| CVE-2024-3370 | SQLi in Egebilgi Software's Website Template | Egebilgi Software | Website Template | - | - | 2024-11-18 12:52:44 | Deep Dive |
| CVE-2024-50539 | WordPress Lodgix.com Vacation Rental Website Builder plugin <= 3.9.73 - SQL Injection vulnerability | lodgix | Lodgix.com Vacation Rental Website Builder | High | 8.5 | 2024-11-09 09:18:21 | Deep Dive |
| CVE-2024-51601 | WordPress Website price calculator plugin <= 4.1 - SQL Injection vulnerability | Maksym Marko | Website price calculator | High | 8.5 | 2024-11-09 09:03:15 | Deep Dive |
| CVE-2024-7985 | FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload | softaculous | FileOrganizer – WordPress File Manager | High | 7.5 | 2024-10-29 15:31:55 | Deep Dive |
| CVE-2024-49611 | WordPress Product Website Showcase plugin <= 1.0 - Arbitrary File Upload vulnerability | paxmanpwnz | Product Website Showcase | Critical | 10.0 | 2024-10-20 07:59:32 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-6757 | Elementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt Function | elemntor | Elementor Website Builder – more than just a page builder | Medium | 4.3 | 2024-10-15 02:03:52 | Deep Dive |
| CVE-2024-8282 | Ibtana – WordPress Website Builder <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute | vowelweb | Ibtana – WordPress Website Builder | Medium | 6.4 | 2024-10-02 09:31:59 | Deep Dive |
| CVE-2024-9218 | Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid <= 1.3.14 - Reflected Cross-Site Scripting | wpblockart | Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid | Medium | 6.1 | 2024-10-02 08:31:51 | Deep Dive |
| CVE-2024-8800 | RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting | sanrl | RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce | Medium | 6.1 | 2024-10-02 07:35:30 | Deep Dive |
| CVE-2024-3373 | SQLi in RSM Design's Website Template | RSM Design | Website Template | - | - | 2024-09-27 14:14:16 | Deep Dive |
| CVE-2024-8514 | Prisna GWT - Google Website Translator <= 1.4.11 - Authenticated (Admin+) PHP Object Injection | prisna | Prisna GWT – Google Website Translator | Critical | 9.1 | 2024-09-25 03:27:40 | Deep Dive |
| CVE-2024-9069 | Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | besnikac | Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) | Medium | 6.4 | 2024-09-25 02:05:07 | Deep Dive |
| CVE-2024-5416 | Elementor Website Builder – More than Just a Page Builder <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scripting in the URL Parameter in Multiple Widgets | elemntor | Elementor Website Builder – more than just a page builder | Medium | 5.4 | 2024-09-11 11:32:03 | Deep Dive |
| CVE-2024-7950 | WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | Critical | 9.8 | 2024-09-04 02:33:48 | Deep Dive |
| CVE-2022-4539 | Web Application Firewall <= 2.1.2 - IP Address Spoofing to Protection Mechanism Bypass | cyberlord92 | Web Application Firewall – website security | Medium | 5.3 | 2024-08-31 09:35:56 | Deep Dive |
| CVE-2024-8217 | SourceCodester E-Commerce Website registration.php sql injection | SourceCodester | E-Commerce Website | High | 7.3 | 2024-08-27 20:31:06 | Deep Dive |
| CVE-2024-8139 | itsourcecode E-Commerce Website search_list.php sql injection | itsourcecode | E-Commerce Website | Medium | 6.3 | 2024-08-25 01:00:05 | Deep Dive |
| CVE-2024-7929 | SourceCodester Simple Forum Website Signup Page registration.php cross site scripting | SourceCodester | Simple Forum Website | Medium | 5.3 | 2024-08-19 21:31:08 | Deep Dive |
| CVE-2024-7621 | Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update | wpfeedback | Atarim – Visual Feedback, Review & AI Collaboration | Medium | 5.4 | 2024-08-10 02:01:22 | Deep Dive |