WordPress CookieHint WP plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CookieHint WP versions = 1.0.0...

WordPress Subscribe to Unlock Lite plugin <= 1.3.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Subscribe to Unlock Lite versions = 1.3.0...

WordPress OpenID Connect Generic Client plugin <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin OpenID Connect Generic Client versions = 3.10.0...

WordPress Flow-Flow Social Feed Stream plugin 3.0.0-4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by kr0d in WordPress Plugin Flow-Flow Social Stream versions 3.0.0-4.7.5...

WordPress Like DisLike Voting plugin <= 1.0.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Like DisLike Voting versions = 1.0.1...

WordPress Donation plugin <= 1.0 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Yousof Nahya in WordPress Plugin Donation versions = 1.0...

WordPress Simple Theme Changer plugin <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability

Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Simple Theme Changer versions = 1.0...

WordPress CSV to SortTable plugin <= 4.2 - Contributor+ LFI vulnerability

Contributor+ LFI vulnerability discovered by Ivan Cese in WordPress Plugin CSV to SortTable versions = 4.2...

WordPress JNews Gallery plugin < 12.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin JNews Gallery versions 12.0.1...

WordPress Listify theme <= 3.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Listify versions = 3.2.5...

WordPress Link Whisper Free plugin <= 0.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Link Whisper Free versions = 0.9.1...

WordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Masterstudy Elementor Widgets versions = 1.2.4...

WordPress Masterstudy theme < 4.8.122 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Masterstudy versions 4.8.122...

WordPress XStore theme < 9.6 - Content Injection vulnerability

Content Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions 9.6...

WordPress TheGem Theme <= 5.10.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme TheGem versions = 5.10.5...

WordPress TheGem (Elementor) Theme <= 5.10.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme TheGem Elementor versions = 5.10.5...

WordPress DentiCare Theme < 1.4.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme DentiCare versions 1.4.3...

WordPress WP Subtitle Plugin <= 3.4.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin WP Subtitle versions = 3.4.1...

WordPress WPLMS theme <= 4.970 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme WPLMS versions = 4.970...

WordPress WP Tactical Popup plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin WP Tactical Popup versions = 1.1...