WordPress افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin <= 1.3.5 - Unauthenticated Time-Based Blind SQL Injection vulnerability

Unauthenticated Time-Based Blind SQL Injection vulnerability discovered by luckybuddy in WordPress Plugin افزونه پیامک ووکامرس فوق حرفه ای جدید payamito sms woocommerce versions = 1.3.5...

WordPress wpForo Forum plugin <= 2.4.12 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Muhamad Visat in WordPress Plugin wpForo Forum versions = 2.4.12...

WordPress URL Shortener Plugin For WordPress plugin <= 3.0.7 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin URL Shortener versions = 3.0.7...

WordPress WP Directory Kit plugin <= 1.4.7 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin WP Directory Kit versions = 1.4.7...

WordPress Doubly plugin <= 1.0.46 - Authenticated (Subscriber+) PHP Object Injection via ZIP File Import vulnerability

Authenticated Subscriber+ PHP Object Injection via ZIP File Import vulnerability discovered by Bartłomiej Bergier bergee in WordPress Plugin Doubly - Cross Domain Copy Paste for WordPress versions = 1.0.46...

WordPress JAY Login & Register plugin <= 2.4.01 - Authentication Bypass via Cookie vulnerability

Authentication Bypass via Cookie vulnerability discovered by kr0d in WordPress Plugin JAY Login & Register versions = 2.4.01...

WordPress Login Lockdown & Protection plugin <= 2.14 - IP Block Bypass vulnerability

IP Block Bypass vulnerability discovered by William Cooke - Modux in WordPress Plugin Login Lockdown versions = 2.14...

WordPress WPS Visitor Counter plugin plugin <= 1.4.8 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WPS Visitor Counter versions = 1.4.8...

WordPress HelloLeads CRM Form Shortcode plugin <= 1.0 - Unauthenticated Settings Reset vulnerability

Unauthenticated Settings Reset vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin HelloLeads CRM Form Shortcode versions = 1.0...

WordPress MailerLite - WooCommerce integration plugin <= 3.1.3 - Missing Authorization to Data Deletion vulnerability

WordPress MailerLite - WooCommerce integration plugin = 3.1.3 - Missing Authorization to Data Deletion vulnerability discovered by shark3y in WordPress Plugin MailerLite – WooCommerce integration versions = 3.1.3...

WordPress Fancy Product Designer | WooCommerce WordPress plugin <= 6.4.8 - Unauthenticated Information Disclosure via 'url' Parameter vulnerability

Unauthenticated Information Disclosure via 'url' Parameter vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Plugin Fancy Product Designer versions = 6.4.8...

WordPress Fancy Product Designer | WooCommerce WordPress plugin <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition vulnerability

Unauthenticated Server-Side Request Forgery via Race Condition vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Plugin Fancy Product Designer versions = 6.4.8...

WordPress LearnPress plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via getprofilesocial vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin LearnPress versions = 4.3.1...

WordPress Booking Calendar plugin <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check vulnerability

Unauthenticated SQL Injection via datestocheck vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Booking Calendar versions = 10.14.8...

WordPress Fox LMS plugin 1.0.4.7-1.0.5.1 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Fox LMS versions 1.0.4.7-1.0.5.1...

WordPress WPCOM Member plugin <= 1.7.16 - Authentication Bypass via Weak OTP vulnerability

Authentication Bypass via Weak OTP vulnerability discovered by wesley wcraft in WordPress Plugin WPCOM Member versions = 1.7.16...

WordPress Post Expirator plugin <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) Authors' Emails Exposure vulnerability

Missing Authorization to Authenticated Contributor+ Authors' Emails Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Post Expirator versions = 4.9.2...

WordPress Elementor plugin <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Text Path vulnerability discovered by Asaf Mozes in WordPress Plugin Elementor Website Builder versions = 3.33.3...

WordPress Fancy Product Designer | WooCommerce WordPress plugin <= 6.4.8 - Unauthenticated Full Path Disclosure via 'pdf' Parameter vulnerability

Unauthenticated Full Path Disclosure via 'pdf' Parameter vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Plugin Fancy Product Designer versions = 6.4.8...

