WordPress WP Popups – WordPress Popup builder plugin <= 2.2.0.1 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin WP Popups versions = 2.2.0.1...

WordPress Appmaker plugin <= 1.36.12 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps versions = 1.36.12...

WordPress Cliengo - Chatbot plugin <= 3.0.2 - Missing Authorization to Unauthenticated Chatbot Settings Update vulnerability

WordPress Cliengo - Chatbot plugin = 3.0.2 - Missing Authorization to Unauthenticated Chatbot Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin Cliengo – Chatbot versions = 3.0.2...

WordPress TOCHAT.BE plugin <= 1.3.0 - Unauthenticated Stored Cross Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin TOCHAT.BE versions = 1.3.0...

WordPress HelloAsso plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin HelloAsso versions = 1.1.9...

WordPress Slider Revolution plugin <= 6.7.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by wcraft Patchstack Alliance in WordPress Plugin Slider Revolution versions = 6.7.13...

WordPress Elementor Pro plugin <= 3.21.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin Elementor Pro versions = 3.21.2...

WordPress Wrapper Link Elementor plugin 1.0.2, 1.0.3 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin Wrapper Link Elementor versions 1.0.2,1.0.3...

WordPress Sparkle Demo Importer plugin <= 1.4.7 - Authenticated Post/Pages/Attachements Deletion and Demo Data Import vulnerability

Authenticated Post/Pages/Attachements Deletion and Demo Data Import vulnerability discovered by Lucio Sá in WordPress Plugin Sparkle Demo Importer versions = 1.4.7...

WordPress Zoho Marketing Automation plugin <= 1.2.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Zoho Marketing Automation versions = 1.2.7...

Wordpress Amelia plugin <= 1.1.5 (Free) <= 7.5.1 (Pro) - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Vinay Kumar in WordPress Plugin Amelia versions = 1.1.5...

WordPress Smush plugin <= 3.16.4 - Authenticated Resmush List Deletion vulnerability

Authenticated Resmush List Deletion vulnerability discovered by Truoc Phan in WordPress Plugin Smush Image Compression and Optimization versions = 3.16.4...

WordPress Hide Dashboard Notifications plugin <= 1.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Contributor+ Plugin Settings Modification vulnerability discovered by Francesco Carlucci in WordPress Plugin Hide Dashboard Notifications versions = 1.3...

WordPress Event Monster Plugin <= 1.4.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Event Management Tickets Booking versions = 1.4.3...

WordPress Newsletter - API addon for Newsletter plugin <= 2.4.5 - Missing Authorization to Email Subscribers Management vulnerability

WordPress Newsletter - API addon for Newsletter plugin = 2.4.5 - Missing Authorization to Email Subscribers Management vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Newsletter - API addon Premium versions = 2.4.5...

Wordpress Bookly plugin <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Color Profile Parameter vulnerability discovered by 0xBishop in WordPress Plugin Bookly versions = 23.2...

WordPress plugin MetForm security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Custom Field Template plugin <= 2.6.1 - Authenticated Information Exposure vulnerability

Authenticated Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Custom Field Template versions = 2.6.1...

WordPress Visualizer plugin <= 3.11.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Visualizer versions = 3.11.1...

WordPress 12 Step Meeting List plugin <= 3.14.33 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by alien8 Patchstack Alliance in WordPress Plugin 12 Step Meeting List versions = 3.14.33...