| CVE-2023-0693 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:13 | Deep Dive |
| CVE-2023-2767 | WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | nickboss | Iptanus File Upload | Medium | 4.4 | 2023-06-09 05:33:13 | Deep Dive |
| CVE-2023-0694 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:12 | Deep Dive |
| CVE-2023-0695 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:12 | Deep Dive |
| CVE-2023-1888 | Directorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege Escalation | wpwax | Directorist: AI-Powered Business Directory, Listings & Classified Ads | High | 8.8 | 2023-06-09 05:33:09 | Deep Dive |
| CVE-2021-4381 | uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route | stylemix | Directory Listings WordPress plugin – uListing | Critical | 9.8 | 2023-06-07 01:51:55 | Deep Dive |
| CVE-2019-25150 | Email Templates <= 1.3 - HTML Injection | saadiqbal | Email Templates Customizer and Designer for WordPress and WooCommerce | High | 8.8 | 2023-06-07 01:51:53 | Deep Dive |
| CVE-2021-4383 | WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Content Injection | labibahmed42 | WP Quick FrontEnd Editor – WordPress Plugin | High | 8.1 | 2023-06-07 01:51:53 | Deep Dive |
| CVE-2021-4378 | WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting | labibahmed42 | WP Quick FrontEnd Editor – WordPress Plugin | Medium | 6.4 | 2023-06-07 01:51:50 | Deep Dive |
| CVE-2021-4373 | Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import | ajay | Better Search – Relevant search results for WordPress | High | 8.8 | 2023-06-07 01:51:44 | Deep Dive |
| CVE-2021-4374 | WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update | ValvePress | WordPress Automatic Plugin | Critical | 9.1 | 2023-06-07 01:51:44 | Deep Dive |
| CVE-2021-4370 | uListing <= 1.6.6 - Missing Authorization | stylemix | Directory Listings WordPress plugin – uListing | Critical | 9.8 | 2023-06-07 01:51:43 | Deep Dive |
| CVE-2020-36724 | Wordable <= 3.1.1 - Authentication Bypass | wordable | Wordable – Export Google Docs to WordPress | Critical | 9.8 | 2023-06-07 01:51:42 | Deep Dive |
| CVE-2021-4371 | WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change | labibahmed42 | WP Quick FrontEnd Editor – WordPress Plugin | Medium | 4.3 | 2023-06-07 01:51:42 | Deep Dive |
| CVE-2020-36723 | ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure | - | ListingPro - WordPress Directory & Listing Theme | Medium | 5.3 | 2023-06-07 01:51:41 | Deep Dive |
| CVE-2020-36717 | Kali Forms <= 2.1.1 - Cross-Site Request Forgery | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | High | 8.8 | 2023-06-07 01:51:36 | Deep Dive |
| CVE-2020-36719 | ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation | - | ListingPro - WordPress Directory & Listing Theme | Critical | 9.8 | 2023-06-07 01:51:35 | Deep Dive |
| CVE-2019-25145 | Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection | smub | Contact Form & SMTP Plugin for WordPress by PirateForms | High | 7.2 | 2023-06-07 01:51:34 | Deep Dive |
| CVE-2020-36720 | Kali Forms <= 2.1.1 - Missing Authorization to Settings Update | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | High | 7.1 | 2023-06-07 01:51:34 | Deep Dive |
| CVE-2020-36712 | Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | High | 8.6 | 2023-06-07 01:51:32 | Deep Dive |