WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 2.0.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.8...

TileServer API - Cross Site Scripting

tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting XSS vulnerability via the component /data/v3/?key. id: CVE-2024-35627 info: name: TileServer API - Cross Site Scripting author: DhiyaneshDK severity: medium description: | tileserver-gl up to v4.4.10 was discovered to...

WordPress GEO my WP plugin <= 4.5.5 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin GEO my WordPress versions = 4.5.5...

WordPress Simple History – Track, Log, and Audit WordPress Changes plugin <= 5.26.0 - Authenticated (Subscriber+) Account Takeover vulnerability

Authenticated Subscriber+ Account Takeover vulnerability discovered by lhking in WordPress Plugin Simple History versions = 5.26.0...

WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin MW WP Form versions = 5.1.3...

WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin AIWU versions = 1.4.17...

WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Statistics versions = 14.16.6...

WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Affiliate Super Assistent versions = 1.10.1...

WordPress QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly plugin <= 3.2.7 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by dodoh4t in WordPress Plugin QuickWebP Compress / Optimize Images & Convert WebP | SEO Friendly versions = 3.2.7...

WordPress TableOn plugin <= 1.0.5.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin TableOn versions = 1.0.5.1...

WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by 0xzenko in WordPress Plugin CloudSecure WP Security versions = 1.4.7...

WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by mcdruid in WordPress Plugin Post SMTP versions = 3.6.2...

WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbitrary Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Modification vulnerability discovered by winrace in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.8...

WordPress PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin <= 1.120.46 - Cross-Site Request Forgery to Stripe Unlink vulnerability

Cross-Site Request Forgery to Stripe Unlink vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin PeachPay Payments versions = 1.120.46...

WordPress The Post Grid plugin <= 7.9.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin The Post Grid versions = 7.9.2...

WordPress ITactics theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme ITactics versions = 1.0...

WordPress Spike theme <= 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Spike versions = 1.2...

WordPress Gunslinger theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gunslinger versions = 1.7...

WordPress Gita theme <= 1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gita versions = 1.11...

WordPress Printo theme <= 1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Printo versions = 1.11...