CVE-2023-2751 Upload Resume <= 1.2.0 - Captcha Bypass

The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resumeuploadform shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site...

CVE-2023-0889 TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update

Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, suc...

CVE-2023-0159 Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may ...

CVE-2022-2377 Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog...

Adblock Blocker 0.0.1 - Arbitrary File Upload

The addblockblocker WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

Complete Gallery Manager 3.3.3 - Arbitrary File Upload

The complete-gallery-manager WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

wpStoreCart 2.5.27-2.5.29 - Arbitrary File Upload

The wpstorecart WordPress plugin was affected by an Arbitrary File Upload security vulnerability...