| CVE-2023-1159 | WordPress plugin Bookly 跨站脚本漏洞 | ladela | WordPress Online Booking and Scheduling Plugin – Bookly | Medium | 4.0 | 2023-06-02 06:06:48 | Deep Dive |
| CVE-2023-2836 | CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting | crmperks | CRM Perks Forms – WordPress Form Builder | Medium | 4.4 | 2023-05-31 03:36:11 | Deep Dive |
| CVE-2023-2111 | HollerBox < 2.1.4 - Admin+ SQL Injection | Unknown | Fast & Effective Popups & Lead-Generation for WordPress | 中危 | - | 2023-05-30 07:49:23 | Deep Dive |
| CVE-2022-47174 | WordPress Performance Lab Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF) | WordPress Performance Team | Performance Lab | Medium | 4.3 | 2023-05-25 12:17:08 | Deep Dive |
| CVE-2022-47136 | WordPress Ninja Tables Plugin <= 4.3.4 is vulnerable to Cross Site Request Forgery (CSRF) | WPManageNinja LLC | Ninja Tables – Best Data Table Plugin for WordPress | Medium | 4.3 | 2023-05-25 11:45:57 | Deep Dive |
| CVE-2022-38356 | WordPress Pearl Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) | StylemixThemes | WordPress Header Builder Plugin – Pearl | Medium | 5.4 | 2023-05-25 10:25:12 | Deep Dive |
| CVE-2022-47177 | WordPress WP EasyPay Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) | WP Easy Pay | WP EasyPay – Square for WordPress | Medium | 4.3 | 2023-05-25 09:51:40 | Deep Dive |
| CVE-2022-47161 | WordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) | The WordPress.org community | Health Check & Troubleshooting | Medium | 4.3 | 2023-05-25 09:04:21 | Deep Dive |
| CVE-2023-2500 | Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Subscriber+) PHP Object Injection | Granth | Go Pricing - WordPress Responsive Pricing Tables | High | 8.8 | 2023-05-24 23:38:16 | Deep Dive |
| CVE-2022-47447 | WordPress WP-Advanced-Search Plugin <= 3.3.8 is vulnerable to Cross Site Request Forgery (CSRF) | Mathieu Chartier | WordPress WP-Advanced-Search | Medium | 4.3 | 2023-05-24 16:10:10 | Deep Dive |
| CVE-2022-47446 | WordPress Store Locator Plugin <= 3.98.7 is vulnerable to Cross Site Request Forgery (CSRF) | Viadat Creations | Store Locator for WordPress with Google Maps – LotsOfLocales | Medium | 5.4 | 2023-05-24 16:05:31 | Deep Dive |
| CVE-2023-2494 | Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Missing Authorization to Limited Privilege Granting | Granth | Go Pricing - WordPress Responsive Pricing Tables | Medium | 4.6 | 2023-05-23 23:36:48 | Deep Dive |
| CVE-2023-2496 | Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Improper Authorization to Arbitrary File Upload | Granth | Go Pricing - WordPress Responsive Pricing Tables | High | 7.1 | 2023-05-23 23:36:47 | Deep Dive |
| CVE-2023-2498 | Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | Granth | Go Pricing - WordPress Responsive Pricing Tables | Medium | 6.4 | 2023-05-23 23:36:46 | Deep Dive |
| CVE-2023-23705 | WordPress Books Gallery Plugin <= 4.4.8 is vulnerable to Cross Site Request Forgery (CSRF) | HM Plugin | WordPress Books Gallery | Medium | 4.3 | 2023-05-23 13:03:10 | Deep Dive |
| CVE-2023-23706 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.5.14 is vulnerable to Cross Site Request Forgery (CSRF) | miniOrange | WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) | Medium | 4.3 | 2023-05-23 12:41:38 | Deep Dive |
| CVE-2023-2717 | Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | Medium | 5.4 | 2023-05-20 02:03:25 | Deep Dive |
| CVE-2023-2736 | Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | High | 7.5 | 2023-05-20 02:03:24 | Deep Dive |
| CVE-2023-2735 | Groundhogg <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | Medium | 4.9 | 2023-05-20 02:03:23 | Deep Dive |
| CVE-2023-2716 | Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | Medium | 5.4 | 2023-05-20 02:03:22 | Deep Dive |