| CVE-2024-4443 | Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter | strategy11team | Business Directory Plugin – Easy Listing Directories for WordPress | Critical | 9.8 | 2024-05-22 05:32:48 | Deep Dive |
| CVE-2024-3611 | Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | daveshine | Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced | Medium | 6.4 | 2024-05-22 05:32:47 | Deep Dive |
| CVE-2024-4971 | LearnPress – WordPress LMS Plugin <= 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.4 | 2024-05-22 05:32:47 | Deep Dive |
| CVE-2024-0453 | AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_delete_callback | quantumcloud | WPBot – AI ChatBot for Live Support, Lead Generation, AI Services | Medium | 5.0 | 2024-05-22 03:17:50 | Deep Dive |
| CVE-2024-0452 | AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback | quantumcloud | WPBot – AI ChatBot for Live Support, Lead Generation, AI Services | Medium | 5.0 | 2024-05-22 03:17:49 | Deep Dive |
| CVE-2024-0451 | AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_list_callback | quantumcloud | WPBot – AI ChatBot for Live Support, Lead Generation, AI Services | Medium | 5.0 | 2024-05-22 03:17:49 | Deep Dive |
| CVE-2024-3268 | YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress <= 3.3.6 - Missing Authorization to Arbitrary Post/Page Creation | emarket-design | Video Gallery – YouTube Gallery & Responsive Video Playlist | Medium | 5.3 | 2024-05-21 11:33:17 | Deep Dive |
| CVE-2024-4700 | WP Table Builder – WordPress Table Plugin <= 1.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | wptb | WP Table Builder – Drag & Drop Table Builder | Medium | 6.4 | 2024-05-21 09:31:50 | Deep Dive |
| CVE-2024-4849 | WordPress Automatic <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter | ValvePress | WordPress Automatic Plugin | Medium | 6.4 | 2024-05-18 05:40:02 | Deep Dive |
| CVE-2024-32692 | WordPress Chauffeur Taxi Booking System for WordPress plugin <= 6.9 - Broken Authentication vulnerability | QuanticaLabs | Chauffeur Taxi Booking System for WordPress | High | 8.2 | 2024-05-17 09:19:46 | Deep Dive |
| CVE-2024-31290 | WordPress Demo My WordPress plugin <= 1.0.9.1 - Unauthenticated Privilege Escalation vulnerability | CodeRevolution | Demo My WordPress | Critical | 9.8 | 2024-05-17 08:54:37 | Deep Dive |
| CVE-2024-22139 | WordPress WordPress Manutenção plugin <= 1.0.6 - Bypass vulnerability | Filipe Seabra | WordPress Manutenção | Low | 3.7 | 2024-05-17 08:46:30 | Deep Dive |
| CVE-2023-47683 | WordPress Social Login, Social Sharing by miniOrange plugin <= 7.6.6 - Authenticated Privilege Escalation vulnerability | miniOrange | WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) | High | 8.0 | 2024-05-17 08:36:38 | Deep Dive |
| CVE-2024-34434 | WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability | realmag777 | WordPress Meta Data and Taxonomies Filter (MDTF) | Medium | 6.5 | 2024-05-17 08:11:18 | Deep Dive |
| CVE-2024-4204 | Bulk Posts Editing For WordPress <= 4.2.3 - Cross-Site Request Forgery | ithemelandco | WPBULKiT – Bulk Edit WordPress Posts & Pages | Medium | 4.3 | 2024-05-16 20:31:04 | Deep Dive |
| CVE-2024-3750 | Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution | themeisle | Visualizer: Tables and Charts Manager for WordPress | High | 8.8 | 2024-05-16 02:36:49 | Deep Dive |
| CVE-2024-4010 | Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | High | 8.8 | 2024-05-15 08:34:13 | Deep Dive |
| CVE-2024-4199 | Bulk Posts Editing For WordPress <= 4.2.3 - Authenticated (Subscriber+) Missing Authorization | ithemelandco | WPBULKiT – Bulk Edit WordPress Posts & Pages | Medium | 4.3 | 2024-05-15 01:56:55 | Deep Dive |
| CVE-2024-0437 | Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 - Missing Authorization to Sensitive Information Exposure | saadiqbal | Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content | Medium | 4.3 | 2024-05-14 23:31:47 | Deep Dive |
| CVE-2024-32700 | WordPress Kognetiks Chatbot for WordPress plugin <= 2.0.0 - Arbitrary File Upload vulnerability | Kognetiks | Kognetiks Chatbot for WordPress | Critical | 10.0 | 2024-05-13 07:06:08 | Deep Dive |