WordPress Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) plugin <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by WordFence in WordPress Plugin Unlimited Elements for Elementor Premium versions = 2.0...

WordPress Unlimited Elements For Elementor and Unlimited Elements For Elementor plugin <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by WordFence in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter vulnerability

Unauthenticated Server-Side Request Forgery via 'pineconeurl' Parameter vulnerability discovered by blue0x1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.0...

WordPress Blubrry PowerPress plugin <= 11.15.2 - Authenticated (Contributor+) Arbitrary File Upload via 'powerpress_edit_post' vulnerability

Authenticated Contributor+ Arbitrary File Upload via 'powerpresseditpost' vulnerability discovered by ISMAILSHADOW in WordPress Plugin PowerPress Podcasting versions = 11.15.2...

WordPress KiviCare plugin <= 3.6.13 - SQL Injection vulnerability

SQL Injection vulnerability discovered by benzdeus in WordPress Plugin KiviCare versions = 3.6.13...

WordPress WP Directory Kit plugin <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter vulnerability

Reflected Cross-Site Scripting via 'orderby' Parameter vulnerability discovered by blue0x1 in WordPress Plugin WP Directory Kit versions = 1.4.5...

WordPress Customer Reviews Collector for WooCommerce plugin <= 4.6.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Customer Reviews Collector for WooCommerce versions = 4.6.1...

WordPress Simple Folio plugin <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Simple Folio versions = 1.1.0...

WordPress Houzez plugin <= 4.1.6 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Alex Thomas - Wordfence in WordPress Theme Houzez versions = 4.1.6...

WordPress Folders plugin <= 3.1.5 - Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation vulnerability

Incorrect Authorization to Authenticated Contributor+ Folder Content Manipulation vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Folders versions = 3.1.5...

WordPress SKT PayPal for WooCommerce plugin <= 1.4 - Unauthenticated Payment Bypass vulnerability

Unauthenticated Payment Bypass vulnerability discovered by ch4r0n - FPT Software in WordPress Plugin SKT PayPal for WooCommerce versions = 1.4...

WordPress Tiare Membership plugin <= 1.2 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by シルAsuna in WordPress Plugin Tiare Membership versions = 1.2...

WordPress Pool Services theme <= 3.3 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pool Services versions = 3.3...

WordPress The Aisle theme <= 2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Aisle versions = 2.9...

WordPress Powerlift theme < 3.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Powerlift versions 3.2.1...

WordPress Tiger Premium theme <= 101.2.1 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by István Márton - Wordfence in WordPress Theme Tiger versions = 101.2.1...

WordPress Tiger Premium theme <= 101.2.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by シルAsuna in WordPress Theme Tiger versions = 101.2.1...

WordPress FindAll Membership plugin <= 1.0.4 - Authentication Bypass via Social Login vulnerability

Authentication Bypass via Social Login vulnerability discovered by István Márton - Wordfence in WordPress Plugin FindAll Membership versions = 1.0.4...

WordPress Houzez plugin <= 4.1.6 - Authenticated (Subscriber+) PHP Object Injection via Saved Search vulnerability

Authenticated Subscriber+ PHP Object Injection via Saved Search vulnerability discovered by Alex Thomas - Wordfence in WordPress Theme Houzez versions = 4.1.6...

WordPress WP Fastest Cache plugin <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions vulnerability

Missing Authorization to Authenticated Subscriber+ DB Cleanup Actions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Fastest Cache versions = 1.4.0...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads vulnerability

Missing Authorization to Unauthenticated Media File Uploads vulnerability discovered by blue0x1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.0...

WordPress Quick View for WooCommerce plugin <= 2.2.17 - Unauthenticated Private Product Disclosure vulnerability

Unauthenticated Private Product Disclosure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Quick View for WooCommerce versions = 2.2.17...

WordPress QODE Wishlist for WooCommerce plugin <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist Update vulnerability

Unauthenticated Insecure Direct Object Reference to Wishlist Update vulnerability discovered by WordFence in WordPress Plugin QODE Wishlist for WooCommerce versions = 1.2.7...

WordPress Hide Category by User Role for WooCommerce plugin <= 2.3.1 - Missing Authorization to Unauthenticated Cache Flushing vulnerability

Missing Authorization to Unauthenticated Cache Flushing vulnerability discovered by Legion Hunter in WordPress Plugin Hide Category by User Role for WooCommerce versions = 2.3.1...

WordPress Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin <= 19.12.0 - Cross-Site Request Forgery to Account Disconnection vulnerability

Cross-Site Request Forgery to Account Disconnection vulnerability discovered by Deadbee - NA in WordPress Plugin Poll, Survey & Quiz Maker Plugin by Opinion Stage versions = 19.12.0...

WordPress StaffList plugin <= 3.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin StaffList versions = 3.2.6...

WordPress SortTable Post plugin <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin SortTable Post versions = 4.2...

WordPress Shouty plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shouty Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via shouty Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Shouty versions = 0.2.1...

WordPress Google Drive upload and download link plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Google Drive upload and download link versions = 1.0...

WordPress Soundslides plugin <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundslides Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via soundslides Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Soundslides versions = 1.4.2...

WordPress Reuters Direct plugin <= 3.0.0 - Cross-Site Request Forgery to Settings Reset vulnerability

Cross-Site Request Forgery to Settings Reset vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Reuters Direct versions = 3.0.0...

WordPress wp-twitpic plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin wp-twitpic versions = 1.0...

WordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Featured Post Creative versions = 1.5.5...

WordPress All In One SEO Pack plugin <= 4.8.6.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abu Hurayra in WordPress Plugin All In One SEO Pack versions = 4.8.6.1...

WordPress eRoom plugin <= 1.5.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mohamad Fattyr in WordPress Plugin eRoom versions = 1.5.6...

WordPress ANAC XML Viewer plugin <= 1.8.2 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin ANAC XML Viewer versions = 1.8.2...

WordPress WP Webhooks plugin <= 3.3.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Webhooks versions = 3.3.8...

WordPress Travelfic Toolkit plugin <= 1.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan in WordPress Plugin Travelfic Toolkit versions = 1.3.3...

WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin WP ERP versions = 1.16.6...

WordPress AI Feeds plugin <= 1.0.11 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin AI Feeds versions = 1.0.11...

WordPress CIBELES AI plugin <= 1.10.8 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin CIBELES AI versions = 1.10.8...

WordPress Sneeit Framework plugin <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback vulnerability

Unauthenticated Remote Code Execution in sneeitarticlespaginationcallback vulnerability discovered by Tonn in WordPress Plugin Sneeit Framework versions = 8.3...

WordPress oik plugin <= 4.15.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin oik versions = 4.15.3...

WordPress Essential Widgets plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mdr in WordPress Plugin Essential Widgets versions = 2.2.2...

WordPress Donation Thermometer plugin <= 2.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Donation Thermometer versions = 2.2.6...

WordPress Search Exclude plugin <= 2.5.7 – Missing Authorization to Authenticated (Contributor+) Search Settings Modification via REST API vulnerability

Missing Authorization to Authenticated Contributor+ Search Settings Modification via REST API vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Search Exclude versions = 2.5.7...

WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by benzdeus in WordPress Plugin Hotel Booking Lite versions = 5.2.3...

WordPress Quick Contact Form plugin <= 8.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Doan Dinh Van in WordPress Plugin Quick Contact Form versions = 8.2.5...

WordPress Elementor Website Builder plugin <= 3.33.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin Elementor Website Builder versions = 3.33.0...

WordPress Fluent Booking plugin <= 1.9.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Theodoros Malachias in WordPress Plugin Fluent Booking versions = 1.9.11...