickera | Tickera – Sell Tickets & Manage Events | Medium | 4.3 | 2024-06-18 03:13:36 | Deep Dive |
| CVE-2024-1634 | Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Missing Authorization to Unauthenticated Service Disconnection | startbooking | Scheduling Plugin – Online Booking for WordPress | Medium | 6.5 | 2024-06-18 02:37:13 | Deep Dive |
| CVE-2024-5541 | Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update | vowelweb | Ibtana – WordPress Website Builder | Medium | 5.3 | 2024-06-18 02:37:13 | Deep Dive |
| CVE-2024-4305 | PostX < 4.1.0 - Contributor+ Stored XSS | Unknown | Post Grid Gutenberg Blocks and WordPress Blog Plugin | - | - | 2024-06-17 06:00:01 | Deep Dive |
| CVE-2024-3815 | Newspaper <= 12.6.5 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta | - | Newspaper - News & WooCommerce WordPress Theme | Medium | 5.5 | 2024-06-15 02:01:59 | Deep Dive |
| CVE-2024-3977 | WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS | Unknown | WordPress Jitsi Shortcode | - | - | 2024-06-14 06:00:04 | Deep Dive |
| CVE-2024-3978 | WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode | Unknown | WordPress Jitsi Shortcode | - | - | 2024-06-14 06:00:04 | Deep Dive |
| CVE-2024-5551 | WP STAGING PRO - Backup Duplicator & Migration <= 5.6.0 - Cross-Site Request Forgery to Limited Local File Inclusion | WPStaging | WP STAGING Pro WordPress Backup Plugin | High | 7.5 | 2024-06-14 05:39:14 | Deep Dive |
| CVE-2024-3073 | Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI | smub | Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more | Low | 2.7 | 2024-06-13 08:31:31 | Deep Dive |
| CVE-2024-4845 | Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | High | 8.8 | 2024-06-12 09:33:12 | Deep Dive |
| CVE-2024-5468 | WordPress Header Builder Plugin – Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion | stylemix | Pearl – Header Builder | Medium | 6.5 | 2024-06-12 08:33:20 | Deep Dive |
| CVE-2024-0427 | Arforms < 6.4.1 - Reflected XSS | Unknown | ARForms - Premium WordPress Form Builder Plugin | - | - | 2024-06-12 06:00:02 | Deep Dive |
| CVE-2023-52183 | WordPress WordPress Backup & Migration plugin <= 1.4.3 - Broken Access Control vulnerability | WebToffee | WordPress Backup & Migration | Medium | 5.4 | 2024-06-11 13:37:13 | Deep Dive |