WordPress Stock Ticker plugin <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Template vulnerability discovered by WordFence in WordPress Plugin Stock Ticker versions = 3.26.1...

WordPress Greenshift - animation and page builder blocks plugin <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Greenshift - animation and page builder blocks plugin = 12.8.5 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Greenshift versions = 12.8.5...

WordPress Advanced AJAX Product Filters plugin <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility vulnerability

Authenticated Author+ PHP Object Injection via Live Composer Compatibility vulnerability discovered by WordFence in WordPress Plugin Advanced AJAX Product Filters versions = 3.1.9.6...

WordPress Advance Block Extend plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability discovered by WordFence in WordPress Plugin Advance Block Extend versions = 1.0.4...

WordPress Paytium: Mollie payment forms & donations plugin <= 4.3.7 - Missing Authorization in 'check_for_verified_profiles' vulnerability

Missing Authorization in 'checkforverifiedprofiles' vulnerability discovered by WordFence in WordPress Plugin Paytium versions = 4.3.7...

WordPress Beaver Builder plugin <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Beaver Builder versions = 2.7.4.2...

WordPress Interactions plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Interactions versions = 1.3.1...

WordPress MelaPress Login Security plugin 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin MelaPress Login Security versions 2.1.0...

WordPress GiveWP - Donation plugin and Fundraising Platform plugin <= 4.6.0 - Unauthenticated Donor Data Exposure vulnerability

WordPress GiveWP - Donation plugin and Fundraising Platform plugin = 4.6.0 - Unauthenticated Donor Data Exposure vulnerability discovered by WordFence in WordPress Plugin GiveWP versions = 4.6.0...

WordPress Houzez plugin <= 4.1.6 - Authenticated (Subscriber+) PHP Object Injection via Saved Search vulnerability

Authenticated Subscriber+ PHP Object Injection via Saved Search vulnerability discovered by Alex Thomas - Wordfence in WordPress Theme Houzez versions = 4.1.6...

WordPress Solace Extra plugin <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by WordFence in WordPress Plugin Solace Extra versions = 1.3.0...

WordPress Legoeso PDF Manager plugin <= 1.2.2 - Authenticated (Author+) SQL Injection via checkedVals Parameter vulnerability

Authenticated Author+ SQL Injection via checkedVals Parameter vulnerability discovered by WordFence in WordPress Plugin Legoeso PDF Manager versions = 1.2.2...

WordPress Borderless plugin <= 1.6.0 - Authenticated (Administrator+) Remote Code Execution vulnerability

Authenticated Administrator+ Remote Code Execution vulnerability discovered by WordFence in WordPress Plugin Borderless versions = 1.6.0...

WordPress LA-Studio Element Kit for Elementor plugin <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by WordFence in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.4.2...

WordPress Revolut Gateway for WooCommerce plugin <= 4.17.3 - Missing Authorization to Unauthenticated Order Status Update vulnerability

Missing Authorization to Unauthenticated Order Status Update vulnerability discovered by WordFence in WordPress Plugin Revolut Gateway for WooCommerce versions = 4.17.3...

WordPress Seo Optimized Images plugin 2.1.2 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin Seo Optimized Images versions 2.1.2...

WordPress Simply Show Hooks plugin 1.2.2 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin Simply Show Hooks versions 1.2.2...

WordPress BLAZE Retail Widget plugin 2.2.5 to 2.5.2 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin BLAZE Retail Widget versions 2.2.5-2.5.2...