| CVE-2024-0908 | Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure | bplugins | Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and Filters | Medium | 5.3 | 2024-05-02 16:52:24 | Deep Dive |
| CVE-2024-3206 | Different Menu in Different Pages – Control Menu Visibility (All in One) <= 2.3.2 - Missing Authorization to Menu Duplication | recorp | Different Menu in Different Pages – Conditional Menu | Medium | 4.3 | 2024-05-02 16:51:52 | Deep Dive |
| CVE-2024-32451 | WordPress Legal Pages plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability | wpWax | Legal Pages | Medium | 4.3 | 2024-04-15 07:51:32 | Deep Dive |
| CVE-2024-2026 | Passster <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_protector Shortcode | wpchill | Passster – Password Protect Pages and Content | Medium | 6.4 | 2024-04-09 18:59:04 | Deep Dive |
| CVE-2024-30521 | WordPress Landingi Landing Pages plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability | Landingi | Landingi Landing Pages | Medium | 5.4 | 2024-03-29 15:53:06 | Deep Dive |
| CVE-2024-2025 | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request | themekraft | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages | High | 8.8 | 2024-03-23 01:57:39 | Deep Dive |
| CVE-2023-50886 | WordPress Legal Pages plugin <= 1.3.7 - CSRF + Broken Access Control vulnerability | wpWax | Legal Pages | Medium | 4.3 | 2024-03-15 14:14:59 | Deep Dive |
| CVE-2024-0829 | Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization | nmedia | Comments Extra Fields For Post,Pages and CPT | Medium | 4.3 | 2024-03-13 15:27:15 | Deep Dive |
| CVE-2024-0681 | Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.4 - Protection Mechanism Bypass | cyberlord92 | Page and Post Restriction | Medium | 5.3 | 2024-03-13 15:27:08 | Deep Dive |
| CVE-2024-0830 | Comments Extra Fields For Post,Pages and CPT <= 5.0 - Cross-Site Request Forgery | nmedia | Comments Extra Fields For Post,Pages and CPT | Medium | 4.3 | 2024-03-13 15:27:05 | Deep Dive |
| CVE-2023-6880 | Visual Composer Premium <= 45.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | visualcomposer | Visual Composer Website Builder | Medium | 6.4 | 2024-03-13 15:26:52 | Deep Dive |
| CVE-2024-28163 | Information Disclosure vulnerability in SAP NetWeaver Process Integration (Support Web Pages) | SAP_SE | SAP NetWeaver Process Integration (Support Web Pages) | Medium | 5.3 | 2024-03-12 00:45:42 | Deep Dive |
| CVE-2024-1043 | AMP for WP <= 1.0.93.1 - Authenticated(Contributor+) Arbitrary Post Deletion via amppb_remove_saved_layout_data | mohammed_kaludi | AMP for WP – Accelerated Mobile Pages | Medium | 6.5 | 2024-02-20 18:56:52 | Deep Dive |
| CVE-2024-0620 | PPWP – Password Protect Pages <= 1.8.9 - Protection Mechanism Bypass | buildwps | PPWP – Password Protect Pages | Medium | 5.3 | 2024-02-20 18:56:27 | Deep Dive |
| CVE-2024-0616 | Passster – Password Protect Pages and Content <= 4.2.6.2 - Missing Authorization to Sensitive Information Exposure | wpchill | Passster – Password Protect Pages and Content | Medium | 5.3 | 2024-02-20 18:56:18 | Deep Dive |
| CVE-2024-0708 | Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages <= 1.7.2 - Unauthenticated Information Exposure | fatcatapps | Landing Page Cat – Coming Soon & Maintenance Pages | Medium | 5.3 | 2024-02-15 06:48:47 | Deep Dive |
| CVE-2024-24889 | WordPress All 404 Pages Redirect to Homepage Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS) | Geek Code Lab | All 404 Pages Redirect to Homepage | Medium | 6.1 | 2024-02-12 06:12:33 | Deep Dive |
| CVE-2024-0587 | Accelerated Mobile Pages <= 1.0.92.1 - Reflected Cross-Site Scripting | mohammed_kaludi | AMP for WP – Accelerated Mobile Pages | Medium | 6.1 | 2024-01-23 06:46:31 | Deep Dive |
| CVE-2023-6782 | AMP for WP – Accelerated Mobile Pages <= 1.0.92 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode | mohammed_kaludi | AMP for WP – Accelerated Mobile Pages | Medium | 6.4 | 2024-01-11 08:32:56 | Deep Dive |
| CVE-2023-50856 | WordPress Funnel Builder for WordPress by FunnelKit Plugin <= 2.14.3 is vulnerable to SQL Injection | FunnelKit | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits | High | 7.6 | 2023-12-28 11:01:04 | Deep Dive |