| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-2428 | The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS | Unknown | The Ultimate Video Player For WordPress | - | - | 2024-04-10 05:00:03 | Deep Dive |
| CVE-2023-6385 | WordPress Ping Optimizer <= 2.35.1.3.0 - Log Clearing via CSRF | Unknown | WordPress Ping Optimizer | - | - | 2024-04-10 05:00:02 | Deep Dive |
| CVE-2024-1042 | WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions | princeahmed | WP Radio – Worldwide Online Radio Stations Directory for WordPress | Medium | 6.4 | 2024-04-10 04:30:21 | Deep Dive |
| CVE-2024-3235 | Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure | ThemePunch | Essential Grid Gallery WordPress Plugin | Medium | 5.3 | 2024-04-10 04:30:21 | Deep Dive |
| CVE-2024-1041 | WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Settings | princeahmed | WP Radio – Worldwide Online Radio Stations Directory for WordPress | Medium | 6.4 | 2024-04-10 04:30:19 | Deep Dive |
| CVE-2024-2311 | Avada <= 7.11.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | Medium | 6.4 | 2024-04-09 18:59:36 | Deep Dive |
| CVE-2024-2081 | FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting | fooplugins | Gallery by FooGallery | Medium | 6.4 | 2024-04-09 18:59:29 | Deep Dive |
| CVE-2023-6486 | Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS | brainstormforce | Spectra Gutenberg Blocks – Website Builder for the Block Editor | Medium | 6.4 | 2024-04-09 18:59:25 | Deep Dive |
| CVE-2024-2344 | Avada <= 7.11.6 - Authenticated (Admin+) SQL Injection via entry | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | High | 7.2 | 2024-04-09 18:59:22 | Deep Dive |
| CVE-2024-1463 | LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 4.4 | 2024-04-09 18:59:12 | Deep Dive |
| CVE-2024-2847 | WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | nickboss | Iptanus File Upload | Medium | 6.4 | 2024-04-09 18:59:10 | Deep Dive |
| CVE-2024-3136 | MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Critical | 9.8 | 2024-04-09 18:59:08 | Deep Dive |
| CVE-2024-2340 | Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | Medium | 5.3 | 2024-04-09 18:59:07 | Deep Dive |
| CVE-2024-2343 | Avada <= 7.11.6 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_action | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | Medium | 6.4 | 2024-04-09 18:59:04 | Deep Dive |
| CVE-2024-1790 | Ajax Load More <= 7.0.1 - Authenticated (Admin+) Directory Traversal to Arbitrary File Read | dcooney | Ajax Load More – Infinite Scroll, Load More, & Lazy Load | Medium | 4.9 | 2024-04-09 18:59:03 | Deep Dive |
| CVE-2024-3097 | WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure | smub | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | Medium | 5.3 | 2024-04-09 18:58:59 | Deep Dive |
| CVE-2024-2783 | GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | Medium | 6.4 | 2024-04-09 18:58:56 | Deep Dive |
| CVE-2023-6799 | WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness | webfactory | WP Reset | Medium | 5.9 | 2024-04-09 18:58:53 | Deep Dive |
| CVE-2024-2198 | Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_address | bestwebsoft | Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress | Medium | 6.1 | 2024-04-09 18:58:51 | Deep Dive |
| CVE-2024-0662 | WordPress Plugin FancyBox for WordPress 安全漏洞 | colorlibplugins | FancyBox for WordPress | Medium | 4.4 | 2024-04-09 18:58:49 | Deep Dive |