WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders Tampering vulnerability

Missing Authorization to Authenticated Author+ Global Folders Tampering vulnerability discovered by type5afe in WordPress Plugin Filebird versions = 6.5.1...

WordPress Read More & Accordion plugin <= 3.5.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Read More & Accordion versions = 3.5.5.1...

WordPress Lightweight Accordion plugin <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Lightweight Accordion versions = 1.5.20...

WordPress Addon Elements for Elementor plugin <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Elementor Addon Elements versions = 1.14.3...

WordPress HandL UTM Grabber / Tracker plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin HandL UTM Grabber versions = 2.8.0...

WordPress JetWidgets For Elementor plugin <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability discovered by zer0gh0st in WordPress Plugin JetWidgets For Elementor versions = 1.0.20...

WordPress Yaad Sarig Payment Gateway For WC plugin <= 2.2.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Yaad Sarig Payment Gateway For WC versions = 2.2.11...

WordPress WP-ShowHide plugin <= 1.05 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP-ShowHide versions = 1.05...

WordPress CWW Companion plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin CWW Companion versions = 1.3.2...

WordPress Pixel Manager for WooCommerce plugin <= 1.51.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin Pixel Manager for WooCommerce versions = 1.51.1...

WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Request a Quote versions = 2.5.3...

WordPress Sober theme <= 3.5.11 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Sober versions = 3.5.11...

WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Urna versions = 2.5.12...

WordPress Kerge theme <= 4.1.3 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kerge versions = 4.1.3...

WordPress Photo Block plugin <= 1.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Photo Block versions = 1.5.1...

WordPress Easy Invoice plugin <= 2.1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin Easy Invoice versions = 2.1.4...

WordPress Sailing theme < 4.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Sailing versions 4.4.6...

WordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Zeeshan Haider in WordPress Plugin Document Library Lite versions = 1.1.7...

WordPress Meks Quick Plugin Disabler plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Meks Quick Plugin Disabler versions = 1.0...

WordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WCFM Marketplace versions = 3.7.1...

WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Zeeshan Haider in WordPress Plugin Highlight and Share versions = 5.2.0...

WordPress Listdom plugin <= 5.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Listdom versions = 5.0.1...

WordPress Animation Addons for Elementor plugin <= 2.4.5 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Plugin Animation Addons for Elementor versions = 2.4.5...

WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Sitewide Notice WP versions = 2.4.1...

WordPress Hara theme <= 1.2.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Hara versions = 1.2.17...

WordPress Rencontre plugin <= 3.13.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by MyungJu Kim in WordPress Plugin Rencontre versions = 3.13.7...

WordPress Webba Booking plugin <= 6.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Webba Booking versions = 6.2.1...

WordPress Multi-Step Checkout for WooCommerce plugin <= 2.33 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by benzdeus in WordPress Plugin Multi-Step Checkout for WooCommerce versions = 2.33...

WordPress Semrush Content Toolkit plugin <= 1.1.32 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Semrush Content Toolkit versions = 1.1.32...

WordPress Booking calendar, Appointment Booking System plugin <= 3.2.30 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Booking calendar, Appointment Booking System versions = 3.2.30...

WordPress Newsletter plugin <= 9.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Newsletter versions = 9.0.9...

WordPress Easy Form Builder plugin <= 3.8.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Easy Form Builder versions = 3.8.20...

WordPress Simple Link Directory plugin <= 8.8.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin Simple Link Directory versions = 8.8.3...

WordPress Protect WP Admin plugin <= 4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Protect WP Admin versions = 4.1...

WordPress ekommart theme < 4.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme ekommart versions 4.3.1...

WordPress TrueBooker plugin <= 1.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin TrueBooker versions = 1.1.0...

WordPress Themify Portfolio Post plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Themify Portfolio Post versions = 1.3.0...

WordPress UsersWP plugin <= 1.2.48 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin UsersWP versions = 1.2.48...

WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.0.7...

WordPress Wilmër theme < 3.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Wilmër versions 3.5...

WordPress Besa theme <= 2.3.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Besa versions = 2.3.15...

WordPress WP eBay Product Feeds plugin <= 3.4.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin WP eBay Product Feeds versions = 3.4.9...

WordPress Document Library Lite plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Zeeshan Haider in WordPress Plugin Document Library Lite versions = 1.1.7...

WordPress Image Caption Hover Pro plugin < 20.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Image Caption Hover Pro versions 20.0...

WordPress VK Google Job Posting Manager plugin <= 1.2.22 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin VK Google Job Posting Manager versions = 1.2.22...

WordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Watu Quiz versions = 3.4.5...

WordPress User Extra Fields plugin <= 16.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin User Extra Fields versions = 16.8...

WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Visitor Statistics Real Time Traffic versions = 8.3...

WordPress FAPI Member plugin <= 2.2.29 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by NumeX in WordPress Plugin FAPI Member versions = 2.2.29...

WordPress Wbcom Designs plugin <= 2.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Wbcom Designs versions = 2.1.1...