WordPress Brizy - Page Builder plugin <= 2.4.41 - Authenticated(Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Brizy - Page Builder plugin = 2.4.41 - AuthenticatedContributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Brizy versions = 2.4.41...

WordPress Colibri Page Builder plugin <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'colibribreadcrumbelement' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Colibri Page Builder versions = 1.0.272...

WordPress Premium Addons for Elementor plugin <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'arrowstyle' vulnerability discovered by stealthcopter in WordPress Plugin Premium Addons for Elementor versions = 4.10.28...

WordPress Essential Addons for Elementor plugin <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' vulnerability discovered by stealthcopter in WordPress Plugin Essential Addons for Elementor versions = 5.9.19...

WordPress Flamix: Bitrix24 and Contact Form 7 integrations plugin <= 3.1.0 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Flamix: Bitrix24 and Contact Form 7 integrations versions = 3.1.0...

WordPress Royal Elementor Addons and Templates plugin <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Royal Elementor Addons versions = 1.7.1012...

WordPress Kallyas theme <= 4.24.0 - Authenticated (Contributor+) Remote Code Execution vulnerability

Authenticated Contributor+ Remote Code Execution vulnerability discovered by stealthcopter in WordPress Theme KALLYAS versions = 4.24.0...

WordPress JetEngine plugin <= 3.7.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin JetEngine versions = 3.7.3...

WordPress Rehub theme <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost vulnerability

Unauthenticated Arbitrary Shortcode Execution via refilterpost vulnerability discovered by stealthcopter in WordPress Theme Rehub versions = 19.9.7...

WordPress JetReviews plugin <= 3.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin JetReviews versions = 3.0.0...

WordPress JetElements For Elementor plugin <= 2.7.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin JetElements For Elementor versions = 2.7.8...

WordPress Kallyas theme <= 4.21.0 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by stealthcopter in WordPress Theme KALLYAS versions = 4.21.0...

WordPress JetSearch plugin <= 3.5.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin JetSearch versions = 3.5.10...

WordPress JetSearch plugin <= 3.5.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by stealthcopter in WordPress Plugin JetSearch versions = 3.5.10...

WordPress JetBlog plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin JetBlog versions = 2.4.4...

WordPress WoodMart plugin <= 8.2.3 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by stealthcopter in WordPress Theme WoodMart versions = 8.2.3...

WordPress Captivate Sync Plugin <= 3.0.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by stealthcopter in WordPress Plugin Captivate Sync versions = 3.0.3...

WordPress Eximius theme <= 2.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Eximius versions = 2.2...

WordPress Celestial Aura plugin <= 2.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Celestial Aura versions = 2.2...

WordPress Glossy Blog theme <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Glossy Blog versions = 1.0.3...