WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'email' vulnerability discovered by shaman0x01 - Shaman Red Team in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.112...

WordPress Fluent Forms plugin <= 5.2.12 - IP-Spoofing vulnerability

IP-Spoofing vulnerability discovered by shaman0x01 in WordPress Plugin FluentForm versions = 5.2.12...

WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by shaman0x01 in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...

WordPress School Management System – WPSchoolPress plugin <= 2.2.14 - Authenticated (Student/Parent+) SQL Injection vulnerability

Authenticated Student/Parent+ SQL Injection vulnerability discovered by shaman0x01 in WordPress Plugin WPSchoolPress versions = 2.2.14...

WordPress eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.43 - Cross-Site Request Forgery to Password Reset vulnerability

Cross-Site Request Forgery to Password Reset vulnerability discovered by shaman0x01 in WordPress Plugin eCommerce Product Catalog versions = 3.3.43...

WordPress Sign In With Google plugin <= 1.8.0 - Authentication Bypass in authenticate_user vulnerability

Authentication Bypass in authenticateuser vulnerability discovered by shaman0x01 in WordPress Plugin Sign In With Google versions = 1.8.0...

WordPress KiviCare – Clinic & Patient Management System (EHR) plugin <= 3.6.4 - Authenticated (Doctor/Receptionist+) SQL Injection vulnerability

Authenticated Doctor/Receptionist+ SQL Injection vulnerability discovered by shaman0x01 in WordPress Plugin KiviCare versions = 3.6.4...

WordPress RegistrationMagic Plugin <= 6.0.2.6 is vulnerable to Privilege Escalation

Software RegistrationMagic Type Plugin Vulnerable versions = 6.0.2.6 Fixed in 6.0.2.7 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2024-10508 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fa83ac6f8527 Credits shaman0x01 Required privilege...

WordPress AppPresser Plugin <= 4.4.6 is vulnerable to Privilege Escalation

Software AppPresser Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11024 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 25ae1391ba68 Credits shaman0x01...

WordPress Contest Gallery plugin <= 24.0.3 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by shaman0x01 in WordPress Plugin Contest Gallery versions = 24.0.3...

WordPress HUSKY plugin <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe vulnerability

Insecure Direct Object Reference to Unsubscribe vulnerability discovered by shaman0x01 in WordPress Plugin HUSKY versions = 1.3.6.1...

WordPress BookingPress plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update and Arbitrary File Upload vulnerability discovered by shaman0x01 in WordPress Plugin BookingPress versions = 1.1.5...

WordPress LearnPress plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration Bypass vulnerability

Missing Authorization to Unauthenticated User Registration Bypass vulnerability discovered by shaman0x01 in WordPress Plugin LearnPress versions = 4.2.6.8.1...

WordPress LearnPress plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration vulnerability

Unauthenticated Bypass to User Registration vulnerability discovered by shaman0x01 in WordPress Plugin LearnPress versions = 4.2.6.8.1...