| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-2423 | UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Medium | 6.4 | 2024-04-09 18:58:42 | Deep Dive |
| CVE-2024-2200 | Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_subject | bestwebsoft | Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress | Medium | 6.1 | 2024-04-09 18:58:39 | Deep Dive |
| CVE-2024-1904 | MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 4.3 | 2024-04-09 18:58:37 | Deep Dive |
| CVE-2024-1289 | LearnPress <= 4.2.6.3 - Insecure Direct Object Reference | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.5 | 2024-04-09 18:58:32 | Deep Dive |
| CVE-2024-31344 | WordPress Easy Login Styler plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability | Phpbits Creative Studio | Easy Login Styler – White Label Admin Login Page for WordPress | Medium | 5.9 | 2024-04-07 17:40:52 | Deep Dive |
| CVE-2024-2458 | Powerkit – Supercharge your WordPress Site <= 2.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | codesupplyco | Powerkit – Supercharge your WordPress Site | Medium | 6.4 | 2024-04-06 07:34:57 | Deep Dive |
| CVE-2024-2471 | FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields | fooplugins | Gallery by FooGallery | Medium | 6.4 | 2024-04-06 05:37:15 | Deep Dive |
| CVE-2024-2656 | Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 4.4 | 2024-04-06 03:24:43 | Deep Dive |
| CVE-2023-5692 | WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink | WordPress Foundation | WordPress | Medium | 5.3 | 2024-04-05 12:52:33 | Deep Dive |
| CVE-2024-2115 | LearnPress – WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | High | 8.8 | 2024-04-05 07:34:36 | Deep Dive |
| CVE-2024-31211 | Remote Code Execution in `WP_HTML_Token` | WordPress | wordpress-develop | Medium | 5.5 | 2024-04-04 23:00:18 | Deep Dive |
| CVE-2024-31210 | PHP file upload bypass via Plugin installer | WordPress | wordpress-develop | High | 7.6 | 2024-04-04 22:59:29 | Deep Dive |
| CVE-2024-2830 | WordPress Tag and Category Manager – AI Autotagger <= 3.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | stevejburge | Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI | Medium | 6.4 | 2024-04-04 02:32:39 | Deep Dive |
| CVE-2024-30532 | WordPress Builderall Builder for WordPress plugin <= 2.0.1 - Server Side Request Forgery (SSRF) vulnerability | Builderall Team | Builderall Builder for WordPress | Medium | 4.9 | 2024-04-02 18:18:18 | Deep Dive |
| CVE-2024-2925 | Beaver Builder – WordPress Page Builder <= 2.8.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 6.4 | 2024-04-02 06:47:44 | Deep Dive |
| CVE-2024-1504 | SecuPress Free — WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address | secupress | SecuPress with Simple SSL – Simple and Performant Security | Medium | 4.3 | 2024-04-02 05:32:50 | Deep Dive |
| CVE-2024-31103 | WordPress Kanban Boards for WordPress plugin <= 2.5.21 - Reflected Cross Site Scripting (XSS) vulnerability | Kanban for WordPress | Kanban Boards for WordPress | High | 7.1 | 2024-03-31 19:10:13 | Deep Dive |
| CVE-2024-31104 | WordPress GetResponse for WordPress plugin <= 5.5.33 - Cross Site Scripting (XSS) vulnerability | GetResponse | GetResponse for WordPress | Medium | 6.5 | 2024-03-31 19:08:19 | Deep Dive |
| CVE-2024-31108 | WordPress iFlyChat plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability | iFlyChat Team | iFlyChat – WordPress Chat | Medium | 6.5 | 2024-03-31 18:59:55 | Deep Dive |
| CVE-2024-31115 | WordPress Chauffeur Taxi Booking System for WordPress plugin <= 7.2 - Arbitrary File Upload vulnerability | QuanticaLabs | Chauffeur Taxi Booking System for WordPress | Critical | 10.0 | 2024-03-31 18:05:04 | Deep Dive |