WordPress Newsletters plugin <= 4.13 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by wesley wcraft in WordPress Plugin Newsletters versions = 4.13...

WordPress Doctreat Core plugin <= 1.6.8 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin Doctreat Core versions = 1.6.8...

WordPress aThemes Addons for Elementor plugin <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin aThemes Addons for Elementor versions = 1.1.8...

WordPress MW WP Form plugin <= 5.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Sérgio Charruadas itzvenom in WordPress Plugin MW WP Form versions = 5.1.3...

WordPress Easy Image Collage plugin <= 1.13.6 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by gnsehfvlr in WordPress Plugin Easy Image Collage versions = 1.13.6...

WordPress Slider Revolution plugin <= 7.0.10 - Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability

Authenticated Subscriber+ Sensitive Information Disclosure vulnerability discovered by Luc Huynh from Noventiq RedTeam - Noventiq Vietnam in WordPress Plugin Slider Revolution versions = 7.0.10...

WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin WP GDPR Cookie Consent versions = 1.0.0...

WordPress FV Flowplayer Video Player plugin <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin FV Flowplayer Video Player versions = 7.5.49.7212...

WordPress Booking Package plugin <= 1.7.16 - Authenticated (Editor+) Privilege Escalation vulnerability

Authenticated Editor+ Privilege Escalation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Booking Package versions = 1.7.16...

WordPress Ad Inserter – Ad Manager & AdSense Ads plugin <= 2.8.15 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by darkmode in WordPress Plugin Ad Inserter versions = 2.8.15...

WordPress Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by PeterPatter - - in WordPress Plugin Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More versions = 1.0.15...

WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin All In One WP Security & Firewall versions = 5.4.7...

WordPress Advanced Google reCAPTCHA plugin <= 5.38 - Authenticated (Subscriber+) Authentication Bypass vulnerability

Authenticated Subscriber+ Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Advanced Google reCAPTCHA versions = 5.38...

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability

Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability discovered by Mitchell in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.9.4...

WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion vulnerability

Unauthenticated Path Traversal to Local File Inclusion vulnerability discovered by Yat in WordPress Plugin WP User Manager versions = 2.9.17...

WordPress 6Storage Rentals plugin <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification vulnerability

Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification vulnerability discovered by g0wthr in WordPress Plugin 6Storage Rentals versions = 2.22.0...

WordPress Advanced Google reCAPTCHA plugin <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by h0xilo in WordPress Plugin Advanced Google reCAPTCHA versions = 5.38...

WordPress Events Calendar for GeoDirectory plugin <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Mitchell in WordPress Plugin Events Calendar for GeoDirectory versions = 2.3.28...

WordPress Recover Exit For WooCommerce plugin <= 1.0.3 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by hacnho - VCCorp in WordPress Plugin Recover Exit For WooCommerce versions = 1.0.3...

WordPress Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates plugin <= 2.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Animation Addons for Elementor versions = 2.6.7...

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation vulnerability

Missing Authorization to Authenticated Subscriber+ Subscription Pack Cancellation vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WP User Frontend versions = 4.3.2...

WordPress Blocksy theme <= 2.1.41 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Theme Blocksy versions = 2.1.41...

WordPress Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin Unlimited Elementor Inner Sections By BoomDevs versions = 1.3.3...

WordPress MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Faizan Shaik in WordPress Plugin MailerPress versions = 2.0.4...

WordPress kk blog card plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin kk blog card versions = 1.3...

WordPress jQuery Hover Footnotes plugin <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by nishida azuka in WordPress Plugin jQuery Hover Footnotes versions = 1.4...

WordPress jQuery Hover Footnotes plugin <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by nishida azuka in WordPress Plugin jQuery Hover Footnotes versions = 1.4...

WordPress TinyMCE shortcode Addon plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin TinyMCE shortcode Addon versions = 1.0.0...

WordPress Global Body Mass Index Calculator plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Global Body Mass Index Calculator versions = 1.2...

WordPress WP ApplicantStack Jobs Display plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin WP ApplicantStack Jobs Display versions = 1.1.1...

WordPress RomanCart Ecommerce plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin RomanCart Ecommerce versions = 2.0.8...

WordPress WP Meta Sort Posts plugin <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin WP Meta Sort Posts versions = 0.9...

WordPress WP Emoticon Rating plugin <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP Emoticon Rating versions = 1.0.1...

WordPress WpMobi plugin <= 0.0.3 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WpMobi versions = 0.0.3...

WordPress WP-Ultimate-Map plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP-Ultimate-Map versions = 1.1...

WordPress FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin <= 1.0.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin FastPicker, an order picker and order management system oms for WooCommerce on steroids versions = 1.0.2...

WordPress AJAX Report Comments plugin <= 2.0.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin AJAX Report Comments versions = 2.0.4...

WordPress Extra Settings for RocketChat plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Extra Settings for RocketChat versions = 0.1...

WordPress Helpfulcrowd Product Reviews plugin <= 1.2.9 - Inccorect Authorization vulnerability

Inccorect Authorization vulnerability discovered by Legion Hunter in WordPress Plugin Helpfulcrowd Product Reviews versions = 1.2.9...

WordPress Plugin Name: ePaperFlip Publisher plugin <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Plugin Name: ePaperFlip Publisher versions = 1...

WordPress Enable Media Replace plugin <= 4.1.8 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by tjoffe in WordPress Plugin Enable Media Replace versions = 4.1.8...

WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dutafi in WordPress Plugin Directorist Booking versions = 3.0.3...

WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by dodoh4t in WordPress Plugin Affiliates Manager versions = 2.9.50...

WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by dodoh4t in WordPress Plugin Conekta Payment Gateway versions = 6.0.0...

WordPress Advanced 301 and 302 Redirect plugin <= 1.6.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Advanced 301 and 302 Redirect versions = 1.6.9...

WordPress GetPaid plugin <= 2.8.49 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin GetPaid versions = 2.8.49...

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by manop55555 in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.9.5...

WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by dodoh4t in WordPress Plugin Listdom versions = 5.5.0...

WordPress Faust.js plugin <= 1.8.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by ParkHyunWoo in WordPress Plugin Faust.js versions = 1.8.7...

WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Mitchell in WordPress Plugin WPC Product Options for WooCommerce versions = 3.2.1...