WordPress IMGspider plugin <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload_img_file' vulnerability

Authenticated Contributor+ Arbitrary File Upload via 'uploadimgfile' vulnerability discovered by István Márton - Wordfence in WordPress Plugin IMGspider versions = 2.3.10...

WordPress AIomatic - Automatic AI Content Writer plugin <= 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability

WordPress AIomatic - Automatic AI Content Writer plugin = 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability discovered by István Márton - Wordfence in WordPress Plugin Aiomatic versions = 2.0.5...

WordPress Salient Shortcodes plugin <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Shortcodes versions = 1.5.3...

WordPress Tiger Premium theme <= 101.2.1 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by István Márton - Wordfence in WordPress Theme Tiger versions = 101.2.1...

WordPress Doccure plugin <= 1.4.8 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by István Márton in WordPress Theme Doccure versions = 1.4.8...

WordPress Traveler theme <= 3.1.8 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by István Márton in WordPress Theme Traveler versions = 3.1.8...

WordPress Homey theme <= 2.4.3 - Cross-Site Request Forgery to User Verification vulnerability

Cross-Site Request Forgery to User Verification vulnerability discovered by István Márton in WordPress Theme Homey versions = 2.4.3...

WordPress Homey theme <= 2.4.3 - Limited Authentication Bypass due to Missing Empty Value Check vulnerability

Limited Authentication Bypass due to Missing Empty Value Check vulnerability discovered by István Márton in WordPress Theme Homey versions = 2.4.3...

WordPress Cardealer theme <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile vulnerability

Cross-Site Request Forgery to User Update via updateuserprofile vulnerability discovered by István Márton in WordPress Theme Car Dealer versions = 1.6.4...

WordPress Cardealer theme <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Change and Delete JS and CSS Files vulnerability

Missing Authorization to Authenticated Subscriber+ Change and Delete JS and CSS Files vulnerability discovered by István Márton in WordPress Theme Car Dealer versions = 1.6.4...

WordPress Login Me Now plugin <= 1.7.2 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin Login Me Now versions = 1.7.2...

WordPress Nextend Social Login Pro plugin <= 3.1.16 - Authentication Bypass via Apple OAuth provider vulnerability

Authentication Bypass via Apple OAuth provider vulnerability discovered by István Márton in WordPress Plugin Nextend Social Login Pro versions = 3.1.16...

WordPress BoomBox Theme Extensions plugin <= 1.8.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton in WordPress Plugin BoomBox Theme Extensions versions = 1.8.0...

WordPress WPBot Pro Wordpress Chatbot plugin <= 13.5.4 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin WPBot Pro Wordpress Chatbot versions = 13.5.4...

WordPress DWT - Directory & Listing theme <= 3.3.3 - Reflected Cross-Site Scripting vulnerability

WordPress DWT - Directory & Listing theme = 3.3.3 - Reflected Cross-Site Scripting vulnerability discovered by István Márton in WordPress Theme DWT - Directory & Listing versions = 3.3.3...

WordPress Login With OTP plugin <= 1.4.2 - Authentication Bypass via Weak OTP vulnerability

Authentication Bypass via Weak OTP vulnerability discovered by István Márton in WordPress Plugin Login With OTP versions = 1.4.2...

WordPress Booking & Appointment Plugin for WooCommerce plugin <= 6.9.0 - Authenticated (Subscriber+) Arbitrary Option Update vulnerability

Authenticated Subscriber+ Arbitrary Option Update vulnerability discovered by István Márton in WordPress Plugin Booking & Appointment Plugin for WooCommerce versions = 6.9.0...

WordPress External Database Based Actions plugin <= 0.1 - Authenticated (Subscriber+) Authentication Bypass vulnerability

Authenticated Subscriber+ Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin External Database Based Actions versions = 0.1...

WordPress Really Simple Security Pro Plugin 9.0.0-9.1.1.1 - Account Takeover vulnerability

Account Takeover vulnerability discovered by István Márton in WordPress Plugin Really Simple Security Pro versions 9.0.0-9.1.1.1...

WordPress Crypto plugin <= 2.15 - Cross-Site Request Forgery to Authentication Bypass vulnerability

Cross-Site Request Forgery to Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin Crypto versions = 2.15...