WordPress Team Members Plugin plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by siavashvafshar in WordPress Plugin Team Members Plugin versions = 3.4.1...

WordPress Page View Count plugin 2.8.0-2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by kr0d in WordPress Plugin Page View Count versions 2.8.0-2.8.4...

WordPress AI Autotagger plugin < 3.30.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin TaxoPress versions 3.30.0...

WordPress Aeropage Sync for Airtable plugin <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Cheng Liu in WordPress Plugin Aeropage Sync for Airtable versions = 3.2.0...

WordPress Integração entre Eduzz e Woocommerce plugin 1.5.0-1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Integração entre Eduzz e Woocommerce versions 1.5.0-1.7.5...

WordPress Service Finder Bookings plugin <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input' vulnerability

Unauthenticated Privilege Escalation via 'nslregistrationstoreextrainput' vulnerability discovered by Alyudin Nafiie in WordPress Plugin Service Finder Booking versions = 5.1...

WordPress Fable Extra plugin <= 1.0.6 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by stealthcopter in WordPress Plugin Fable Extra versions = 1.0.6...

WordPress Mayosis Core plugin <= 5.4.1 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Tonn in WordPress Plugin Mayosis Core versions = 5.4.1...

WordPress BM Content Builder plugin <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin BM Content Builder versions = 3.16.2.1...

WordPress Prevent Direct Access plugin 2.8.6-2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions vulnerability

Incorrect Authorization to Authenticated Contributor+ Multiple Media Actions vulnerability discovered by 0xbro in WordPress Plugin Prevent Direct Access versions 2.8.6-2.8.8.2...

WordPress eForm plugin <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by shaman0x01 in WordPress Plugin eForm - WordPress Form Builder versions = 4.18.0...

WordPress COVID-19 (Coronavirus) Update Your Customers plugin <= 1.5.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin COVID-19 Coronavirus Update Your Customers versions = 1.5.1...

WordPress Able Player plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin Able Player versions = 1.2.1...

WordPress WP Custom Post Popup plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin WP Custom Post Popup versions = 1.0.1...

WordPress WoWHead Tooltips plugin <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin WoWHead Tooltips versions = 2.0.1...

WordPress Image Style Hover plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin Image Style Hover versions = 1.0.6...

WordPress Lottie Player plugin <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin Lottie Player block - Implement Lottie animations. versions = 1.1.8...

WordPress UiCore Elements plugin <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin UiCore Elements versions = 1.0.16...

WordPress Control Listings plugin <= 1.0.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Aiden Thái An in WordPress Plugin Control Listings versions = 1.0.4.1...

WordPress GutenKit plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf in WordPress Plugin GutenKit versions = 2.2.2...