WordPress WP Cookie Consent plugin <= 4.0.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by shark3y in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.0.7...

WordPress WP Recipe Maker plugin <= 10.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Abhinav Jaswal wrathexe - Self employed in WordPress Plugin WP Recipe Maker versions = 10.2.3...

WordPress Essential Addons for Elementor plugin <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 6.5.3...

WordPress Essential Blocks plugin <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure vulnerability

Missing Authorization To Authenticated Author+ Information Disclosure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Essential Blocks for Gutenberg versions = 5.7.2...

WordPress WP to LinkedIn Auto Publish plugin <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage vulnerability

Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP to LinkedIn Auto Publish versions = 1.9.8...

WordPress Social Media Auto Publish plugin <= 3.6.5 - Reflected Cross-Site Scripting via PostMessage vulnerability

Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin Social Media Auto Publish versions = 3.6.5...

WordPress WP3D Model Import Viewer plugin <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin WP3D Model Import Viewer versions = 1.0.7...

WordPress Filter & Grids plugin <= 3.2.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin Filter & Grids versions = 3.2.0...

WordPress Export WP Page to Static HTML & PDF plugin <= 4.3.4 - Unauthenticated Cookie Exposure via Log File vulnerability

Unauthenticated Cookie Exposure via Log File vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Export WP Page to Static HTML/CSS versions = 4.3.4...

WordPress Postem Ipsum plugin <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation in postem_ipsum_generate_users vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation in postemipsumgenerateusers vulnerability discovered by kr0d in WordPress Plugin Postem Ipsum versions = 3.0.1...

WordPress افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin <= 1.3.5 - Unauthenticated Time-Based Blind SQL Injection vulnerability

Unauthenticated Time-Based Blind SQL Injection vulnerability discovered by luckybuddy in WordPress Plugin افزونه پیامک ووکامرس فوق حرفه ای جدید payamito sms woocommerce versions = 1.3.5...

WordPress wpForo Forum plugin <= 2.4.12 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Muhamad Visat in WordPress Plugin wpForo Forum versions = 2.4.12...

WordPress URL Shortener Plugin For WordPress plugin <= 3.0.7 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin URL Shortener versions = 3.0.7...

WordPress WP Directory Kit plugin <= 1.4.7 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin WP Directory Kit versions = 1.4.7...

WordPress Doubly plugin <= 1.0.46 - Authenticated (Subscriber+) PHP Object Injection via ZIP File Import vulnerability

Authenticated Subscriber+ PHP Object Injection via ZIP File Import vulnerability discovered by Bartłomiej Bergier bergee in WordPress Plugin Doubly - Cross Domain Copy Paste for WordPress versions = 1.0.46...

WordPress JAY Login & Register plugin <= 2.4.01 - Authentication Bypass via Cookie vulnerability

Authentication Bypass via Cookie vulnerability discovered by kr0d in WordPress Plugin JAY Login & Register versions = 2.4.01...

WordPress Login Lockdown & Protection plugin <= 2.14 - IP Block Bypass vulnerability

IP Block Bypass vulnerability discovered by William Cooke - Modux in WordPress Plugin Login Lockdown versions = 2.14...

WordPress WPS Visitor Counter plugin plugin <= 1.4.8 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WPS Visitor Counter versions = 1.4.8...

WordPress HelloLeads CRM Form Shortcode plugin <= 1.0 - Unauthenticated Settings Reset vulnerability

Unauthenticated Settings Reset vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin HelloLeads CRM Form Shortcode versions = 1.0...

WordPress MailerLite - WooCommerce integration plugin <= 3.1.3 - Missing Authorization to Data Deletion vulnerability

WordPress MailerLite - WooCommerce integration plugin = 3.1.3 - Missing Authorization to Data Deletion vulnerability discovered by shark3y in WordPress Plugin MailerLite – WooCommerce integration versions = 3.1.3...

WordPress Fancy Product Designer | WooCommerce WordPress plugin <= 6.4.8 - Unauthenticated Information Disclosure via 'url' Parameter vulnerability

Unauthenticated Information Disclosure via 'url' Parameter vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Plugin Fancy Product Designer versions = 6.4.8...

WordPress Fancy Product Designer | WooCommerce WordPress plugin <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition vulnerability

Unauthenticated Server-Side Request Forgery via Race Condition vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Plugin Fancy Product Designer versions = 6.4.8...

