WordPress Link Library plugin <= 7.8.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Krissaphat Jankaew in WordPress Plugin Link Library versions = 7.8.7...

WordPress Cooked plugin <= 1.11.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Cooked versions = 1.11.3...

WordPress Chakra test plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Chakra test versions = 1.0.1...

WordPress WooMulti plugin <= 1.7 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin WooMulti versions = 1.7...

WordPress Happy Addons for Elementor plugin <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom JS vulnerability discovered by zer0gh0st in WordPress Plugin Happy Addons for Elementor versions = 3.20.3...

WordPress Quran Gateway plugin <= 1.5 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Quran Gateway versions = 1.5...

WordPress OpenID Connect Generic Client plugin <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin OpenID Connect Generic Client versions = 3.10.0...

WordPress JAY Login & Register plugin <= 2.4.01 - Authentication Bypass via Cookie vulnerability

Authentication Bypass via Cookie vulnerability discovered by kr0d in WordPress Plugin JAY Login & Register versions = 2.4.01...

WordPress Restrict Elementor Widgets, Columns and Sections plugin <= 1.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Restrict Elementor Widgets, Columns and Sections versions = 1.12...

WordPress King Addons for Elementor plugin <= 51.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by zer0gh0st in WordPress Plugin King Addons for Elementor versions = 51.1.39...

WordPress Userback plugin <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) plugin's Configuration Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ plugin's Configuration Exposure vulnerability discovered by jsonc in WordPress Plugin Userback versions = 1.0.15...

WordPress Simple Theme Changer plugin <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability

Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Simple Theme Changer versions = 1.0...

WordPress NewStatPress plugin <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NewStatPress versions = 1.4.3...

WordPress Elated Membership plugin <= 1.2 - Authentication Bypass via Social Login vulnerability

Authentication Bypass via Social Login vulnerability discovered by Foxyyy in WordPress Plugin Elated Membership versions = 1.2...

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.7.1 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.7.1...

WordPress CSV to SortTable plugin <= 4.2 - Contributor+ LFI vulnerability

Contributor+ LFI vulnerability discovered by Ivan Cese in WordPress Plugin CSV to SortTable versions = 4.2...

WordPress Table Block by Tableberg plugin <= 0.6.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Table Block by Tableberg versions = 0.6.9...

WordPress WPKoi Templates for Elementor plugin <= 3.4.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WPKoi Templates for Elementor versions = 3.4.4...

WordPress Accessiy By CodeConfig Accessibility plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Page Creation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CodeConfig Accessibility versions = 1.0.0...

WordPress g-FFL Cockpit plugin <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion vulnerability

Improper Authorization to Unauthenticated Product Deletion vulnerability discovered by Ryan Kozak in WordPress Plugin g-FFL Cockpit versions = 1.7.1...