WordPress ConvertPlus plugin <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by Lucio Sá in WordPress Plugin ConvertPlus versions = 3.5.30...

WordPress MagicForm - WordPress Form Builder plugin <= 1.6.2 - Missing Authorization vulnerability

WordPress MagicForm - WordPress Form Builder plugin = 1.6.2 - Missing Authorization vulnerability discovered by Lucio Sá in WordPress Plugin MagicForm versions = 1.6.2...

WordPress Shopping Cart & eCommerce Store plugin <= 5.7.8 - Missing Authorization to Order Updates vulnerability

Missing Authorization to Order Updates vulnerability discovered by Lucio Sá in WordPress Plugin WP EasyCart versions = 5.7.8...

WordPress ImageRecycle pdf & image compression plugin <= 3.1.14 - Cross-Site Request Forgery in Several AJAX Actions vulnerability

Cross-Site Request Forgery in Several AJAX Actions vulnerability discovered by Lucio Sá in WordPress Plugin ImageRecycle pdf & image compression versions = 3.1.14...

WordPress WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin <= 1.0.1 - Improper Authorization due to use of Hardcoded Credentials vulnerability

Improper Authorization due to use of Hardcoded Credentials vulnerability discovered by Lucio Sá in WordPress Plugin WP2Speed Faster versions = 1.0.1...

WordPress Media Hygiene plugin <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Attachment Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Media Hygiene versions = 3.0.1...

WordPress Restaurant Menu and Food Ordering plugin <= 2.4.16 - Missing Authorization to Menu Creation vulnerability

Missing Authorization to Menu Creation vulnerability discovered by Lucio Sá in WordPress Plugin Five Star Restaurant Menu versions = 2.4.16...

WordPress Authorize.net Payment Gateway For WooCommerce plugin <= 8.0 - Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass vulnerability

Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass vulnerability discovered by Lucio Sá in WordPress Plugin Authorize.net Payment Gateway For WooCommerce versions = 8.0...

WordPress Stop Spammers Security plugin <= 2024.4 - Cross-Site Request Forgery (CSRF) via sfs_process vulnerability

Cross-Site Request Forgery CSRF via sfsprocess vulnerability discovered by Lucio Sá in WordPress Plugin Stop Spammers versions = 2024.4...

WordPress WP Datepicker plugin <= 2.1.0 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation vulnerability

Authenticated Subscriber+ Arbitrary Options Update to Privilege Escalation vulnerability discovered by Lucio Sá in WordPress Plugin WP Datepicker versions = 2.1.0...

WordPress ShopLentor plugin <= 2.8.1 - Improper Authorization via woolentor_template_store vulnerability

Improper Authorization via woolentortemplatestore vulnerability discovered by Lucio Sá in WordPress Plugin ShopLentor versions = 2.8.1...