WordPress Fashion theme < 5.3.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Fashion versions 5.3.0...

WordPress Sailing theme < 4.4.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Sailing versions 4.4.6...

WordPress Kerge theme <= 4.1.3 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kerge versions = 4.1.3...

WordPress Sailing theme < 4.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Sailing versions 4.4.6...

WordPress ekommart theme < 4.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme ekommart versions 4.3.1...

WordPress Booking calendar, Appointment Booking System plugin <= 3.2.30 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Booking calendar, Appointment Booking System versions = 3.2.30...

WordPress Rencontre plugin <= 3.13.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by MyungJu Kim in WordPress Plugin Rencontre versions = 3.13.7...

WordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Watu Quiz versions = 3.4.5...

WordPress My Calendar plugin <= 3.6.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin My Calendar versions = 3.6.16...

WordPress Themify Portfolio Post plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Themify Portfolio Post versions = 1.3.0...

WordPress Newsletter plugin <= 9.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Newsletter versions = 9.0.9...

WordPress ThirstyAffiliates plugin <= 3.11.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin ThirstyAffiliates versions = 3.11.8...

WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Request a Quote versions = 2.5.3...

WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Sitewide Notice WP versions = 2.4.1...

WordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WCFM Marketplace versions = 3.7.1...

WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.24 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WCFM – Frontend Manager for WooCommerce versions = 6.7.24...

WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Visitor Statistics Real Time Traffic versions = 8.3...

WordPress Protect WP Admin plugin <= 4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Protect WP Admin versions = 4.1...

WordPress Ninja Tables plugin <= 5.2.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by w41bu1 in WordPress Plugin Ninja Tables versions = 5.2.3...

WordPress Webba Booking plugin <= 6.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Webba Booking versions = 6.2.1...

WordPress Simple Folio plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Simple Folio versions = 1.1.0...

WordPress Photo Block plugin <= 1.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Photo Block versions = 1.5.1...

WordPress Semrush Content Toolkit plugin <= 1.1.32 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Semrush Content Toolkit versions = 1.1.32...

WordPress UseStrict's Calendly Embedder plugin <= 1.1.7.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin UseStricts Calendly Embedder versions = 1.1.7.2...

WordPress VK Google Job Posting Manager plugin <= 1.2.22 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin VK Google Job Posting Manager versions = 1.2.22...

WordPress FAPI Member plugin <= 2.2.29 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by NumeX in WordPress Plugin FAPI Member versions = 2.2.29...

WordPress Image Caption Hover Pro plugin < 20.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Image Caption Hover Pro versions 20.0...

WordPress Multi-Step Checkout for WooCommerce plugin <= 2.33 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by benzdeus in WordPress Plugin Multi-Step Checkout for WooCommerce versions = 2.33...

WordPress Pixel Manager for WooCommerce plugin <= 1.51.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin Pixel Manager for WooCommerce versions = 1.51.1...

WordPress UsersWP plugin <= 1.2.48 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin UsersWP versions = 1.2.48...

WordPress Wbcom Designs plugin <= 2.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Wbcom Designs versions = 2.1.1...

WordPress WP-ShowHide plugin <= 1.05 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP-ShowHide versions = 1.05...

WordPress WP eBay Product Feeds plugin <= 3.4.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin WP eBay Product Feeds versions = 3.4.9...

WordPress Simple Link Directory plugin <= 8.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Simple Link Directory versions = 8.8.3...

WordPress Simple Link Directory plugin <= 8.8.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin Simple Link Directory versions = 8.8.3...

WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.0.7...

WordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Zeeshan Haider in WordPress Plugin Document Library Lite versions = 1.1.7...

WordPress TrueBooker plugin <= 1.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin TrueBooker versions = 1.1.0...

WordPress Admin and Site Enhancements (ASE) plugin <= 8.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Admin and Site Enhancements ASE versions = 8.0.8...

WordPress Easy Form Builder plugin <= 3.8.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Easy Form Builder versions = 3.8.20...

WordPress Document Library Lite plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Zeeshan Haider in WordPress Plugin Document Library Lite versions = 1.1.7...

WordPress CWW Companion plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin CWW Companion versions = 1.3.2...

WordPress Listdom plugin <= 5.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Listdom versions = 5.0.1...

WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Zeeshan Haider in WordPress Plugin Highlight and Share versions = 5.2.0...

WordPress User Extra Fields plugin <= 16.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin User Extra Fields versions = 16.8...

WordPress Easy Invoice plugin <= 2.1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin Easy Invoice versions = 2.1.4...

WordPress Animation Addons for Elementor plugin <= 2.4.5 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Plugin Animation Addons for Elementor versions = 2.4.5...

WordPress Meks Quick Plugin Disabler plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Meks Quick Plugin Disabler versions = 1.0...

WordPress Directorist plugin <= 8.5.10 - Open Redirection vulnerability

Open Redirection vulnerability discovered by daroo in WordPress Plugin Directorist versions = 8.5.10...

WordPress Business Directory plugin <= 6.4.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Business Directory versions = 6.4.19...