| CVE-2024-0618 | Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.4 | 2024-01-27 05:38:22 | Deep Dive |
| CVE-2023-6497 | WordPress Simple Shopping Cart <= 4.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting | mra13 | Simple Shopping Cart | Medium | 4.4 | 2024-01-27 03:32:46 | Deep Dive |
| CVE-2023-7082 | WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE | Unknown | Import any XML or CSV File to WordPress | 高危 | - | 2024-01-22 19:14:29 | Deep Dive |
| CVE-2022-40700 | Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins | Montonio | Montonio for WooCommerce | High | 8.2 | 2024-01-19 14:30:11 | Deep Dive |
| CVE-2024-0405 | Burst Statistics Really Simple Plugins <= 1.5.3 - Authenticated (Editor+) SQL Injection | burstbv | Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) | High | 7.2 | 2024-01-17 04:32:17 | Deep Dive |
| CVE-2023-3211 | WordPress Database Administrator <= 1.0.3 - Unauthenticated SQL Injection | Unknown | WordPress Database Administrator | 高危 | - | 2024-01-16 15:54:02 | Deep Dive |
| CVE-2023-5905 | DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export | Unknown | DeMomentSomTres WordPress Export Posts With Images | 高危 | - | 2024-01-15 15:10:43 | Deep Dive |
| CVE-2024-22027 | WordPress Plugin Quiz Maker 安全漏洞 | AYS Pro Plugins | WordPress Quiz Maker Plugin | 中危 | - | 2024-01-12 06:41:29 | Deep Dive |
| CVE-2023-5504 | BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal | wp_media | BackWPup – WordPress Backup & Restore Plugin | High | 8.7 | 2024-01-11 08:33:07 | Deep Dive |
| CVE-2023-6875 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Critical | 9.8 | 2024-01-11 08:33:06 | Deep Dive |
| CVE-2023-6828 | ARForms <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url | reputeinfosystems | Contact Form, Survey, Quiz & Popup Form Builder – ARForms | High | 7.2 | 2024-01-11 08:32:38 | Deep Dive |
| CVE-2023-6567 | LearnPress <= 4.2.5.7 - Unauthenticated SQL Injection via order_by | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Critical | 9.8 | 2024-01-11 08:32:37 | Deep Dive |
| CVE-2023-6776 | 3D Flipbook <= 1.15.2 - Authenticated (Contributor+) Cross-Site Scripting via Ready Function | iberezansky | 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery | Medium | 6.4 | 2024-01-11 08:32:35 | Deep Dive |
| CVE-2023-6742 | Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images | smub | Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More | Medium | 4.3 | 2024-01-11 08:32:33 | Deep Dive |
| CVE-2023-6634 | LearnPress <= 4.2.5.7 - Command Injection | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | High | 8.1 | 2024-01-11 08:32:29 | Deep Dive |
| CVE-2023-6684 | Ibtana – WordPress Website Builder <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | vowelweb | Ibtana – WordPress Website Builder | Medium | 6.4 | 2024-01-11 08:32:28 | Deep Dive |
| CVE-2023-6506 | WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending | melapress | WP 2FA – Two-factor authentication for WordPress | Medium | 4.3 | 2024-01-11 06:49:34 | Deep Dive |
| CVE-2023-6223 | LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 4.3 | 2024-01-11 06:49:32 | Deep Dive |
| CVE-2023-6520 | WP 2FA – Two-factor authentication for WordPress <= 2.5.0 - Cross-Site Request Forgery | melapress | WP 2FA – Two-factor authentication for WordPress | Medium | 4.3 | 2024-01-11 06:49:30 | Deep Dive |
| CVE-2023-6594 | WordPress Button Plugin MaxButtons <= 9.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | maxfoundry | MaxButtons – Create buttons | Medium | 4.4 | 2024-01-09 02:34:51 | Deep Dive |