WordPress OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin <= 1.2.0 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Yousef Alraddadi - none in WordPress Plugin OptinCraft – Drag & Drop Optins & Popup Builder for WordPress versions = 1.2.0...

WordPress Click to Chat – HoliThemes plugin <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Valatty in WordPress Plugin Click to Chat versions = 4.39...

WordPress LearnPress – Backup & Migration Tool plugin <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection vulnerability

Authenticated Administrator+ PHP Object Injection vulnerability discovered by Wannes Verwimp in WordPress Plugin LearnPress Export Import versions = 4.1.4...

WordPress Page-list plugin <= 6.2 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by darkmode in WordPress Plugin Page-list versions = 6.2...

WordPress Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin <= 3.1.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Master Addons for Elementor versions = 3.1.0...

WordPress LatePoint – Calendar Booking Plugin for Appointments and Events plugin <= 5.6.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Kirasec in WordPress Plugin LatePoint versions = 5.6.0...

WordPress Simple SEO Slideshow plugin <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Simple SEO Slideshow versions = 1.2.8...

WordPress RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Feedzy versions = 5.1.7...

WordPress Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin <= 11.1.2 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Quiz And Survey Master versions = 11.1.2...

WordPress WPvivid — Backup, Migration & Staging plugin <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion vulnerability

Authenticated Admin+ Arbitrary Directory Deletion vulnerability discovered by blue0x1 in WordPress Plugin WPvivid Backup and Migration versions = 0.9.128...

WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability

Path Traversal vulnerability discovered by kai63001 in WordPress Plugin Shared Files versions = 1.7.64...

WordPress Frontend User Notes plugin <= 2.1.1 - Cross-Site Request Forgery to Note Content Modification vulnerability

Cross-Site Request Forgery to Note Content Modification vulnerability discovered by Mohamed Wajih Hichri Assaults - TEK-UP in WordPress Plugin Frontend User Notes versions = 2.1.1...

WordPress Express Payment For Stripe plugin <= 1.28.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Stripe Express versions = 1.28.0...

WordPress Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin <= 1.8.11.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Attachment Deletion vulnerability discovered by Khanh Nguyen - BlueRock in WordPress Plugin Charitable versions = 1.8.11.1...

WordPress Alba Board plugin <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Disclosure vulnerability discovered by Teerachai Somprasong in WordPress Plugin Alba Board versions = 2.1.3...

WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin JetSearch versions = 3.5.17...

WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by endy in WordPress Plugin WP User Manager versions = 2.9.16...

WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by dodoh4t in WordPress Plugin WP Travel Engine versions = 6.7.10...

WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by dodoh4t in WordPress Plugin Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons versions = 1.4.8...

WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin User Registration Stripe versions = 1.3.12...