WordPress Beaver Builder – WordPress Page Builder plugin <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Global Preset Modification vulnerability

Missing Authorization to Authenticated Contributor+ Global Preset Modification vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Beaver Builder versions = 2.9.4...

WordPress Zigaform plugin <= 7.6.5 - Unauthenticated Form Submission Data Disclosure in rocket_front_payment_seesummary AJAX Endpoint vulnerability

Unauthenticated Form Submission Data Disclosure in rocketfrontpaymentseesummary AJAX Endpoint vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Zigaform – Price Calculator & Cost Estimation Form Builder Lite versions = 7.6.5...

WordPress Photo Gallery by Ays plugin <= 6.4.8 - Cross-Site Request Forgery to Bulk Actions vulnerability

Cross-Site Request Forgery to Bulk Actions vulnerability discovered by Deadbee - NA in WordPress Plugin Photo Gallery by Ays versions = 6.4.8...

WordPress Visualizer: Tables and Charts Manager for WordPress plugin <= 3.11.12 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Visualizer versions = 3.11.12...

WordPress Front User Submit plugin <= 4.9.5 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Bob Matyas - Automattic in WordPress Plugin WP Front User Submit / Front Editor versions = 4.9.5...

WordPress Export All Posts, Products, Orders, Refunds & Users plugin <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure vulnerability

Cross-Site Request Forgery to Sensitive Information Exposure vulnerability discovered by luckybuddy in WordPress Plugin WP Ultimate Exporter versions = 2.19...

WordPress BlockArt Blocks plugin <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via timestamp Attribute vulnerability discovered by Farhan Dio Arrafiq in WordPress Plugin BlockArt Blocks versions = 2.2.13...

WordPress Get Cash plugin <= 3.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rooting in WordPress Plugin Get Cash versions = 3.2.3...

WordPress Arconix Shortcodes plugin <= 2.1.19 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rooting in WordPress Plugin Arconix Shortcodes versions = 2.1.19...

WordPress Contact Form Email plugin <= 1.3.60 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Rooting in WordPress Plugin Contact Form Email versions = 1.3.60...

WordPress Trade Runner plugin <= 3.14 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by vr0px in WordPress Plugin Trade Runner versions = 3.14...

WordPress WerkStatt plugin plugin <= 1.6.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WerkStatt Plugin versions = 1.6.6...

WordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mdr in WordPress Plugin Tutor LMS Elementor Addons versions = 3.0.1...

WordPress Rencontre plugin <= 3.13.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Rencontre versions = 3.13.7...

WordPress Stylish Price List plugin <= 7.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Stylish Price List versions = 7.2.2...

WordPress Payment Gateway for PayPal on WooCommerce plugin <= 9.0.53 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Payment Gateway for PayPal on WooCommerce versions = 9.0.53...

WordPress SiteGround Security plugin <= 1.5.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin SiteGround Security versions = 1.5.8...

WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin LearnPress versions = 4.2.9.4...

WordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin WpEvently versions = 5.0.4...

WordPress Cart Weight for WooCommerce plugin <= 1.9.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Cart Weight for WooCommerce versions = 1.9.11...

WordPress Masteriyo - LMS plugin <= 2.0.3 - Sensitive Data Exposure vulnerability

WordPress Masteriyo - LMS plugin = 2.0.3 - Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Masteriyo - LMS versions = 2.0.3...

WordPress CatFolders plugin <= 2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin CatFolders versions = 2.5.3...

WordPress Quiz And Survey Master plugin <= 10.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Quiz And Survey Master versions = 10.3.2...

WordPress WP Compress for MainWP plugin <= 6.50.17 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Compress for MainWP versions = 6.50.17...

WordPress TNC Toolbox: Web Performance plugin <= 2.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin TNC Toolbox: Web Performance versions = 2.0.4...

WordPress Quick Interest Slider plugin <= 3.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Quick Interest Slider versions = 3.1.5...

WordPress Quick Interest Slider plugin <= 3.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Quick Interest Slider versions = 3.1.5...

WordPress Flexmls® IDX plugin <= 3.15.7 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Nabil Irawan in WordPress Plugin Flexmls® IDX versions = 3.15.7...

WordPress ConveyThis plugin <= 269.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin ConveyThis versions = 269.2...

WordPress WP sIFR plugin <= 0.6.8.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin WP sIFR versions = 0.6.8.1...

WordPress Notification for Telegram plugin <= 3.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ahmad in WordPress Plugin Notification for Telegram versions = 3.4.7...

WordPress JetFormBuilder plugin <= 3.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin JetFormBuilder versions = 3.5.3...

WordPress Duplicate Content Cure plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Duplicate Content Cure versions = 1.0...

WordPress OnPay.io for WooCommerce plugin <= 1.0.47 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin OnPay.io for WooCommerce versions = 1.0.47...

WordPress BERTHA AI plugin <= 1.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin BERTHA AI versions = 1.13...

WordPress Nextend Social Login and Register plugin <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login vulnerability

Cross-Site Request Forgery to Unlink User Social Login vulnerability discovered by type5afe in WordPress Plugin Nextend Facebook Connect versions = 3.1.21...

WordPress Reuters Direct plugin <= 3.0.0 - Missing Authorization to Unauthenticated Settings Reset vulnerability

Missing Authorization to Unauthenticated Settings Reset vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Reuters Direct versions = 3.0.0...

WordPress Analytics Germanized for Google Analytics plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Analytics Germanized for Google Analytics versions = 1.6.2...

WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Easy Form versions = 2.7.8...

WordPress Sermon Manager plugin <= 2.30.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Sermon Manager versions = 2.30.0...

WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Subscriptions & Memberships for PayPal versions = 1.1.7...

WordPress FluentCommunity plugin <= 2.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin FluentCommunity versions = 2.0.0...

WordPress Virtuaria PagBank / PagSeguro para Woocommerce plugin <= 3.6.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Virtuaria PagBank / PagSeguro para Woocommerce versions = 3.6.3...

WordPress Gutenverse plugin <= 3.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin Gutenverse versions = 3.2.1...

WordPress Gutenverse Form plugin <= 2.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin Gutenverse Form versions = 2.2.0...

WordPress FireBox plugin <= 3.1.0-free - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin FireBox versions = 3.1.0-free...

WordPress Hydra Booking plugin <= 1.1.32 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Hydra Booking versions = 1.1.32...

WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mdr in WordPress Plugin Ultimate Member Widgets for Elementor versions = 2.3...

WordPress Hostel plugin <= 1.1.5.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Hostel versions = 1.1.5.9...

WordPress Bold Page Builder plugin <= 5.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Poystick in WordPress Plugin Bold Page Builder versions = 5.5.2...