WordPress Auto Featured Image plugin <= 4.2.1 - Missing Authorization to Authenticated (Contributor+) Post Thumbnail Modification vulnerability

Missing Authorization to Authenticated Contributor+ Post Thumbnail Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Auto Featured Image Auto Post Thumbnail versions = 4.2.1...

WordPress dokan pro plugin <= 4.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Ahmed Rayen Ayari in WordPress Plugin Dokan Pro versions = 4.1.3...

WordPress LearnPress plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics Exposure vulnerability

Missing Authorization to Unauthenticated Orders Statistics Exposure vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin LearnPress versions = 4.3.1...

WordPress Image Gallery – Photo Grid & Video Gallery plugin <= 2.13.3 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification vulnerability

Missing Authorization to Authenticated Author+ Arbitrary Gallery Modification vulnerability discovered by WordFence in WordPress Plugin Modula Image Gallery versions = 2.13.3...

WordPress OneSignal – Web Push Notifications plugin <= 3.6.1 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin OneSignal – Web Push Notifications versions = 3.6.1...

WordPress FluentAuth - Auth Security Plugin plugin <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluent_auth_reset_password' Shortcode vulnerability

WordPress FluentAuth - Auth Security Plugin plugin = 2.0.3 - Authenticated Contributor+ Stored Cross-Site Scripting via 'fluentauthresetpassword' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin FluentAuth – The Ultimate Authorization & Security Plugin for WordPress...

WordPress RegistrationMagic plugin <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'RMForms' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin RegistrationMagic versions = 6.0.6.7...

WordPress CC Child Pages plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'childpages' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CC Child Pages versions = 2.0.0...

WordPress User Registration & Membership plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin User Registration versions = 4.4.6...

WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders Tampering vulnerability

Missing Authorization to Authenticated Author+ Global Folders Tampering vulnerability discovered by type5afe in WordPress Plugin Filebird versions = 6.5.1...

WordPress Read More & Accordion plugin <= 3.5.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Read More & Accordion versions = 3.5.5.1...

WordPress Lightweight Accordion plugin <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Lightweight Accordion versions = 1.5.20...

WordPress Addon Elements for Elementor plugin <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Elementor Addon Elements versions = 1.14.3...

WordPress HandL UTM Grabber / Tracker plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin HandL UTM Grabber versions = 2.8.0...

WordPress JetWidgets For Elementor plugin <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability discovered by zer0gh0st in WordPress Plugin JetWidgets For Elementor versions = 1.0.20...

WordPress Yaad Sarig Payment Gateway For WC plugin <= 2.2.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Yaad Sarig Payment Gateway For WC versions = 2.2.11...

WordPress WP-ShowHide plugin <= 1.05 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP-ShowHide versions = 1.05...

WordPress CWW Companion plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin CWW Companion versions = 1.3.2...

WordPress Pixel Manager for WooCommerce plugin <= 1.51.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin Pixel Manager for WooCommerce versions = 1.51.1...

WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Request a Quote versions = 2.5.3...

WordPress Sober theme <= 3.5.11 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Sober versions = 3.5.11...

WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Urna versions = 2.5.12...

WordPress Kerge theme <= 4.1.3 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kerge versions = 4.1.3...

WordPress Photo Block plugin <= 1.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Photo Block versions = 1.5.1...

WordPress Easy Invoice plugin <= 2.1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin Easy Invoice versions = 2.1.4...

WordPress Sailing theme < 4.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Sailing versions 4.4.6...

WordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Zeeshan Haider in WordPress Plugin Document Library Lite versions = 1.1.7...

WordPress Meks Quick Plugin Disabler plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Meks Quick Plugin Disabler versions = 1.0...

WordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WCFM Marketplace versions = 3.7.1...

WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Zeeshan Haider in WordPress Plugin Highlight and Share versions = 5.2.0...

WordPress Listdom plugin <= 5.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Listdom versions = 5.0.1...