| CVE-2024-32674 | WordPress Plugin Heator Social Login 跨站脚本漏洞 | Heateor | Heateor Social Login WordPress | - | - | 2024-05-08 03:37:49 | Deep Dive |
| CVE-2024-4186 | Edwiser Bridge <= 3.0.5 - Authentication Bypass due to Missing Empty Value Check | wisdmlabs | Edwiser Bridge – WordPress Moodle Integration | Critical | 9.8 | 2024-05-07 05:32:59 | Deep Dive |
| CVE-2024-33931 | WordPress JW Player for WordPress plugin <= 2.3.3 - Broken Access Control vulnerability | ilGhera | JW Player for WordPress | Medium | 6.5 | 2024-05-03 08:19:34 | Deep Dive |
| CVE-2024-33937 | WordPress Progressive WordPress (PWA) plugin <= 2.1.13 - Broken Access Control vulnerability | Nico Martin | Progressive WordPress (PWA) | Medium | 4.3 | 2024-05-03 08:18:17 | Deep Dive |
| CVE-2024-33941 | WordPress iPanorama 360 plugin <= 1.8.1 - Broken Access Control vulnerability | Avirtum | iPanorama 360 WordPress Virtual Tour Builder | Medium | 5.3 | 2024-05-03 07:26:32 | Deep Dive |
| CVE-2024-4439 | WordPress 跨站脚本漏洞 | WordPress Foundation | WordPress | High | 7.2 | 2024-05-03 05:32:35 | Deep Dive |
| CVE-2024-2324 | FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting | softaculous | FileOrganizer – WordPress File Manager | Medium | 4.4 | 2024-05-02 16:52:55 | Deep Dive |
| CVE-2024-3601 | Poll Maker – Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Email Enumeration | ays-pro | Poll Maker – Versus Polls, Anonymous Polls, Image Polls | Medium | 5.3 | 2024-05-02 16:52:54 | Deep Dive |
| CVE-2024-3897 | Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure | ays-pro | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | Medium | 5.3 | 2024-05-02 16:52:48 | Deep Dive |
| CVE-2024-2876 | Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.8 | 2024-05-02 16:52:46 | Deep Dive |
| CVE-2024-1759 | WP ULike <= 4.6.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting | alimir | WP ULike – Like & Dislike Buttons for Engagement and Feedback | Medium | 6.4 | 2024-05-02 16:52:44 | Deep Dive |
| CVE-2024-1797 | WP ULike – Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes | alimir | WP ULike – Like & Dislike Buttons for Engagement and Feedback | High | 8.8 | 2024-05-02 16:52:42 | Deep Dive |
| CVE-2024-2417 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.8 | 2024-05-02 16:52:42 | Deep Dive |
| CVE-2024-3233 | Ivory Search – WordPress Search Plugin <= 5.5.5 - Missing Authorization to Authenticated (Subscriber+) Index Creation | vinod-dalvi | Ivory Search – WordPress Search Plugin | Medium | 4.3 | 2024-05-02 16:52:40 | Deep Dive |
| CVE-2024-4000 | WordPress Header Builder Plugin – Pearl <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | stylemix | Pearl – Header Builder | Medium | 6.4 | 2024-05-02 16:52:35 | Deep Dive |
| CVE-2024-3287 | SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization | wpmudev | SmartCrawl SEO checker, analyzer & optimizer | Medium | 5.3 | 2024-05-02 16:52:27 | Deep Dive |
| CVE-2024-3295 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.5 | 2024-05-02 16:52:21 | Deep Dive |
| CVE-2024-2967 | Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor <= 4.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting | aharonyan | Guest posting / Frontend Posting / Front Editor – WP Front User Submit | Medium | 4.4 | 2024-05-02 16:52:19 | Deep Dive |
| CVE-2024-2346 | FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference | ninjateam | FileBird – WordPress Media Library Folders & File Manager | Medium | 5.4 | 2024-05-02 16:52:19 | Deep Dive |
| CVE-2024-1809 | Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) <= 5.2.3 - Missing Authorization | hiddenpearls | Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) | Medium | 5.4 | 2024-05-02 16:52:16 | Deep Dive |