WordPress List Category Posts plugin <= 0.91.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode vulnerability

Authenticated Contributor+ SQL Injection via Plugin's Shortcode vulnerability discovered by Khanh Nguyen - BlueRock - BlueRock in WordPress Plugin List category posts versions = 0.91.0...

WordPress RSS Aggregator by Feedzy plugin <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Feedzy versions = 5.1.1...

WordPress Homey Core plugin <= 2.4.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Homey Core versions = 2.4.3...

WordPress Coder for Elementor plugin <= 1.0.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Coder for Elementor versions = 1.0.13...

WordPress Crumber plugin <= 1.0.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Crumber versions = 1.0.10...

WordPress Nelio Popups plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Nelio Popups versions = 1.3.0...

WordPress Comparimager for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Comparimager for Elementor versions = 1.0.1...

WordPress Scroller plugin <= 2.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Scroller versions = 2.0.2...

WordPress Simple Download Counter plugin <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal vulnerability

Authenticated Administrator+ Arbitrary File Read via Path Traversal vulnerability discovered by ChamlaVic in WordPress Plugin Simple Download Counter versions = 2.2.2...

WordPress Uper for Elementor plugin <= 1.0.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Uper for Elementor versions = 1.0.5...

WordPress Custom Admin Menu plugin <= 1.0.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Yousof Nahya in WordPress Plugin Custom Admin Menu versions = 1.0.0...

WordPress Audier For Elementor plugin <= 1.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Audier For Elementor versions = 1.0.9...

WordPress Motionger for Elementor plugin <= 2.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Motionger for Elementor versions = 2.0.4...

WordPress Searcher for Elementor plugin <= 1.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Searcher for Elementor versions = 1.0.3...

WordPress Carter for Elementor plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Carter for Elementor versions = 1.0.2...

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.7.1 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.7.1...

WordPress Leaky Paywall plugin <= 4.22.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Leaky Paywall versions = 4.22.6...

WordPress CSV to SortTable plugin <= 4.2 - Contributor+ LFI vulnerability

Contributor+ LFI vulnerability discovered by Ivan Cese in WordPress Plugin CSV to SortTable versions = 4.2...

WordPress WPeMatico RSS Feed Fetcher plugin < 2.8.13 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin WPeMatico RSS Feed Fetcher versions 2.8.13...

WordPress Video Merchant plugin <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload vulnerability

Cross-Site Request Forgery to Arbitrary File Upload vulnerability discovered by Ala Arfaoui in WordPress Plugin Video Merchant versions = 5.0.4...

WordPress Imager for Elementor plugin <= 2.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Imager for Elementor versions = 2.0.4...

WordPress Broken Link Checker plugin <= 1.2.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by mcdruid in WordPress Plugin Broken Link Checker versions = 1.2.6...

WordPress SurveyFunnel – Survey Plugin for WordPress plugin <= 1.1.5 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Deadbee - NA in WordPress Plugin SurveyFunnel versions = 1.1.5...

WordPress SurveyFunnel – Survey Plugin for WordPress plugin <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin SurveyFunnel versions = 1.1.5...

WordPress Trust.Reviews plugin <= 2.5 - Unauthenticated Stored Cross-Site Scripting via Social Media Reviews vulnerability

Unauthenticated Stored Cross-Site Scripting via Social Media Reviews vulnerability discovered by Kishan Vyas in WordPress Plugin Trust.Reviews versions = 2.5...

WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and Publication vulnerability

Cross-Site Request Forgery to Product Field Group Duplication and Publication vulnerability discovered by Nguyen C in WordPress Plugin Advanced Product Fields Product Addons for WooCommerce versions = 1.6.17...

WordPress ProfilePress plugin <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin ProfilePress versions = 4.16.7...

WordPress Beaver Builder plugin <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Beaver Builder versions = 2.9.4...

WordPress Login Security, FireWall, Malware removal by CleanTalk plugin <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL vulnerability

Unauthenticated Stored Cross-Site Scripting via Page URL vulnerability discovered by shark3y in WordPress Plugin Security & Malware scan by CleanTalk versions = 2.168...

WordPress WP Flashy Marketing Automation plugin <= 2.0.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin WP Flashy Marketing Automation versions = 2.0.8...

WordPress WP Email Capture plugin <= 3.12.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Email Capture versions = 3.12.4...

WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.4.6...

WordPress Table Block by Tableberg plugin <= 0.6.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Table Block by Tableberg versions = 0.6.9...

WordPress Social Photo Fetcher plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Social Photo Fetcher versions = 3.0.4...

WordPress Just TinyMCE Custom Styles plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Just TinyMCE Custom Styles versions = 1.2.1...

WordPress Eupago Gateway For Woocommerce plugin <= 4.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Eupago Gateway For Woocommerce versions = 4.7.1...

WordPress WP AI CoPilot plugin <= 1.2.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by benzdeus in WordPress Plugin WP AI CoPilot versions = 1.2.7...

WordPress Listar – Directory Listing & Classifieds WordPress Plugin plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Listar – Directory Listing & Classifieds versions = 3.0.0...

WordPress All-in-One Video Gallery plugin <= 4.5.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin All-in-One Video Gallery versions = 4.5.7...

WordPress myLCO plugin <= 0.8.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin myLCO versions = 0.8.1...

WordPress Page View Count plugin <= 2.8.7 - Settings Change vulnerability

Settings Change vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Page View Count versions = 2.8.7...

WordPress Starter Templates plugin <= 4.4.41 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass vulnerability

Authenticated Author+ Arbitrary File Upload via WXR Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Starter Templates versions = 4.4.41...

WordPress Widgets for Google Reviews plugin <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews vulnerability

Unauthenticated Stored Cross-Site Scripting via Google Reviews vulnerability discovered by Kishan Vyas in WordPress Plugin Widgets for Google Reviews versions = 13.2.4...

WordPress Rich Shortcodes for Google Reviews plugin <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Google Review vulnerability

Unauthenticated Stored Cross-Site Scripting via Google Review vulnerability discovered by Kishan Vyas in WordPress Plugin Rich Showcase for Google Reviews versions = 6.8...

WordPress Fluent Forms plugin <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id vulnerability

Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submissionid vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin FluentForm versions = 6.1.7...

WordPress Live Sales Notification for Woocommerce – Woomotiv plugin <= 3.6.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Live Sales Notification for Woocommerce - Woomotiv versions = 3.6.3...

WordPress Application Passwords plugin <= 0.1.3 - Reflected Cross-Site Scripting via reject_url vulnerability

Reflected Cross-Site Scripting via rejecturl vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Application Passwords versions = 0.1.3...

WordPress CSV Sumotto plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin CSV Sumotto versions = 1.0...

WordPress Flex QR Code Generator plugin <= 1.2.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Flex QR Code Generator versions = 1.2.7...

WordPress 10Web Booster plugin <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache vulnerability

Authenticated Subscriber+ Arbitrary Folder Deletion via twoclearpagecache vulnerability discovered by shark3y in WordPress Plugin 10Web Booster – Website speed optimization, Cache & Page Speed optimizer versions = 2.32.7...