WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function vulnerability

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via idonatedonorprofile Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.1.5-2.1.9...

WordPress MP3 Audio Player 5.3-5.10 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by kr0d in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions 5.3-5.10...

WordPress RESTful Content Syndication plugin 1.1.0 - 1.5.0 - Authenticated (Author+) Arbitrary File Upload vulnerability

WordPress RESTful Content Syndication plugin 1.1.0 - 1.5.0 - Authenticated Author+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin RESTful Content Syndication versions 1.1.0-1.5.0...

WordPress KiotViet Sync plugin <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by kr0d in WordPress Plugin KiotViet Sync versions = 1.8.5...

WordPress Featured Image via URL plugin <= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload vulnerability

Authenticated Contributor+ Arbitrary FIle Upload vulnerability discovered by kr0d in WordPress Plugin Featured Image via URL versions = 0.1...

WordPress Email Notifications for Updates plugin <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Email Notifications for Updates versions = 1.1.6...

WordPress ContentStudio plugin <= 1.3.7 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Contentstudio versions = 1.3.7...

WordPress Realty Portal plugin <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Realty Portal versions = 0.4.1...

WordPress WP Dropzone plugin <= 1.1.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin WP Dropzone versions = 1.1.0...

WordPress WP移行専用プラグイン for CPI plugin <= 1.0.2 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin WP移行専用プラグイン for CPI versions = 1.0.2...

WordPress Blogger 301 Redirect plugin <= 2.5.3 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by kr0d in WordPress Plugin Blogger 301 Redirect versions = 2.5.3...