WordPress School Management plugin <= 91.5.0 - Authenticated (Student+) Arbitrary File Upload vulnerability

Authenticated Student+ Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin School Management versions = 91.5.0...

WordPress Elementor Pro plugin <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Tonn in WordPress Plugin Elementor Pro versions = 3.29.0...

WordPress Elementor plugin <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Tonn in WordPress Plugin Elementor Website Builder versions = 3.29.0...

WordPress WP JobHunt plugin <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover vulnerability

Unauthenticated Privilege Escalation via Email Update/Account Takeover vulnerability discovered by Tonn in WordPress Plugin WP JobHunt versions = 7.1...

WordPress AdForest theme <= 6.0.9 - Authentication Bypass to Admin vulnerability

Authentication Bypass to Admin vulnerability discovered by Tonn in WordPress Theme AdForest versions = 6.0.9...

WordPress Nokri - Job Board WordPress Theme plugin <= 1.6.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover vulnerability

WordPress Nokri - Job Board WordPress Theme plugin = 1.6.3 - Authenticated Subscriber+ Privilege Escalation via Account Takeover vulnerability discovered by Tonn in WordPress Theme Nokri versions = 1.6.3...

WordPress Vikinger theme <= 1.9.30 - Authenticated (Subscriber+) Privilege Escalation via 'vikinger_user_meta_update_ajax' vulnerability

Authenticated Subscriber+ Privilege Escalation via 'vikingerusermetaupdateajax' vulnerability discovered by Tonn in WordPress Theme Vikinger versions = 1.9.30...

WordPress Realteo plugin <= 1.2.8 - Authentication Bypass via 'do_register_user' vulnerability

Authentication Bypass via 'doregisteruser' vulnerability discovered by Tonn in WordPress Plugin Realteo versions = 1.2.8...

WordPress WP JobHunt plugin <= 7.1 - Authentication Bypass to Candidate vulnerability

Authentication Bypass to Candidate vulnerability discovered by Tonn in WordPress Plugin WP JobHunt versions = 7.1...

WordPress Workreap plugin <= 3.2.5 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Tonn in WordPress Plugin Workreap theme's plugin versions = 3.2.5...

WordPress Javo Core plugin <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup vulnerability

Unauthenticated Privilege Escalation in ajaxsignup vulnerability discovered by Tonn in WordPress Plugin Javo Core versions = 3.0.0.080...

WordPress Ultimate Video Player plugin <= 10.0 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by Tonn in WordPress Plugin Ultimate Video Player versions = 10.0...

WordPress DesignThemes Core Features plugin <= 4.7 - Missing Authorization to Unauthenticated Arbitrary File Read via dt_process_imported_file vulnerability

Missing Authorization to Unauthenticated Arbitrary File Read via dtprocessimportedfile vulnerability discovered by Tonn in WordPress Plugin DesignThemes Core Features versions = 4.7...

WordPress WooCommerce Ultimate Gift Card plugin < 2.9.3 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin WooCommerce Ultimate Gift Card versions 2.9.3...

WordPress Car Dealer theme <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Deletion and Read vulnerability

Authenticated Subscriber+ Arbitrary File Deletion and Read vulnerability discovered by Tonn in WordPress Theme Car Dealer versions = 1.6.3...

WordPress Apus Framework plugin <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options vulnerability

Authenticated Subscriber+ Arbitrary Options Update in importpageoptions vulnerability discovered by Tonn in WordPress Plugin Apus Framework versions = 2.3...

WordPress ThemeREX Addons plugin <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data vulnerability

Unauthenticated Arbitrary File Upload in trxaddonsuploadssavedata vulnerability discovered by Tonn in WordPress Plugin ThemeREX Addons versions = 2.32.3...

WordPress Croma Music plugin <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax vulnerability

Authenticated Subscriber+ Arbitrary Options Update in ironMusicajax vulnerability discovered by Tonn in WordPress Plugin Croma Music versions = 3.6...

WordPress WooCommerce Point of Sale plugin <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability

Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability discovered by Tonn in WordPress Plugin WooCommerce Point of Sale versions = 6.1.0...

WordPress SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin WP SuperBackup versions = 2.3.3...