| CVE-2024-4295 | Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.8 | 2024-06-05 05:33:06 | Deep Dive |
| CVE-2024-35634 | Woocommerce – Recent Purchases plugin <= 1.0.1 - File Inclusion vulnerability | Wow-Company | Woocommerce – Recent Purchases | Medium | 4.9 | 2024-06-04 13:36:40 | Deep Dive |
| CVE-2023-51511 | WordPress Booster Elite for WooCommerce plugin < 7.1.3 - Authenticated Production Creation/Modification Vulnerability | Pluggabl LLC | Booster Elite for WooCommerce | Medium | 6.5 | 2024-06-04 12:22:30 | Deep Dive |
| CVE-2023-48747 | WordPress Booster for WooCommerce plugin <= 7.1.2 - Authenticated Production Creation/Modification Vulnerability | Pluggabl LLC | Booster for WooCommerce | Medium | 6.5 | 2024-06-04 10:58:27 | Deep Dive |
| CVE-2024-2382 | Authorize.net Payment Gateway For WooCommerce <= 8.0 - Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass | ishanverma | Authorize.net Payment Gateway For WooCommerce | Medium | 5.3 | 2024-06-04 05:32:15 | Deep Dive |
| CVE-2024-1718 | Claudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status Update | claudiosanches | Claudio Sanches – Checkout Cielo for WooCommerce | Medium | 5.3 | 2024-06-04 05:32:14 | Deep Dive |
| CVE-2024-4552 | Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass | phoeniixx | Social Login Lite For WooCommerce | Critical | 9.8 | 2024-06-04 02:00:56 | Deep Dive |
| CVE-2024-34385 | WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability | YITHEMES | YITH WooCommerce Wishlist | Medium | 5.9 | 2024-06-03 11:41:00 | Deep Dive |
| CVE-2024-5427 | WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode | arraytics | WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System | Medium | 6.4 | 2024-05-31 06:40:55 | Deep Dive |
| CVE-2024-5073 | Essential Addons for Elementor <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Feed | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-05-30 06:48:09 | Deep Dive |
| CVE-2024-5039 | HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | realmag777 | HUSKY – Products Filter Professional for WooCommerce | Medium | 6.4 | 2024-05-29 12:43:42 | Deep Dive |
| CVE-2024-0434 | WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly <= 1.7.1 - Missing Authorization via ttbm_new_place_save | magepeopleteam | Travelly – Tour & Travel Booking Manager for WooCommerce | Tour & Hotel Booking Solution | Medium | 5.3 | 2024-05-29 03:30:59 | Deep Dive |
| CVE-2024-4455 | YITH WooCommerce Ajax Search <= 2.4.0 - Unauthenticated Stored Cross-Site Scripting | yithemes | YITH WooCommerce Ajax Search | High | 7.2 | 2024-05-24 10:58:39 | Deep Dive |
| CVE-2024-4484 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-24 06:42:18 | Deep Dive |
| CVE-2024-4485 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-24 06:42:16 | Deep Dive |
| CVE-2024-3718 | The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar, Header Meta Content, Scroll Navigation, Pricing Table, & Flip Box | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-24 05:30:53 | Deep Dive |
| CVE-2024-2784 | The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover Card | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-24 04:29:59 | Deep Dive |
| CVE-2024-3626 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 4.3 | 2024-05-23 05:32:15 | Deep Dive |
| CVE-2024-1855 | WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery | arraytics | WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System | Medium | 5.3 | 2024-05-23 01:56:18 | Deep Dive |
| CVE-2024-3345 | ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-05-21 08:31:05 | Deep Dive |