WordPress VigLink SpotLight By ShortCode plugin <= 1.0.a - Authenticated (Contributor+) Stored Cross-Site Scripting via 'float' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'float' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin VigLink SpotLight By ShortCode versions = 1.0.a...

WordPress Purchase and Expense Manager plugin <= 1.1.2 - Cross-Site Request Forgery to Arbitrary Purchase Record Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Purchase Record Deletion vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Purchase and Expense Manager versions = 1.1.2...

WordPress TWW Protein Calculator plugin <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Header' Setting vulnerability discovered by ChamlaVic in WordPress Plugin TWW Protein Calculator versions = 1.0.24...

WordPress BUKAZU Search widget plugin <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin BUKAZU Search widget versions = 3.3.2...

WordPress WP Flot plugin <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin WP Flot versions = 0.2.2...

WordPress Zenost Shortcodes plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Zenost Shortcodes versions = 1.0...

WordPress Simple post listing plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple post listing versions = 0.2...

WordPress Easy Map Creator plugin <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Easy Map Creator versions = 3.0.2...

WordPress Ayo Shortcodes plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Ayo Shortcodes versions = 0.2...

WordPress Kirim.Email WooCommerce Integration plugin <= 1.2.9 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Kirim.Email WooCommerce Integration versions = 1.2.9...

WordPress DebateMaster plugin <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Color Options via 'debate' Shortcode vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Color Options via 'debate' Shortcode vulnerability discovered by ChamlaVic in WordPress Plugin DebateMaster versions = 1.0.0...

WordPress Upcoming for Calendly plugin <= 1.2.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Upcoming for Calendly versions = 1.2.4...

WordPress URL Media Uploader plugin <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload vulnerability

Missing Authorization to Authenticated Contributor+ Safe File Upload vulnerability discovered by jsonc in WordPress Plugin URL Media Uploader versions = 1.0.1...

WordPress BMLT WordPress Plugin plugin <= 3.11.4 - Cross-Site Request Forgery to Settings Creation and Deletion vulnerability

Cross-Site Request Forgery to Settings Creation and Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin BMLT WordPress Plugin versions = 3.11.4...

WordPress Player Leaderboard 1.0.0-1.0.2 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by kr0d in WordPress Plugin Player Leaderboard versions 1.0.0-1.0.2...

WordPress WatchTowerHQ plugin <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter vulnerability

Authenticated Administrator+ Arbitrary File Read via 'whtdownloadbigobjectorigin' Parameter vulnerability discovered by ChamlaVic in WordPress Plugin WatchTowerHQ versions = 3.15.0...

WordPress Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection vulnerability

Cross-Site Request Forgery to Google OAuth Connection vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin Foxtool All-in-One versions = 2.5.2...

WordPress Coding Blocks plugin <= 1.1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Coding Blocks versions = 1.1.0...

WordPress Animated Pixel Marquee Creator plugin <= 1.0.0 - Cross-Site Request Forgery via 'marquee' Parameter vulnerability

Cross-Site Request Forgery via 'marquee' Parameter vulnerability discovered by ChamlaVic in WordPress Plugin Animated Pixel Marquee Creator versions = 1.0.0...

WordPress Vimeo SimpleGallery plugin <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin Vimeo SimpleGallery versions = 0.2...

WordPress Paypal Payment Shortcode plugin <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buttomimage' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Paypal Payment Shortcode versions = 1.01...

WordPress BuddyTask plugin <= 1.3.0 - Missing Authorization to Authenticated (Subscriber+) Cross-Group Task Board Access and Manipulation vulnerability

Missing Authorization to Authenticated Subscriber+ Cross-Group Task Board Access and Manipulation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin BuddyTask versions = 1.3.0...

WordPress App Landing Template Blocks for WPBakery Page Builder plugin <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin App Landing Template Blocks for WPBakery Visual Composer Page Builder versions = 2.0.2...

WordPress Hide Email Address plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Hide Email Address versions = 0.1...

WordPress Data Visualizer plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Data Visualizer versions = 1.1...

WordPress Better Elementor Addons plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Better Elementor Addons versions = 1.5.5...

WordPress Simple Nivo Slider plugin <= 0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple Nivo Slider versions = 0.5.6...

WordPress Reviews Sorted plugin <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'space' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'space' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Reviews Sorted versions = 2.4.2...

WordPress WP Coupons and Deals plugin <= 3.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Coupons and Deals versions = 3.2.4...

WordPress Freshchat plugin <= 2.3.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Freshchat versions = 2.3.4...

WordPress SimplyConvert plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'simplyconvert_hash' Option vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'simplyconverthash' Option vulnerability discovered by Bhumividh Treloges - Siam Thanat Hack Co., Ltd. STH in WordPress Plugin SimplyConvert versions = 1.0...

WordPress LT Unleashed plugin <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion via 'template' Parameter vulnerability

Authenticated Contributor+ Local File Inclusion via 'template' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin LT Unleashed versions = 1.1.1...

WordPress LJUsers plugin <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'name' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin LJUsers versions = 1.2.0...

WordPress WP Job Portal plugin <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Long Nguyen in WordPress Plugin WP Job Portal versions = 2.4.0...

WordPress Media Library Tools plugin <= 1.6.15 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Media Library Tools versions = 1.6.15...

WordPress Elated Membership plugin <= 1.2 - Authentication Bypass via Social Login vulnerability

Authentication Bypass via Social Login vulnerability discovered by Foxyyy in WordPress Plugin Elated Membership versions = 1.2...

WordPress WP CarDealer plugin <= 1.2.16 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin WP CarDealer versions = 1.2.16...

WordPress Buttoner for Elementor plugin <= 1.0.6 - Settings Change vulnerability

Settings Change vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Buttoner for Elementor versions = 1.0.6...

WordPress Reformer for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Reformer for Elementor versions = 1.0.6...

WordPress Modalier for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Modalier for Elementor versions = 1.0.6...

WordPress Huger for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Huger for Elementor versions = 1.1.5...

WordPress Lottier plugin <= 1.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Lottier versions = 1.1.1...

WordPress Lottier for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Lottier for Elementor versions = 1.0.9...

WordPress Lottier for WPBakery plugin <= 1.1.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Lottier for WPBakery versions = 1.1.7...

WordPress Laser plugin <= 1.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Laser versions = 1.1.1...

WordPress Masker for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Masker for Elementor versions = 1.1.4...

WordPress Spoter for Elementor plugin <= 1.04 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Spoter for Elementor versions = 1.04...

WordPress Grider for Elementor plugin <= 1.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Grider for Elementor versions = 1.0.8...

WordPress RTL Tester plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin RTL Tester versions = 1.2...

WordPress Widgets for Google Reviews plugin <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via trustindex Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Widgets for Google Reviews versions = 13.2.1...