| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-51406 | WordPress FastDup Plugin <= 2.1.7 is vulnerable to Sensitive Data Exposure | Ninja Team | FastDup – Fastest WordPress Migration & Duplicator | Medium | 5.3 | 2024-01-08 20:41:36 | Deep Dive |
| CVE-2023-51408 | WordPress WP Optin Wheel Plugin <= 1.4.3 is vulnerable to Sensitive Data Exposure | StudioWombat | WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce | Medium | 5.3 | 2024-01-08 20:36:04 | Deep Dive |
| CVE-2023-6505 | Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure | Unknown | Migrate WordPress Website & Backups | - | - | 2024-01-08 19:00:39 | Deep Dive |
| CVE-2023-5911 | WP Custom Cursors <= 3.2 - Admin+ Stored XSS | Unknown | WP Custom Cursors | WordPress Cursor Plugin | - | - | 2024-01-08 19:00:37 | Deep Dive |
| CVE-2023-52124 | WordPress WP Tabs Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) | ShapedPlugin LLC | WP Tabs – Responsive Tabs Plugin for WordPress | Medium | 6.5 | 2024-01-05 11:17:09 | Deep Dive |
| CVE-2023-51538 | WordPress Awesome Support Plugin <= 6.1.5 is vulnerable to Cross Site Request Forgery (CSRF) | Awesome Support Team | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 4.3 | 2024-01-05 09:47:19 | Deep Dive |
| CVE-2023-52119 | WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF) | Icegram | Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building | Medium | 4.3 | 2024-01-05 09:28:10 | Deep Dive |
| CVE-2023-52128 | WordPress White Label Plugin <= 2.9.0 is vulnerable to Cross Site Request Forgery (CSRF) | WhiteWP | White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard | Medium | 4.3 | 2024-01-05 08:49:17 | Deep Dive |
| CVE-2023-6747 | FooGallery Premium <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | https://fooplugins.com | FooGallery Premium | Medium | 6.4 | 2024-01-03 08:29:49 | Deep Dive |
| CVE-2023-6980 | WP SMS <= 6.5 - Cross-Site Request Forgery to Subscriber Deletion | veronalabs | WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce | Medium | 4.3 | 2024-01-03 05:31:19 | Deep Dive |
| CVE-2023-6981 | WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting | veronalabs | WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce | Medium | 6.1 | 2024-01-03 05:31:19 | Deep Dive |
| CVE-2023-6524 | MapPress Maps for WordPress <= 2.88.13 - Authenticated (Contributor+) Stored Cross-Site Scripting | chrisvrichardson | MapPress Maps for WordPress | Medium | 6.4 | 2024-01-03 05:31:18 | Deep Dive |
| CVE-2023-6629 | POST SMTP Mailer <= 2.8.6 - Reflected Cross-Site Scripting via msg | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 6.1 | 2024-01-03 04:29:34 | Deep Dive |
| CVE-2023-7027 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2024-01-03 04:29:34 | Deep Dive |
| CVE-2023-6113 | WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download | Unknown | WP STAGING WordPress Backup Plugin | 中危 | - | 2024-01-01 14:18:59 | Deep Dive |
| CVE-2023-51547 | WordPress Fluent Support Plugin <= 1.7.6 is vulnerable to SQL Injection | WPManageNinja LLC | Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin | High | 7.6 | 2023-12-31 17:39:52 | Deep Dive |
| CVE-2023-52134 | WordPress GEO my WordPress Plugin <= 4.0.2 is vulnerable to SQL Injection | Eyal Fitoussi | GEO my WordPress | High | 7.6 | 2023-12-31 16:53:51 | Deep Dive |
| CVE-2023-52185 | WordPress Everest Backup Plugin <= 2.1.9 is vulnerable to Sensitive Data Exposure | Everestthemes | Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin | Medium | 5.3 | 2023-12-31 16:50:39 | Deep Dive |
| CVE-2023-52182 | WordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object Injection | ARI Soft | ARI Stream Quiz – WordPress Quizzes Builder | Critical | 9.9 | 2023-12-31 09:57:17 | Deep Dive |
| CVE-2023-51688 | WordPress eCommerce Product Catalog Plugin <= 3.3.26 is vulnerable to Sensitive Data Exposure | impleCode | eCommerce Product Catalog Plugin for WordPress | Medium | 5.3 | 2023-12-29 14:53:55 | Deep Dive |