| Yes | File Manager | wp-file-manager | <= 7.2.1 | Sensitive Information Exposure via Backup Filenames | CVE-2024-0761 | 8.1 | 2024/01/22 | 修正済み |
| No | Cleverwise Daily Quotes | cleverwise-daily-quotes | <= 3.2 | Reflected Cross-Site Scripting | CVE-2023-40335 | 7.2 | 2023/08/17 | 公開停止 |
| No | Simple Staff List | simple-staff-list | <= 2.2.3 | Authenticated (Editor+) Stored Cross-Site Scripting | CVE-2023-28790 | 4.4 | 2023/08/17 | 修正済み |
| No | Art Direction | art-direction | <= 0.2.4 | Authenticated (Contributor+) Stored Cross-Site Scripting | CVE-2023-37983 | 6.4 | 2023/07/12 | 公開停止 |
| No | Replace Word | replace-word | <= 2.1 | Cross-Site Request Forgery | CVE-2023-37973 | 4.3 | 2023/07/12 | 公開停止 |
| No | Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) | only-tweet-like-share-and-google-1 | <= 2.0 | Authenticated (Administrator+) Stored Cross-Site Scripting | CVE-2023-37388 | 4.4 | 2023/07/05 | 公開停止 |
| No | Side Cart Woocommerce (Ajax) | side-cart-woocommerce | <= 2.2 | Authenticated(Administrator+) Stored Cross-Site Scripting | CVE-2023-28415 | 4.4 | 2023/06/28 | 修正済み |
| No | JS Job Manager | js-jobs | <= 2.0.0 | Cross-Site Request Forgery via multiple functions | CVE-2023-31087 | 5.4 | 2023/06/02 | 修正済み |
| No | Floating Action Button | floating-action-button | <=1.2.1 | Cross-Site Request Forgery to Settings Modification | CVE-2023-31088 | 4.3 | 2023/05/31 | 修正済み |
| No | Headless CMS | headless-cms | <= 2.0.3 | Missing Authorization | CVE-2023-34186 | 6.5 | 2023/05/30 | 公開停止 |
| No | SKU Label Changer For WooCommerce | woo-sku-label-changer | <= 3.0 | Missing Authorization | CVE-2023-29174 | 5.3 | 2023/05/25 | 公開停止 |
| No | Smart App Banner | smart-app-banner | <= 1.1.2 | Cross-Site Request Forgery via wsl_smart_app_banner_options | CVE-2023-33315 | 5.4 | 2023/05/21 | 修正済み |
| No | CALL ME NOW | lokalyze-call-now | <= 3.0 | Cross-Site Request Forgery | CVE-2023-32602 | 4.3 | 2023/05/12 | 公開停止 |
| No | Plugins List | plugins-list | <= 2.5 | Authenticated (Author+) Stored Cross-Site Scripting via replace_plugin_list_tags | CVE-2023-31232 | 6.4 | 2023/04/28 | 修正済み |
| No | Easy Bet | easy-bet | <= 1.0.2 | Authenticated(Contributor+) SQL Injection | CVE-2023-31092 | 8.8 | 2023/04/26 | 公開停止 |
| No | Logo Scheduler | logo-scheduler-great-for-holidays-events-and-more | <= 1.2.0 | Authenticated (Administrator+) Stored Cross-Site Scripting | CVE-2023-30875 | 4.4 | 2023/04/26 | 修正済み |
| No | Woocommerce Tip/Donation | woo-tipdonation | <= 1.2 | Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings | CVE-2023-28783 | 5.5 | 2023/04/24 | 公開停止 |
| No | Display custom fields in the frontend – Post and User Profile Fields | shortcode-to-display-post-and-user-data | <= 1.2.0 | Missing Authorization via vg_display_data shortcode | CVE-2023-31073 | 6.5 | 2023/04/24 | 修正済み |
| No | Woocommerce Email Report | wooemailreport | <= 2.4 | Unauthenticated Cross-Site Scripting | CVE-2023-27627 | 6.1 | 2023/04/21 | 公開停止 |
| No | Easy Slider Revolution | easy-slider-revolution | <= 1.0.0 | Authenticated (Author+) Stored Cross-Site Scripting via esrcpt_slider_allow_iframes_filter | CVE-2023-28622 | 6.4 | 2023/04/21 | 公開停止 |
| No | Dave’s WordPress Live Search | daves-wordpress-live-search | <= 4.8.1 | Authenticated (Administrator+) Stored Cross-Site Scripting | CVE-2023-30876 | 4.4 | 2023/04/21 | 公開停止 |
| No | GPS Plotter | gps-plotter | <= 5.2.0 | Authenticated (Administrator+) Stored Cross-Site Scripting | CVE-2023-30874 | 4.4 | 2023/04/21 | 公開停止 |
| No | Cab Grid | cab-grid | <= 1.5.15 | Authenticated (Administrator+) Stored Cross-Site Scripting | CVE-2023-28533 | 4.4 | 2023/04/21 | 修正済み |
| No | eRocket | erocket | <= 1.2.4 | Authenticated (Administrator+) Stored Cross-Site Scripting | CVE-2023-28174 | 4.4 | 2023/04/21 | 修正済み |
| No | Redirect After Login | redirect-after-login | <= 0.1.9 | Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | CVE-2023-27624 | 4.4 | 2023/04/21 | 公開停止 |
| No | ApexChat | apexchat | <= 1.3.1 | Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | CVE-2023-28414 | 4.4 | 2023/04/18 | 修正済み |
| No | Captcha Them All | captcha-them-all | <= 1.3.3 | Authenticated (Admin+) Stored Cross-Site Scripting | CVE-2023-30786 | 4.4 | 2023/04/18 | 修正済み |
| No | a3 Portfolio | a3-portfolio | <= 3.1.0 | Authenticated (Author+) Stored Cross-Site Scripting | CVE-2023-29097 | 6.4 | 2023/04/10 | 修正済み |
| No | Mobile Banner | mobile-banner | <= 1.5 | Cross-Site Request Forgery leading to Plugin Settings Changes | CVE-2023-28930 | 4.3 | 2023/03/29 | 修正済み |
| No | Enhanced Plugin Admin | enhanced-plugin-admin | <= 1.16 | Cross-Site Request Forgery via epa_options_page | CVE-2023-28618 | 5.4 | 2023/03/21 | 修正済み |
| No | Event Manager for WooCommerce | mage-eventpress | <= 3.8.6 | Authenticated (Administrator+) Stored Cross-Site Scripting via ‘mep_get_option’ function | CVE-2023-28422 | 4.4 | 2023/03/20 | 修正済み |
| No | Branded Social Images | branded-social-images | <= 1.1.0 | Missing Authorization leading to Unauthenticated Plugin Settings Updates | CVE-2023-28536 | 5.3 | 2023/03/20 | 修正済み |