| CVE-2023-34001 | WordPress Hide My WP Ghost – Security Plugin plugin <= 5.0.25 - Captcha Bypass vulnerability | WPPlugins – WordPress Security Plugins | Hide My WP Ghost | Medium | 5.3 | 2024-06-04 07:09:45 | Deep Dive |
| CVE-2024-0757 | Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE | Unknown | Insert or Embed Articulate Content into WordPress | - | - | 2024-06-04 06:00:02 | Deep Dive |
| CVE-2024-34801 | WordPress Praison SEO WordPress plugin <= 4.0.15 - Cross Site Scripting (XSS) vulnerability | Mervin Praison | Praison SEO WordPress | Medium | 6.5 | 2024-06-03 10:32:01 | Deep Dive |
| CVE-2024-3820 | wpDataTables - Tables & Table Charts (Premium) <= 6.3.1 - Unauthenticated SQL Injection | WPDataTables | wpDataTables (Premium) | Critical | 10.0 | 2024-06-01 08:38:58 | Deep Dive |
| CVE-2024-3821 | wpDataTables - Tables & Table Charts (Premium) <= 6.3.2 - Missing Authorization to DataTable Access & Modification | wpdatatables | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin | High | 7.3 | 2024-06-01 08:38:56 | Deep Dive |
| CVE-2024-4958 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 7.1 | 2024-06-01 07:35:57 | Deep Dive |
| CVE-2024-4711 | WordPress Infinite Scroll – Ajax Load More <= 7.1.1 - Authenticated (Contributor+) Cross-Site Scripting | dcooney | Ajax Load More – Infinite Scroll, Load More, & Lazy Load | Medium | 6.4 | 2024-06-01 02:32:48 | Deep Dive |
| CVE-2024-4469 | Migration Backup Restore < 3.5.0 - Admin+ SSRF | Unknown | WP STAGING WordPress Backup Plugin | 中危 | - | 2024-05-31 06:00:02 | Deep Dive |
| CVE-2024-5326 | Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update | wpxpo | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | High | 8.8 | 2024-05-30 10:59:29 | Deep Dive |
| CVE-2024-5207 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2024-05-30 05:33:15 | Deep Dive |
| CVE-2024-5223 | Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting | wpxpo | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | Medium | 6.4 | 2024-05-30 03:34:28 | Deep Dive |
| CVE-2024-3412 | WP STAGING WordPress Backup Plugin – Migration Backup Restore <= 3.4.3 - Authenticated (Admin+) Arbitrary File Upload | renehermi | WP STAGING – WordPress Backup, Restore & Migration | Critical | 9.1 | 2024-05-29 08:30:06 | Deep Dive |
| CVE-2024-0434 | WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly <= 1.7.1 - Missing Authorization via ttbm_new_place_save | magepeopleteam | Travelly – Tour & Travel Booking Manager for WooCommerce | Tour & Hotel Booking Solution | Medium | 5.3 | 2024-05-29 03:30:59 | Deep Dive |
| CVE-2024-4045 | Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.16.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | smub | Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation | Medium | 6.4 | 2024-05-25 05:36:44 | Deep Dive |
| CVE-2024-4366 | Spectra – WordPress Gutenberg Blocks <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2024-05-24 07:30:23 | Deep Dive |
| CVE-2024-1814 | Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Block | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2024-05-23 11:02:39 | Deep Dive |
| CVE-2024-1815 | Spectra – WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2024-05-23 11:02:37 | Deep Dive |
| CVE-2024-4706 | WordPress + Microsoft Office 365 / Azure AD | LOGIN <= 27.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via pintra Shortcode | wpo365 | WPO365 | SEAMLESS WORDPRESS + MICROSOFT INTEGRATION (WPO365 | LOGIN) | Medium | 6.4 | 2024-05-23 07:31:26 | Deep Dive |
| CVE-2024-3626 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 4.3 | 2024-05-23 05:32:15 | Deep Dive |
| CVE-2024-4895 | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import | wpdatatables | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin | Medium | 4.7 | 2024-05-23 02:33:06 | Deep Dive |