| CVE-2024-13428 | WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 5.3 | 2025-02-01 07:21:39 | Deep Dive |
| CVE-2024-13429 | WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 4.3 | 2025-02-01 07:21:38 | Deep Dive |
| CVE-2024-8494 | Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode | https://elementor.com/ | Elementor Website Builder Pro | Medium | 4.3 | 2025-01-30 13:42:05 | Deep Dive |
| CVE-2025-23756 | WordPress LawPress plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability | ivanchernyakov | LawPress – Law Firm Website Management | High | 7.1 | 2025-01-27 14:22:14 | Deep Dive |
| CVE-2024-12104 | Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File Deletion | wpfeedback | Atarim – Visual Feedback, Review & AI Collaboration | Medium | 5.3 | 2025-01-21 09:21:10 | Deep Dive |
| CVE-2024-12131 | WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 4.3 | 2025-01-07 12:43:41 | Deep Dive |
| CVE-2024-12132 | WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 4.3 | 2025-01-03 08:22:21 | Deep Dive |
| CVE-2024-12272 | WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion | wptravelengine | WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor | High | 8.8 | 2024-12-25 03:21:32 | Deep Dive |
| CVE-2024-12884 | Codezips E-Commerce Website login.php sql injection | Codezips | E-Commerce Website | High | 7.3 | 2024-12-21 14:00:10 | Deep Dive |
| CVE-2024-10453 | Elementor Website Builder – More than Just a Page Builder <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2024-12-21 09:23:56 | Deep Dive |
| CVE-2024-11712 | WP Job Portal <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 5.3 | 2024-12-14 06:45:17 | Deep Dive |
| CVE-2024-11710 | WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 4.9 | 2024-12-14 06:45:16 | Deep Dive |
| CVE-2024-11711 | WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | High | 7.5 | 2024-12-14 06:45:16 | Deep Dive |
| CVE-2024-11714 | WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox() | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 4.9 | 2024-12-14 06:45:16 | Deep Dive |
| CVE-2024-11715 | WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 4.8 | 2024-12-14 06:45:15 | Deep Dive |
| CVE-2024-11713 | WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Medium | 4.9 | 2024-12-14 06:45:15 | Deep Dive |
| CVE-2024-12338 | Website Toolbox Community <= 2.0.1 - Reflected Cross-Site Scripting via websitetoolbox_username | websitetoolbox | Website Toolbox Forum | Medium | 6.1 | 2024-12-12 03:23:10 | Deep Dive |
| CVE-2024-11010 | FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion | softaculous | FileOrganizer – WordPress File Manager | High | 7.2 | 2024-12-07 09:27:06 | Deep Dive |
| CVE-2024-8236 | Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2024-11-26 13:56:55 | Deep Dive |
| CVE-2024-52347 | WordPress Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability | wpwebsitecreator | Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera | Medium | 6.5 | 2024-11-18 21:54:34 | Deep Dive |