| CVE-2024-30201 | WordPress WP Smart Import plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | Xylus Themes | WordPress Importer | High | 7.1 | 2024-03-27 06:13:33 | Deep Dive |
| CVE-2023-7232 | Backup and Restore WordPress <= 1.45 - Unauthenticated Sensitive Data Exposure | Unknown | Backup and Restore WordPress | - | - | 2024-03-26 05:00:02 | Deep Dive |
| CVE-2022-38057 | WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability | ThemeHunk | Advance WordPress Search Plugin | Medium | 6.5 | 2024-03-25 11:36:58 | Deep Dive |
| CVE-2024-2124 | Translate WordPress and go Multilingual – Weglot <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes | remyb92 | Translate WordPress with Weglot – Multilingual AI Translation | Medium | 6.4 | 2024-03-20 04:32:16 | Deep Dive |
| CVE-2024-1799 | GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.8.6 - Authenticated (Contributor+) SQL Injection via Shortcode | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | High | 8.8 | 2024-03-20 02:35:42 | Deep Dive |
| CVE-2024-29142 | WordPress Better Search plugin <= 3.3.0 - Stored Cross Site Scripting (XSS) vulnerability | WebberZone | Better Search – Relevant search results for WordPress | High | 7.1 | 2024-03-19 13:16:26 | Deep Dive |
| CVE-2024-0820 | Jobs for WordPress < 2.7.4 - Contributor+ Stored XSS | Unknown | Jobs for WordPress | 中危 | - | 2024-03-18 19:05:46 | Deep Dive |
| CVE-2024-0779 | Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking | Unknown | Enjoy Social Feed plugin for WordPress website | 中危 | - | 2024-03-18 19:05:42 | Deep Dive |
| CVE-2024-0780 | Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset | Unknown | Enjoy Social Feed plugin for WordPress website | 中危 | - | 2024-03-18 19:05:41 | Deep Dive |
| CVE-2024-1668 | Avada <= 7.11.5 - Authenticated(Contributor+) Sensitive Information Exposure via Form Entries | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | Medium | 6.5 | 2024-03-13 15:32:40 | Deep Dive |
| CVE-2024-1894 | Burst Statistics – Privacy-Friendly Analytics for WordPress <= 1.5.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via burst_total_pageviews_count | burstbv | Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) | Medium | 6.4 | 2024-03-13 15:27:27 | Deep Dive |
| CVE-2024-1038 | Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Reflected (DOM-Based) Cross-Site Scripting | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 5.4 | 2024-03-13 15:27:20 | Deep Dive |
| CVE-2024-1080 | Beaver Builder – WordPress Page Builder <= 2.7.4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via heading tag | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 6.4 | 2024-03-13 15:27:18 | Deep Dive |
| CVE-2024-0377 | LifterLMS – WordPress LMS Plugin for eLearning <= 7.5.1 - Missing Authorization via process_review | chrisbadgett | LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes | Medium | 5.3 | 2024-03-13 15:27:16 | Deep Dive |
| CVE-2024-1505 | Academy LMS – eLearning and online course solution for WordPress <= 1.9.19 - Authenticated (Subscriber+) Privilege Escalation | kodezen | Academy LMS – WordPress LMS Plugin for Complete eLearning Solution | High | 8.8 | 2024-03-13 15:27:11 | Deep Dive |
| CVE-2024-1074 | Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Audio Widget | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 6.4 | 2024-03-13 15:27:09 | Deep Dive |
| CVE-2024-0681 | Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.4 - Protection Mechanism Bypass | cyberlord92 | Page and Post Restriction | Medium | 5.3 | 2024-03-13 15:27:08 | Deep Dive |
| CVE-2024-0896 | Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 6.4 | 2024-03-13 15:27:06 | Deep Dive |
| CVE-2024-1363 | Easy Accordion – Best Accordion FAQ Plugin for WordPress <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | shapedplugin | Easy Accordion – Responsive Accordion FAQ Builder and Product FAQ | Medium | 6.4 | 2024-03-13 15:27:03 | Deep Dive |
| CVE-2024-0447 | ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update | artibot | ArtiBot Free Chat Bot for WebSites | Medium | 5.0 | 2024-03-13 15:27:02 | Deep Dive |