| CVE-2024-0421 | MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure | Unknown | MapPress Maps for WordPress | 中危 | - | 2024-02-12 16:05:58 | Deep Dive |
| CVE-2024-24887 | WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) | Contest Gallery | Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress | Medium | 5.4 | 2024-02-12 08:43:27 | Deep Dive |
| CVE-2024-24796 | WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection | MagePeople Team | Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin | High | 8.2 | 2024-02-12 07:47:08 | Deep Dive |
| CVE-2024-24926 | WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to PHP Object Injection | UnitedThemes | Brooklyn | Creative Multi-Purpose Responsive WordPress Theme | High | 7.5 | 2024-02-12 07:09:01 | Deep Dive |
| CVE-2023-47526 | WordPress Chartify Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS) | Chart Builder Team | Chartify – WordPress Chart Plugin | Medium | 5.9 | 2024-02-12 06:53:18 | Deep Dive |
| CVE-2024-24927 | WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to Cross Site Scripting (XSS) | UnitedThemes | Brooklyn | Creative Multi-Purpose Responsive WordPress Theme | High | 7.1 | 2024-02-12 06:07:09 | Deep Dive |
| CVE-2023-51404 | WordPress My Agile Privacy Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS) | MyAgilePrivacy | My Agile Privacy – The only GDPR solution for WordPress that you can truly trust | Medium | 6.5 | 2024-02-10 08:42:14 | Deep Dive |
| CVE-2024-23517 | WordPress Scheduling Plugin – Online Booking for WordPress Plugin <= 3.5.10 is vulnerable to Cross Site Scripting (XSS) | Start Booking | Scheduling Plugin – Online Booking for WordPress | Medium | 6.5 | 2024-02-10 08:08:49 | Deep Dive |
| CVE-2024-24712 | WordPress Heateor Social Login Plugin <= 1.1.30 is vulnerable to Cross Site Scripting (XSS) | Team Heateor | Heateor Social Login WordPress | Medium | 6.5 | 2024-02-10 08:05:30 | Deep Dive |
| CVE-2024-24713 | WordPress Auto Listings Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS) | WP Auto Listings | Auto Listings – Car Listings & Car Dealership Plugin for WordPress | Medium | 6.5 | 2024-02-10 08:01:02 | Deep Dive |
| CVE-2024-24801 | WordPress OWL Carousel Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS) | LogicHunt | OWL Carousel – WordPress Owl Carousel Slider | Medium | 6.5 | 2024-02-10 07:53:37 | Deep Dive |
| CVE-2024-0596 | Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via editor_html() | awesomesupport | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 5.3 | 2024-02-10 06:51:53 | Deep Dive |
| CVE-2024-0594 | Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated (Subscriber+) SQL Injection | awesomesupport | Awesome Support – WordPress HelpDesk & Support Plugin | High | 8.8 | 2024-02-10 06:51:52 | Deep Dive |
| CVE-2024-0595 | Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via wpas_get_users() | awesomesupport | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 4.3 | 2024-02-10 06:51:52 | Deep Dive |
| CVE-2024-0657 | Internal Link Juicer <= 2.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting | davidanderson | Internal Link Juicer: SEO Auto Linker for WordPress | Medium | 4.4 | 2024-02-09 04:31:55 | Deep Dive |
| CVE-2024-24881 | WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS) | VeronaLabs | WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc | High | 7.1 | 2024-02-08 11:19:22 | Deep Dive |
| CVE-2024-0701 | UserPro <= 5.1.6 - Disabled Membership Registration Bypass | - | UserPro - Community and User Profile WordPress Plugin | Medium | 5.3 | 2024-02-05 21:22:05 | Deep Dive |
| CVE-2023-7029 | WordPress Button Plugin MaxButtons <= 9.7.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode | maxfoundry | MaxButtons – Create buttons | Medium | 6.4 | 2024-02-05 21:22:00 | Deep Dive |
| CVE-2024-0790 | WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Cross-Site Request Forgery | realmag777 | WOLF – WordPress Posts Bulk Editor and Manager Professional | Medium | 5.4 | 2024-02-05 21:21:47 | Deep Dive |
| CVE-2024-1177 | WP Club Manager – WordPress Sports Club Plugin <= 2.2.10 - Missing Authorization to Unauthenticated Event Permalink Update | wpclubmanager | WP Club Manager – WordPress Sports Club Plugin | Medium | 5.3 | 2024-02-05 21:21:46 | Deep Dive |