WordPress Email Encoder plugin < 2.4.7 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Email Encoder Bundle versions 2.4.7...

WordPress EventPress theme < 22.2 – Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by ? in WordPress Theme EventPress versions 22.2...

WordPress WP Maps plugin < 4.9.3 - Subscriber+ Local File Inclusion vulnerability

Subscriber+ Local File Inclusion vulnerability discovered by Mustafa Ahmed in WordPress Plugin WP Maps versions 4.9.3...

WordPress Ajax Load More plugin < 7.8.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Ajax Load More versions 7.8.4...

WordPress Decent Comments plugin < 3.0.2 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Vaibhav Narkhede in WordPress Plugin Decent Comments versions 3.0.2...

WordPress Presto Player plugin <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Presto Player versions = 4.2.0...

WordPress Restaurant Cafeteria theme <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability

Subscriber+ Arbitrary Plugin Installation/Activation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Restaurant Cafeteria versions = 0.4.6...

CVE-2023-32959

Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...

WordPress Powerpack for LearnDash plugin < 1.3.0 - Unauthenticated Arbitrary Option Update vulnerability

Unauthenticated Arbitrary Option Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin PowerPack for LearnDash versions 1.3.0...

WordPress Magic Export & Import plugin < 1.2.0 - Unauthenticated PII Disclosure vulnerability

Unauthenticated PII Disclosure vulnerability discovered by Hoang Phuong in WordPress Plugin Magic Export & Import versions 1.2.0...

WordPress Login with Salesforce plugin <= 1.0.2 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Login with Salesforce versions = 1.0.2...

WordPress WP eCommerce plugin <= 3.15.1 - Coupon Deletion via CSRF vulnerability

Coupon Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eCommerce versions = 3.15.1...

WordPress Feeds for YouTube plugin < 2.6.4 - Subscriber+ License Data Deletion vulnerability

Subscriber+ License Data Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Feeds for YouTube versions 2.6.4...

WordPress Lazy Blocks plugin < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML vulnerability

Admin+ Stored XSS via Custom Block Frontend HTML vulnerability discovered by Luca Jungnickel in WordPress Plugin Lazy Blocks versions 4.3.0...

CVE-2023-32959 WordPress MetroStore theme <= 1.3.2 - Broken Access Control

Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...

CVE-2023-32959

CVE-2023-32959 is a WordPress Broken Access Control issue affecting multiple themes (e.g., MetroStore, SparkleStore, Kathmag, Online eStore, Appzend, SpiderMag, BuzzStore, Fitness Park, Sparklestore, etc.) with vulnerable versions generally prior to or equal to 1.x.y depending on the theme. The r...

CVE-2023-32959 WordPress MetroStore theme <= 1.3.2 - Broken Access Control

Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...

EUVD-2023-60590

Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...

CVE-2023-25969 WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4...

CVE-2023-25969 WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4...