WordPress Custom Field Template plugin <= 2.7.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Phat RiO in WordPress Plugin Custom Field Template versions = 2.7.6...

WordPress WP EasyCart plugin <= 5.8.11 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by benzdeus in WordPress Plugin WP EasyCart versions = 5.8.11...

WordPress WP-CRM System plugin <= 3.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP-CRM System versions = 3.4.6...

WordPress IDonate plugin <= 2.1.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin IDonate versions = 2.1.15...

WordPress Wp Ultimate Review plugin <= 2.3.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Wp Ultimate Review versions = 2.3.7...

WordPress Contact Form by BestWebSoft plugin <= 4.3.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Contact Form by BestWebSoft versions = 4.3.6...

WordPress Yandex.Metrica plugin <= 1.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ohmymex in WordPress Plugin Yandex.Metrica versions = 1.2.2...

WordPress Make Section & Column Clickable For Elementor plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mdr in WordPress Plugin Make Section & Column Clickable For Elementor versions = 2.4...

WordPress Salon booking system plugin <= 10.30.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin Salon booking system versions = 10.30.3...

WordPress Generic Elements plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Generic Elements versions = 1.2.9...

WordPress Post SMTP plugin <= 3.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Post SMTP versions = 3.6.1...

WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 4.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce PDF Invoices & Packing Slips versions = 4.9.1...

WordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Mdr in WordPress Plugin Thim Elementor Kit versions = 1.3.3...

WordPress Actionwear products sync plugin <= 2.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Actionwear products sync versions = 2.3.3...

WordPress Funnel Builder by FunnelKit plugin <= 3.13.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Funnel Builder by FunnelKit versions = 3.13.1.2...

WordPress JNews Paywall plugin < 12.0.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin JNews Paywall versions 12.0.1...

WordPress JNews Gallery plugin < 12.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin JNews Gallery versions 12.0.1...

WordPress REHub Framework plugin < 19.9.9.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin REHub Framework versions 19.9.9.4...

WordPress Rehub theme <= 19.9.9.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Rehub versions = 19.9.9.1...

WordPress PDF Thumbnail Generator plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin PDF Thumbnail Generator versions = 1.4...

WordPress Gravitec.net – Web Push Notifications plugin <= 2.9.17 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Gravitec.net Web Push Notifications versions = 2.9.17...

WordPress Ergonet Cache plugin <= 1.0.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Ergonet Cache versions = 1.0.13...

WordPress Auto Alt Text plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Auto Alt Text versions = 2.5.2...

WordPress Advanced FAQ Manager plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Advanced FAQ Manager versions = 1.5.2...

WordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin WPZOOM Addons for Elementor versions = 1.2.10...

WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Xpro Elementor Addons versions = 1.4.19.1...

WordPress WpEvently plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin WpEvently versions = 5.1.1...

WordPress My Tickets plugin <= 2.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin My Tickets versions = 2.1.0...

WordPress All In One SEO Pack plugin <= 4.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by mcdruid in WordPress Plugin All In One SEO Pack versions = 4.9.1...

WordPress WPKoi Templates for Elementor plugin <= 3.4.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WPKoi Templates for Elementor versions = 3.4.4...

WordPress Canadian Nutrition Facts Label plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nutrition Label Custom Post Type vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Nutrition Label Custom Post Type vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Canadian Nutrition Facts Label versions = 3.0...

WordPress Social Feed Gallery Portfolio plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Social Feed Gallery Portfolio versions = 1.3...

WordPress Accessiy By CodeConfig Accessibility plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Page Creation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CodeConfig Accessibility versions = 1.0.0...

WordPress RevInsite plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin RevInsite versions = 1.1.0...

WordPress Extra Post Images plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Extra Post Images versions = 1.0...

WordPress Cute News Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability discovered by ChamlaVic in WordPress Plugin Cute News Ticker versions = 1.0...

WordPress g-FFL Cockpit plugin <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion vulnerability

Improper Authorization to Unauthenticated Product Deletion vulnerability discovered by Ryan Kozak in WordPress Plugin g-FFL Cockpit versions = 1.7.1...

WordPress CSS3 Buttons plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin CSS3 Buttons versions = 0.1...

WordPress List Attachments Shortcode plugin <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode vulnerability

Authenticated Author+ Stored Cross-Site Scripting via list-attachments Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin List Attachments Shortcode versions = 0.4.1a...

WordPress WP Landing Page plugin <= 0.9.3 - Cross-Site Request Forgery to Arbitrary Post Meta Update vulnerability

Cross-Site Request Forgery to Arbitrary Post Meta Update vulnerability discovered by Ivan Cese in WordPress Plugin WP Landing Page versions = 0.9.3...

WordPress Listar – Directory Listing & Classifieds WordPress plugin plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Listing Update vulnerability

Missing Authorization to Authenticated Subscriber+ Listing Update vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Listar – Directory Listing & Classifieds versions = 3.0.0...

WordPress Helloprint plugin <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Helloprint versions = 2.1.2...

WordPress Search, Filters & Merchandising for WooCommerce plugin <= 3.0.63 - Missing Authorization to Authenticated (Subscriber+) plugin Deactivation vulnerability

Missing Authorization to Authenticated Subscriber+ plugin Deactivation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Search, Filters & Merchandising for WooCommerce versions = 3.0.63...

WordPress Ultra Skype Button plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'btnid' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ultra Skype Button versions = 1.0...

WordPress TR Timthumb plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Peter Thaleikis in WordPress Plugin TR Timthumb versions = 1.0.4...

WordPress Yet Another WebClap for WordPress plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Yet Another WebClap for WordPress versions = 0.2...

WordPress weDocs plugin <= 2.1.14 - Missing Authorization to Settings Update vulnerability

Missing Authorization to Settings Update vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin weDocs versions = 2.1.14...

WordPress Post Cloner plugin <= 1.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Post Cloner versions = 1.0.0...

WordPress SendPulse Email Marketing Newsletter plugin <= 2.2.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin SendPulse Email Marketing Newsletter versions = 2.2.1...

WordPress Portfolio and Projects plugin <= 1.5.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Portfolio and Projects versions = 1.5.5...