| CVE-2024-31933 | WordPress Page Builder: Live Composer plugin <= 1.5.35 - Cross Site Request Forgery (CSRF) vulnerability | Live Composer Team | Page Builder: Live Composer | Medium | 5.4 | 2024-04-15 09:24:07 | Deep Dive |
| CVE-2024-31943 | WordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerability | Octolize | USPS Shipping for WooCommerce – Live Rates | Medium | 4.3 | 2024-04-10 17:41:07 | Deep Dive |
| CVE-2024-31944 | WordPress WooCommerce UPS Shipping plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability | Octolize | WooCommerce UPS Shipping – Live Rates and Access Points | Medium | 4.3 | 2024-04-10 17:39:55 | Deep Dive |
| CVE-2023-25699 | WordPress VideoWhisper Live Streaming Integration plugin <= 5.5.15 - Remote Code Execution (RCE) | VideoWhisper.com | VideoWhisper Live Streaming Integration | Critical | 9.0 | 2024-04-03 12:22:15 | Deep Dive |
| CVE-2024-1325 | Live Sales Notification for Woocommerce – Woomotiv <= 3.4.3 - Cross-Site Request Forgery via ajax_cancel_review | delabon | Live Sales Notification for Woocommerce – Woomotiv | Medium | 4.3 | 2024-03-20 06:48:28 | Deep Dive |
| CVE-2024-2286 | Sky Addons for Elementor <= 2.4.0 - Authenticated(Contributor+) Stored Cross-site scripting via Wrapper Link URL | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | Medium | 6.4 | 2024-03-13 15:27:18 | Deep Dive |
| CVE-2023-52193 | WordPress Page Builder: Live Composer Plugin <= 1.5.23 is vulnerable to Cross Site Scripting (XSS) | Live Composer Team | Page Builder: Live Composer | Medium | 6.5 | 2024-02-01 09:49:11 | Deep Dive |
| CVE-2024-0643 | Unrestricted upload of dangerous file types in C21 Live Encoder and Live Mosaic | Cires21 | C21 Live Encoder and Live Mosaic | Critical | 10.0 | 2024-01-17 13:44:20 | Deep Dive |
| CVE-2024-0642 | Inadequate access control in C21 Live Encoder and Live Mosaic | Cires21 | C21 Live Encoder and Live Mosaic | Critical | 9.8 | 2024-01-17 13:43:28 | Deep Dive |
| CVE-2023-52206 | WordPress Page Builder: Live Composer Plugin <= 1.5.25 is vulnerable to PHP Object Injection | Live Composer Team | Page Builder: Live Composer | High | 7.7 | 2024-01-08 19:32:07 | Deep Dive |
| CVE-2023-51423 | WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to SQL Injection | Saleswonder Team | Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition | Critical | 9.3 | 2023-12-31 17:52:40 | Deep Dive |
| CVE-2023-51422 | WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to PHP Object Injection | Saleswonder Team | Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition | Critical | 9.9 | 2023-12-29 12:59:32 | Deep Dive |
| CVE-2023-51361 | WordPress Sticky Chat Widget Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS) | Ginger Plugins | Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button | Medium | 5.9 | 2023-12-29 11:01:30 | Deep Dive |
| CVE-2023-51371 | WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS) | Bit Assist | Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget | Medium | 5.9 | 2023-12-29 10:58:40 | Deep Dive |
| CVE-2023-49821 | WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF) | LiveChat | LiveChat – WP live chat plugin for WordPress | Medium | 5.4 | 2023-12-18 22:31:10 | Deep Dive |
| CVE-2023-49168 | WordPress BP Better Messages Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS) | WordPlus | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss | Medium | 6.5 | 2023-12-14 14:49:33 | Deep Dive |
| CVE-2023-26535 | WordPress Sheets To WP Table Live Sync Plugin <= 2.12.15 is vulnerable to Cross Site Request Forgery (CSRF) | WPPOOL | Sheets To WP Table Live Sync | Medium | 5.4 | 2023-11-22 14:05:27 | Deep Dive |
| CVE-2023-47654 | WordPress BZScore – Live Score Plugin <= 1.03 is vulnerable to Cross Site Scripting (XSS) | livescore.bz | BZScore – Live Score | Medium | 6.5 | 2023-11-14 18:49:54 | Deep Dive |
| CVE-2023-47662 | WordPress Live Gold Price & Silver Price Charts Widgets Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS) | GoldBroker.com | Live Gold Price & Silver Price Charts Widgets | Medium | 5.9 | 2023-11-13 23:36:53 | Deep Dive |
| CVE-2023-5116 | Live updates from Excel <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | ipushpull | Live updates from Excel | Medium | 6.4 | 2023-10-31 12:45:22 | Deep Dive |