WordPress Aruba HiSpeed Cache plugin <= 3.0.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin Aruba HiSpeed Cache versions = 3.0.2...

WordPress WP Maps plugin <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion vulnerability

Authenticated Subscriber+ Limited Local File Inclusion vulnerability discovered by mikemyers in WordPress Plugin WP Maps versions = 4.8.6...

WordPress WP Compress plugin <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions vulnerability

Authenticated Subscriber+ Missing Authorization via Multiple Functions vulnerability discovered by mikemyers in WordPress Plugin WP Compress versions = 6.30.15...

WordPress WP Compress plugin <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function vulnerability

Unauthenticated Server-Side Request Forgery via init Function vulnerability discovered by mikemyers in WordPress Plugin WP Compress versions = 6.30.15...

WordPress Directorist plugin <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Publishing vulnerability discovered by mikemyers in WordPress Plugin Directorist versions = 8.2...

WordPress Uncode Core plugin <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution in uncodegetmedias vulnerability discovered by mikemyers in WordPress Plugin Uncode Core versions = 2.9.1.6...

WordPress Uncode theme <= 2.9.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via mle-description vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via mle-description vulnerability discovered by mikemyers in WordPress Theme Uncode versions = 2.9.1.6...

WordPress Avada theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Theme Avada versions = 7.11.13...

WordPress Post and Page Builder by BoldGrid plugin <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function vulnerability

Path Traversal to Authenticated Contributor+ Arbitrary File Read via templateviaurl Function vulnerability discovered by mikemyers in WordPress Plugin Post and Page Builder by BoldGrid versions = 1.27.6...

WordPress WooCommerce Product Table Lite plugin <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability

Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin WooCommerce Product Table Lite versions = 3.9.4...

WordPress Ultimate Member plugin <= 2.9.1 - Information Exposure vulnerability

Information Exposure vulnerability discovered by mikemyers in WordPress Plugin Ultimate Member versions = 2.9.1...

WordPress Popular Posts plugin <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Popular Posts versions = 7.1.0...

WordPress Ninja Forms plugin <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Ninja Forms versions = 3.8.22...

WordPress WP Data Access plugin <= 5.5.22 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin WP Data Access versions = 5.5.22...

WordPress kk Star Ratings plugin <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin kk Star Ratings versions = 5.4.10...

WordPress FluentForm plugin <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject vulnerability

Unauthenticated Stored Cross-Site Scripting via Form Subject vulnerability discovered by mikemyers in WordPress Plugin FluentForm versions = 5.2.6...

WordPress WoodMart plugin <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Theme WoodMart versions = 8.0.3...

WordPress Social Sharing Plugin – Sassy Social Share plugin <= 3.3.69 - Reflected Cross-Site Scripting via heateor_mastodon_share Parameter vulnerability

Reflected Cross-Site Scripting via heateormastodonshare Parameter vulnerability discovered by mikemyers in WordPress Plugin Sassy Social Share versions = 3.3.69...

WordPress WOOCS – WooCommerce Currency Switcher plugin <= 1.4.2.2 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin FOX versions = 1.4.2.2...

WordPress Spam protection, Anti-Spam, FireWall by CleanTalk plugin <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing vulnerability

Authorization Bypass via Reverse DNS Spoofing vulnerability discovered by mikemyers in WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk versions = 6.43.2...