WordPress Proxy & VPN Blocker plugin <= 3.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Proxy & VPN Blocker versions = 3.5.3...

WordPress The Events Calendar plugin <= 6.15.12.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin The Events Calendar versions = 6.15.12.2...

WordPress All in One Accessibility plugin <= 1.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin All in One Accessibility versions = 1.15...

WordPress Core Web Vitals & PageSpeed Booster plugin <= 1.0.28 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Core Web Vitals & PageSpeed Booster versions = 1.0.28...

WordPress Youzify plugin <= 1.3.6 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by NumeX in WordPress Plugin Youzify versions = 1.3.6...

WordPress Chakra test plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Chakra test versions = 1.0.1...

WordPress Simple Theme Changer plugin <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability

Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Simple Theme Changer versions = 1.0...

WordPress WP Job Portal plugin <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Long Nguyen in WordPress Plugin WP Job Portal versions = 2.4.0...

WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.4.6...

WordPress Table Block by Tableberg plugin <= 0.6.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Table Block by Tableberg versions = 0.6.9...

WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Appointment Booking Calendar versions = 1.3.95...

WordPress Ace User Management plugin <= 2.0.3 - Subscriber+ Authentication Bypass via Password Rest vulnerability

Subscriber+ Authentication Bypass via Password Rest vulnerability discovered by aschoiloa1890 in WordPress Plugin Ace User Management versions = 2.0.3...

WordPress The Events Calendar plugin <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Draft Event Title/QR Code Exposure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin The Events Calendar versions = 6.15.9...

Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read

Missing Authorization to Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Anti-Malware Security and Brute-Force Firewall versions = 4.23.81...

WordPress Check Plagiarism plugin <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Check Plagiarism versions = 2.0...

WordPress LLM Hubspot Blog Import plugin <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Hubspot Import vulnerability

Missing Authorization to Authenticated Subscriber+ Hubspot Import vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin LLM Hubspot Blog Import versions = 1.0.1...

WordPress Originality.ai AI Checker plugin <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'ai_get_table' vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Disclosure via 'aigettable' vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Originality.ai AI Checker versions = 1.0.12...

WordPress Originality.ai AI Checker plugin <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Scan Log Deletion via ' ai_scan_result_remove' vulnerability

Missing Authorization to Authenticated Subscriber+ Scan Log Deletion via ' aiscanresultremove' vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Originality.ai AI Checker versions = 1.0.12...

WordPress Page Manager for Elementor Plugin <= 2.0.5 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by SashaRyba in WordPress Plugin Page Manager for Elementor versions = 2.0.5...

WordPress CopySafe Web Protection plugin <= 5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin CopySafe Web Protection versions = 5.1...