| CVE-2023-46192 | WordPress Internal Link Building Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS) | Internet Marketing Ninjas | Internal Link Building | Medium | 5.9 | 2023-10-27 07:42:07 | Deep Dive |
| CVE-2023-45640 | WordPress WP ULike Plugin <= 4.6.8 is vulnerable to Cross Site Scripting (XSS) | TechnoWich | WP ULike – Most Advanced WordPress Marketing Toolkit | Medium | 6.5 | 2023-10-24 11:06:17 | Deep Dive |
| CVE-2023-46193 | WordPress Internal Link Building Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) | Internet Marketing Ninjas | Internal Link Building | Medium | 4.3 | 2023-10-24 10:43:31 | Deep Dive |
| CVE-2022-3342 | Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization | automattic | Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation | High | 7.5 | 2023-10-20 07:29:24 | Deep Dive |
| CVE-2023-5414 | Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.1 | 2023-10-20 06:35:20 | Deep Dive |
| CVE-2023-4833 | SQLi in Besttem's Network Marketing Software | Besttem | Network Marketing Software | Critical | 9.8 | 2023-09-15 08:22:12 | Deep Dive |
| CVE-2023-35097 | WordPress WP Affiliate Links Plugin <= 0.1.1 is vulnerable to Cross Site Scripting (XSS) | Internet Marketing Dojo | WP Affiliate Links | High | 7.1 | 2023-06-20 09:05:03 | Deep Dive |
| CVE-2023-1430 | FluentCRM - Marketing Automation For WordPress <= 2.8.01 - Insufficient Use of Hash as Authorization Control | techjewel | FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution | Medium | 6.5 | 2023-06-09 05:33:37 | Deep Dive |
| CVE-2019-25147 | Pretty Links <= 2.1.9 - Unauthenticated Stored Cross-Site Scripting via track_link | supercleanse | PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin | High | 7.2 | 2023-06-07 01:51:39 | Deep Dive |
| CVE-2023-2472 | Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS | Unknown | Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue | 中危 | - | 2023-06-05 13:39:03 | Deep Dive |
| CVE-2023-2717 | Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | Medium | 5.4 | 2023-05-20 02:03:25 | Deep Dive |
| CVE-2023-2736 | Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | High | 7.5 | 2023-05-20 02:03:24 | Deep Dive |
| CVE-2023-2735 | Groundhogg <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | Medium | 4.9 | 2023-05-20 02:03:23 | Deep Dive |
| CVE-2023-2716 | Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | Medium | 5.4 | 2023-05-20 02:03:22 | Deep Dive |
| CVE-2023-2714 | Groundhogg <= 2.7.9.8 - Missing Authorization to Update License | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | Medium | 4.3 | 2023-05-20 02:03:20 | Deep Dive |
| CVE-2023-2715 | Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | Medium | 4.3 | 2023-05-20 02:03:19 | Deep Dive |
| CVE-2023-27455 | WordPress Update Image Tag Alt Attribute Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS) | Maui Marketing | Update Image Tag Alt Attribute | High | 7.1 | 2023-05-10 08:43:17 | Deep Dive |
| CVE-2023-24404 | WordPress Marketing Performance Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) | VryaSage | Marketing Performance | High | 7.1 | 2023-04-23 09:45:18 | Deep Dive |
| CVE-2023-1425 | Groundhogg Contacts < 2.7.9.4 - Admin+ SQLi | Unknown | WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg | 高危 | - | 2023-04-10 13:17:57 | Deep Dive |
| CVE-2022-38077 | WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF) | WP OnlineSupport, Essential Plugin | Popup Anything – A Marketing Popup and Lead Generation Conversions | Medium | 4.3 | 2023-03-29 12:19:04 | Deep Dive |