| CVE-2024-5584 | WordPress Online Booking and Scheduling Plugin – Bookly <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter | ladela | Online Scheduling and Appointment Booking System – Bookly | Medium | 6.4 | 2024-06-11 09:32:03 | Deep Dive |
| CVE-2024-35720 | WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability | A WP Life | Album Gallery – WordPress Gallery | Medium | 4.3 | 2024-06-10 07:59:38 | Deep Dive |
| CVE-2024-32792 | WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability | WPMU DEV - Your All-in-One WordPress Platform | Hummingbird | Medium | 4.3 | 2024-06-09 12:57:46 | Deep Dive |
| CVE-2024-32818 | WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3 - Broken Access Control vulnerability | realmag777 | WordPress Meta Data and Taxonomies Filter (MDTF) | Medium | 4.3 | 2024-06-09 12:37:11 | Deep Dive |
| CVE-2024-35738 | WordPress Kognetiks Chatbot for WordPress plugin <= 1.9.8 - Cross Site Scripting (XSS) vulnerability | Kognetiks | Kognetiks Chatbot for WordPress | Medium | 6.5 | 2024-06-08 12:43:28 | Deep Dive |
| CVE-2024-4661 | WP Reset <= 2.02 - Missing Authorization to License Key Modification | webfactory | WP Reset | Medium | 4.3 | 2024-06-08 05:44:29 | Deep Dive |
| CVE-2024-5599 | FileOrganizer <= 1.0.7 - Sensitive Information Exposure via Directory Listing | softaculous | FileOrganizer – WordPress File Manager | High | 7.5 | 2024-06-07 12:33:44 | Deep Dive |
| CVE-2023-5424 | WS Form LITE <= 1.9.217 - Unauthenticated CSV Injection | westguard | WS Form LITE – Drag & Drop Contact Form Builder | Medium | 4.7 | 2024-06-07 09:33:36 | Deep Dive |
| CVE-2024-4621 | ArForms < 6.6 - Admin+ Stored XSS | Unknown | ARForms - Premium WordPress Form Builder Plugin | 中危 | - | 2024-06-07 06:00:03 | Deep Dive |
| CVE-2024-4620 | ArForms < 6.6 - Unauthenticated RCE | Unknown | ARForms - Premium WordPress Form Builder Plugin | 中危 | - | 2024-06-07 06:00:02 | Deep Dive |
| CVE-2024-4354 | TablePress – Tables in WordPress made easy <= 2.3 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind | tobiasbg | TablePress – Tables in WordPress made easy | Medium | 6.4 | 2024-06-07 05:33:46 | Deep Dive |
| CVE-2024-36082 | WordPress plugin Music Store 安全漏洞 | CodePeople | Music Store - WordPress eCommerce | 中危 | - | 2024-06-07 03:42:21 | Deep Dive |
| CVE-2024-5162 | WordPress prettyPhoto <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter | ibabar | PrettyPhoto – Simple Lightbox Plugin | Medium | 6.4 | 2024-06-06 03:53:10 | Deep Dive |
| CVE-2024-5449 | WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization | wppool | WP Dark Mode – Improve Accessibility with AI Powered Dark Theme | Medium | 4.3 | 2024-06-06 03:32:55 | Deep Dive |
| CVE-2024-4743 | LifterLMS – WordPress LMS Plugin for eLearning <= 7.6.2 - Authenticated (Contributor+) SQL Injection via Shortcode | chrisbadgett | LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes | High | 8.8 | 2024-06-05 08:33:16 | Deep Dive |
| CVE-2024-4295 | Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.8 | 2024-06-05 05:33:06 | Deep Dive |
| CVE-2024-5483 | LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2024-06-05 02:34:31 | Deep Dive |
| CVE-2024-5317 | Newsletter <= 8.3.4 - Unauthenticated Stored Cross-Site Scripting via np1 | satollo | Newsletter – Send awesome emails from WordPress | Medium | 6.4 | 2024-06-05 01:56:30 | Deep Dive |
| CVE-2024-0756 | Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection | Unknown | Insert or Embed Articulate Content into WordPress | - | - | 2024-06-04 14:28:08 | Deep Dive |
| CVE-2023-49852 | WordPress Responsive Slick Slider WordPress plugin <= 1.4 - Content Injection vulnerability | Vsourz Digital | Responsive Slick Slider WordPress | Medium | 6.5 | 2024-06-04 11:57:22 | Deep Dive |