WordPress Membership Plugin – Restrict Content plugin <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcodes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Restrict Content versions = 3.2.15...

WordPress Calendar plugin <= 1.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'event_desc' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'eventdesc' vulnerability discovered by Hieus in WordPress Plugin Calendar versions = 1.3.16...

WordPress Premium Addons for Elementor plugin <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template' vulnerability

Cross-Site Request Forgery via 'insertinnertemplate' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Premium Addons for Elementor versions = 4.11.53...

WordPress WooCommerce plugin <= 10.4.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peter Stöckli in WordPress Plugin WooCommerce versions = 10.4.2...

WordPress Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin <= 19.12.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Poll, Survey & Quiz Maker Plugin by Opinion Stage versions = 19.12.0...

WordPress WP Telegram Widget and Join Link plugin <= 2.2.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Telegram Widget and Join Link versions = 2.2.12...

WordPress Tablesome plugin <= 1.1.35.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Tablesome versions = 1.1.35.1...

WordPress Tablesome plugin <= 1.1.35.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Tablesome versions = 1.1.35.1...

WordPress FV Simpler SEO plugin <= 1.9.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin FV Simpler SEO versions = 1.9.6...

WordPress User Feedback plugin <= 1.10.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin User Feedback versions = 1.10.0...

WordPress TS Poll plugin <= 2.5.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin TS Poll versions = 2.5.5...

WordPress BWL Knowledge Base Manager plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin BWL Knowledge Base Manager versions = 1.6.3...

WordPress BWL Pro Voting Manager plugin <= 1.4.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin BWL Pro Voting Manager versions = 1.4.9...

WordPress BWL Pro Voting Manager plugin <= 1.4.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin BWL Pro Voting Manager versions = 1.4.9...

WordPress YouTube Embed plugin <= 5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin YouTube Embed versions = 5.4...

WordPress Addonify plugin <= 2.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Addonify versions = 2.0.4...

WordPress Real 3D FlipBook plugin <= 4.11.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Real 3D FlipBook versions = 4.11.4...

WordPress Page Builder: Live Composer plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Page Builder: Live Composer versions = 2.1.6...

WordPress Jobs for WordPress plugin <= 2.8.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Jobs for WordPress versions = 2.8.1...

WordPress WH Tweaks plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin WH Tweaks versions = 1.0.2...

WordPress Virusdie plugin <= 1.1.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Virusdie versions = 1.1.6...

WordPress Virusdie plugin <= 1.1.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Virusdie versions = 1.1.6...

WordPress Eight Day Week Print Workflow plugin <= 1.2.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by PPzzAArr in WordPress Plugin Eight Day Week Print Workflow versions = 1.2.5...

WordPress Basticom Framework plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Basticom Framework versions = 1.5.2...

WordPress PostX plugin <= 5.0.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Doan Dinh Van in WordPress Plugin PostX versions = 5.0.3...

WordPress Review Disclaimer plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Review Disclaimer versions = 2.0.3...

WordPress Wappointment plugin <= 2.7.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Wappointment versions = 2.7.5...

WordPress Draft Notify plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Draft Notify versions = 1.5...

WordPress Greenhouse Job Board plugin <= 2.7.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Greenhouse Job Board versions = 2.7.3...

WordPress Captivate Sync plugin <= 3.2.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by w41bu1 in WordPress Plugin Captivate Sync versions = 3.2.2...

WordPress Google AdSense for Responsive Design – GARD plugin <= 2.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Google AdSense for Responsive Design GARD versions = 2.23...

WordPress Contact Form 7 Extension For Mailchimp plugin <= 0.9.68 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin contact-form-7-mailchimp-extension versions = 0.9.68...

WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Seriously Simple Podcasting versions = 3.14.1...

WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.3.23...

WordPress E-Invoice App Malaysia plugin <= 1.3.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Rapid0nion in WordPress Plugin E-Invoice App Malaysia versions = 1.3.0...

WordPress WP SEO Search plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by hhhai in WordPress Plugin WP SEO Search versions = 1.1...

WordPress 6Storage Rentals plugin <= 2.20.1 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin 6Storage Rentals versions = 2.20.1...

WordPress Cinerama theme <= 2.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Cinerama versions = 2.9...

WordPress Aora theme <= 1.3.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Aora versions = 1.3.15...

WordPress Gutenverse Form plugin <= 2.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Gutenverse Form versions = 2.3.1...

WordPress WP Time Slots Booking Form plugin <= 1.2.39 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin WP Time Slots Booking Form versions = 1.2.39...

WordPress Editorial Calendar plugin <= 3.8.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Editorial Calendar versions = 3.8.8...

WordPress Puca theme <= 2.6.39 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Puca versions = 2.6.39...

WordPress Greenmart theme <= 4.2.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Greenmart versions = 4.2.11...

WordPress Royal Elementor Addons and Templates plugin <= 1.7.1036 - Missing Authorization to Unauthenticated Media File Upload vulnerability

Missing Authorization to Unauthenticated Media File Upload vulnerability discovered by Envel Le Clainche in WordPress Plugin Royal Elementor Addons versions = 1.7.1036...

WordPress Ultimate Member plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Ultimate Member versions = 2.11.0...

WordPress FiboSearch – Ajax Search for WooCommerce plugin <= 1.32.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via thegem_te_search Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via thegemtesearch Shortcode vulnerability discovered by zaim in WordPress Plugin FiboSearch versions = 1.32.0...

WordPress Quran Gateway plugin <= 1.5 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Quran Gateway versions = 1.5...

WordPress Pretty Google Calendar plugin <= 2.0.0 - Missing Authorization to Unauthenticated Google API Key Exposure vulnerability

Missing Authorization to Unauthenticated Google API Key Exposure vulnerability discovered by Ahmad Salem a7mad.cc in WordPress Plugin Pretty Google Calendar versions = 2.0.0...

WordPress Responsive and Swipe slider plugin <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Bhumividh Treloges in WordPress Plugin RESPONSIVE AND SWIPE SLIDER! versions = 1.0.2...