WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Media LIbrary Assistant versions = 3.35...

WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin JetEngine versions = 3.8.9.1...

WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin wpForo Forum versions = 3.1.0...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 2.0.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.8...

WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin AIWU versions = 1.4.17...

WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Statistics versions = 14.16.6...

WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Activity Log versions = 5.6.3...

WordPress AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin 3.4.9-3.4.9 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by daroo in WordPress Plugin AI Engine versions 3.4.9-3.4.9...

WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Contest Gallery Pro versions = 29.0.1...

WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin JoomSport versions = 5.7.7...

WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Responsive Slider by MetaSlider versions = 3.106.0...

WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin WooCommerce PDF Invoices & Packing Slips versions 5.9.0...

WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Anti-Malware Security and Brute-Force Firewall versions = 4.23.87...

WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin Groundhogg versions = 4.4...

WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin CTX Feed versions = 6.6.26...

WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WooCommerce Product Table Lite versions = 4.6.3...

WordPress WP Job Portal plugin <= 2.4.9 - Authenticated (Subscriber+) Arbitrary File Deletion via Resume Custom File Field vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via Resume Custom File Field vulnerability discovered by daroo in WordPress Plugin WP Job Portal versions = 2.4.9...

WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Attachment Title vulnerability discovered by daroo in WordPress Plugin ShortPixel Image Optimizer versions = 6.4.3...

WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.27...

WordPress Download Monitor plugin <= 5.1.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Download Monitor versions = 5.1.8...