| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-41804 | WordPress Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF) | Brainstorm Force | Starter Templates — Elementor, WordPress & Beaver Builder Templates | High | 7.1 | 2023-12-07 10:58:43 | Deep Dive |
| CVE-2023-5761 | WordPress Plugin Burst Statistics 安全漏洞 | rogierlankhorst | Burst Statistics – Privacy-Friendly Analytics for WordPress | Critical | 9.8 | 2023-12-07 02:00:05 | Deep Dive |
| CVE-2023-5979 | eCommerce Product Catalog Plugin for WordPress < 3.3.26 - Products Deletion via CSRF | Unknown | eCommerce Product Catalog Plugin for WordPress | - | - | 2023-12-04 21:27:38 | Deep Dive |
| CVE-2023-48328 | WordPress NextGEN Gallery Plugin <= 3.37 is vulnerable to Cross Site Request Forgery (CSRF) | Imagely | WordPress Gallery Plugin – NextGEN Gallery | Medium | 4.3 | 2023-11-30 16:05:37 | Deep Dive |
| CVE-2023-48754 | WordPress Delete Post Revisions In WordPress Plugin <= 4.6 is vulnerable to Cross Site Request Forgery (CSRF) | Wap Nepal | Delete Post Revisions In WordPress | Medium | 5.4 | 2023-11-30 16:02:54 | Deep Dive |
| CVE-2023-5803 | WordPress Business Directory Plugin Plugin <= 6.3.10 is vulnerable to Cross Site Request Forgery (CSRF) | Business Directory Team | Business Directory Plugin – Easy Listing Directories for WordPress | Medium | 4.3 | 2023-11-30 15:57:06 | Deep Dive |
| CVE-2023-46086 | WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.4.3 is vulnerable to Cross Site Scripting (XSS) | SERVIT Software Solutions | affiliate-toolkit – WordPress Affiliate Plugin | High | 7.1 | 2023-11-30 15:50:13 | Deep Dive |
| CVE-2023-37890 | WordPress KB Support Plugin <= 1.5.88 is vulnerable to Broken Access Control | WPOmnia | KB Support – WordPress Help Desk and Knowledge Base | Medium | 4.3 | 2023-11-30 15:14:00 | Deep Dive |
| CVE-2023-37867 | WordPress Yet Another Stars Rating Plugin <= 3.3.8 is vulnerable to Race Condition | YetAnotherStarsRating.com | YASR – Yet Another Star Rating Plugin for WordPress | Low | 3.7 | 2023-11-30 14:11:24 | Deep Dive |
| CVE-2023-48323 | WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF) | Awesome Support Team | Awesome Support – WordPress HelpDesk & Support Plugin | Medium | 4.3 | 2023-11-30 12:59:15 | Deep Dive |
| CVE-2023-38474 | WordPress Campaign Monitor for WordPress Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS) | Campaign Monitor | Campaign Monitor for WordPress | High | 7.1 | 2023-11-30 12:26:53 | Deep Dive |
| CVE-2023-48322 | WordPress eDoc Employee Job Application Plugin <= 1.13 is vulnerable to Cross Site Scripting (XSS) | eDoc Intelligence | eDoc Employee Job Application – Best WordPress Job Manager for Employees | High | 7.1 | 2023-11-30 11:18:06 | Deep Dive |
| CVE-2023-5738 | WordPress Backup & Migration < 1.4.5 - Subscriber+ Stored XSS | Unknown | WordPress Backup & Migration | 中危 | - | 2023-11-27 16:22:05 | Deep Dive |
| CVE-2023-5737 | WordPress Backup & Migration < 1.4.4 - Subscriber+ Plugin Settings Update | Unknown | WordPress Backup & Migration | 中危 | - | 2023-11-27 16:22:03 | Deep Dive |
| CVE-2023-5209 | Bookly < 22.5 - Admin+ Stored XSS | Unknown | WordPress Online Booking and Scheduling Plugin | 中危 | - | 2023-11-27 16:21:59 | Deep Dive |
| CVE-2023-47839 | WordPress eCommerce Product Catalog Plugin <= 3.3.26 is vulnerable to Cross Site Scripting (XSS) | impleCode | eCommerce Product Catalog Plugin for WordPress | Medium | 6.5 | 2023-11-22 23:22:56 | Deep Dive |
| CVE-2023-47835 | WordPress ARI Stream Quiz Plugin <= 1.2.32 is vulnerable to Cross Site Scripting (XSS) | ARI Soft | ARI Stream Quiz – WordPress Quizzes Builder | Medium | 6.5 | 2023-11-22 23:20:12 | Deep Dive |
| CVE-2023-47833 | WordPress Theater for WordPress Plugin <= 0.18.3 is vulnerable to Cross Site Scripting (XSS) | Jeroen Schmit | Theater for WordPress | Medium | 5.9 | 2023-11-22 23:13:58 | Deep Dive |
| CVE-2023-2497 | UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection | - | UserPro - Community and User Profile WordPress Plugin | High | 8.8 | 2023-11-22 15:33:39 | Deep Dive |
| CVE-2023-6008 | UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.3 | 2023-11-22 15:33:38 | Deep Dive |