WordPress LearnPress plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via getprofilesocial vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin LearnPress versions = 4.3.1...

WordPress Booking Calendar plugin <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check vulnerability

Unauthenticated SQL Injection via datestocheck vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Booking Calendar versions = 10.14.8...

WordPress Fox LMS plugin 1.0.4.7-1.0.5.1 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Fox LMS versions 1.0.4.7-1.0.5.1...

WordPress WPCOM Member plugin <= 1.7.16 - Authentication Bypass via Weak OTP vulnerability

Authentication Bypass via Weak OTP vulnerability discovered by wesley wcraft in WordPress Plugin WPCOM Member versions = 1.7.16...

WordPress Post Expirator plugin <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) Authors' Emails Exposure vulnerability

Missing Authorization to Authenticated Contributor+ Authors' Emails Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Post Expirator versions = 4.9.2...

WordPress Elementor plugin <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Text Path vulnerability discovered by Asaf Mozes in WordPress Plugin Elementor Website Builder versions = 3.33.3...

WordPress Fancy Product Designer | WooCommerce WordPress plugin <= 6.4.8 - Unauthenticated Full Path Disclosure via 'pdf' Parameter vulnerability

Unauthenticated Full Path Disclosure via 'pdf' Parameter vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Plugin Fancy Product Designer versions = 6.4.8...

WordPress Auto Featured Image plugin <= 4.2.1 - Missing Authorization to Authenticated (Contributor+) Post Thumbnail Modification vulnerability

Missing Authorization to Authenticated Contributor+ Post Thumbnail Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Auto Featured Image Auto Post Thumbnail versions = 4.2.1...

WordPress dokan pro plugin <= 4.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Ahmed Rayen Ayari in WordPress Plugin Dokan Pro versions = 4.1.3...

WordPress LearnPress plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics Exposure vulnerability

Missing Authorization to Unauthenticated Orders Statistics Exposure vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin LearnPress versions = 4.3.1...

WordPress Image Gallery – Photo Grid & Video Gallery plugin <= 2.13.3 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification vulnerability

Missing Authorization to Authenticated Author+ Arbitrary Gallery Modification vulnerability discovered by WordFence in WordPress Plugin Modula Image Gallery versions = 2.13.3...

WordPress FluentAuth - Auth Security Plugin plugin <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluent_auth_reset_password' Shortcode vulnerability

WordPress FluentAuth - Auth Security Plugin plugin = 2.0.3 - Authenticated Contributor+ Stored Cross-Site Scripting via 'fluentauthresetpassword' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin FluentAuth – The Ultimate Authorization & Security Plugin for WordPress...

WordPress OneSignal – Web Push Notifications plugin <= 3.6.1 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin OneSignal – Web Push Notifications versions = 3.6.1...

WordPress RegistrationMagic plugin <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'RMForms' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin RegistrationMagic versions = 6.0.6.7...

WordPress CC Child Pages plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'childpages' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CC Child Pages versions = 2.0.0...

WordPress User Registration & Membership plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin User Registration versions = 4.4.6...

WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders Tampering vulnerability

Missing Authorization to Authenticated Author+ Global Folders Tampering vulnerability discovered by type5afe in WordPress Plugin Filebird versions = 6.5.1...

WordPress Read More & Accordion plugin <= 3.5.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Read More & Accordion versions = 3.5.5.1...

WordPress Lightweight Accordion plugin <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Lightweight Accordion versions = 1.5.20...

WordPress Addon Elements for Elementor plugin <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Elementor Addon Elements versions = 1.14.3...

WordPress HandL UTM Grabber / Tracker plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin HandL UTM Grabber versions = 2.8.0...

WordPress JetWidgets For Elementor plugin <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability discovered by zer0gh0st in WordPress Plugin JetWidgets For Elementor versions = 1.0.20...

WordPress Yaad Sarig Payment Gateway For WC plugin <= 2.2.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Yaad Sarig Payment Gateway For WC versions = 2.2.11...

WordPress Sober theme <= 3.5.11 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Sober versions = 3.5.11...

WordPress Wilmër theme < 3.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Wilmër versions 3.5...

WordPress Besa theme <= 2.3.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Besa versions = 2.3.15...

WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Urna versions = 2.5.12...

WordPress Hara theme <= 1.2.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Hara versions = 1.2.17...