WordPress wModes plugin <= 1.2.2 - Missing Authorization to Sensitive Information Disclosure vulnerability

Missing Authorization to Sensitive Information Disclosure vulnerability discovered by NumeX NumeX in WordPress Plugin wModes versions = 1.2.2...

WordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin wpForo Forum versions = 2.4.10...

WordPress FV Antispam plugin <= 2.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin FV Antispam versions = 2.7...

WordPress Eagle Booking plugin <= 1.3.4.3 - Settings Change vulnerability

Settings Change vulnerability discovered by Bonds in WordPress Plugin Eagle Booking versions = 1.3.4.3...

WordPress Eagle Booking plugin <= 1.3.4.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Bonds in WordPress Plugin Eagle Booking versions = 1.3.4.3...

WordPress WP Gravity Forms FreshDesk Plugin plugin <= 1.3.5 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Bonds in WordPress Plugin WP Gravity Forms FreshDesk Plugin versions = 1.3.5...

WordPress Essential Addons for Elementor plugin <= 6.5.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin Essential Addons for Elementor versions = 6.5.5...

WordPress CBX Bookmark & Favorite plugin <= 2.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin CBX Bookmark & Favorite versions = 2.0.1...

WordPress Grand Restaurant Theme Elements for Elementor plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Grand Restaurant Theme Elements for Elementor versions = 2.1.1...

WordPress Pixel Manager for WooCommerce plugin <= 1.49.2 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Pixel Manager for WooCommerce versions = 1.49.2...

WordPress Icon List Block plugin <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Sushi Com Abacate in WordPress Plugin Icon List Block versions = 1.2.1...

WordPress AI Engine plugin <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery vulnerability

Authenticated Editor+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin AI Engine versions = 3.1.8...

WordPress WP Duplicate Page plugin <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WP Duplicate Page versions = 1.7...

WordPress WP Migrate Lite plugin <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Migrate Lite versions = 2.7.6...

WordPress Enable SVG, WebP, and ICO Upload plugin <= 1.1.2 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass vulnerability

Authenticated Author+ Arbitrary File Upload via ICO Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Enable SVG, WebP & ICO Upload versions = 1.1.2...

WordPress Element Pack Addons for Elementor plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Open Street Map widget vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 8.3.4...

WordPress Enable SVG, WebP, and ICO Upload plugin <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploads vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Uploads vulnerability discovered by Sornram9254 in WordPress Plugin Enable SVG, WebP & ICO Upload versions = 1.1.2...

WordPress Live sales notification for WooCommerce plugin <= 2.3.39 - Missing Authorization to Unauthenticated Customer Data Exposure vulnerability

Missing Authorization to Unauthenticated Customer Data Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Live sales notification for WooCommerce versions = 2.3.39...

WordPress Cryptocurrency Payment Gateway for WooCommerce plugin <= 2.0.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Cryptocurrency Payment Gateway for WooCommerce versions = 2.0.25...

WordPress Restrictions for BuddyPress plugin <= 1.5.2 - Missing Authorization to Unauthenticated Tracking Status Update vulnerability

Missing Authorization to Unauthenticated Tracking Status Update vulnerability discovered by Legion Hunter in WordPress Plugin Restrictions for BuddyPress versions = 1.5.2...

WordPress Simple User Import Export plugin <= 1.1.7 - Authenticated (Admin+) CSV Injection vulnerability

Authenticated Admin+ CSV Injection vulnerability discovered by Ivan Cese in WordPress Plugin Simple User Import Export versions = 1.1.7...

WordPress WP Twitter Auto Publish plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP Twitter Auto Publish versions = 1.7.4...

WordPress Meta Display Block plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Meta Display Block versions = 1.0.0...

WordPress Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin <= 3.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Caption Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Caption Attribute vulnerability discovered by Webbernaut in WordPress Plugin Photonic Gallery & Lightbox for Flickr, SmugMug & Others versions = 3.21...

WordPress Broken Link Checker by AIOSEO plugin <= 1.2.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Trashing vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Post Trashing vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Broken Link Checker versions = 1.2.5...

WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Milinxee in WordPress Plugin Checkout Files Upload for WooCommerce versions = 2.2.1...

WordPress Gutenify - Visual Site Builder Blocks & Site Templates plugin <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block vulnerability

WordPress Gutenify - Visual Site Builder Blocks & Site Templates plugin = 1.5.9 - Authenticated Contributor+ Stored Cross-Site Scripting via Count Up block vulnerability discovered by zer0gh0st in WordPress Plugin Gutenify versions = 1.5.9...

WordPress Coil Web Monetization plugin <= 2.0.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Sandeep Kambhampati in WordPress Plugin Coil Web Monetization versions = 2.0.2...

WordPress ACF Flexible Layouts Manager plugin <= 1.1.6 - Missing Authorization to Unauthenticated Custom Field Update vulnerability

Missing Authorization to Unauthenticated Custom Field Update vulnerability discovered by Ahmad Salem a7mad.cc in WordPress Plugin ACF Flexible Layouts Manager versions = 1.1.6...

WordPress everviz plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin everviz versions = 1.1...

WordPress Top Friends plugin <= 0.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Ivan Cese in WordPress Plugin Top Friends versions = 0.3...

WordPress Category and Product Woocommerce Tabs plugin <= 1.0 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Category and Product Woocommerce Tabs versions = 1.0...

WordPress Download Panel plugin <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Ivan Cese in WordPress Plugin Download Panel Biggiko Team versions = 1.3.3...

WordPress Like-it plugin <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Like-it versions = 2.2...

WordPress Local Syndication plugin <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode vulnerability

Authenticated Contributor+ Server-Side Request Forgery via Shortcode vulnerability discovered by Ivan Cese in WordPress Plugin Local Syndication versions = 1.5a...

WordPress ArtiBot Free Chat Bot for WebSites plugin <= 1.1.7 - Reflected Cross-Site Scripting via PostMessage vulnerability

Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin ArtiBot versions = 1.1.7...

WordPress Multiple Roles per User plugin <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Custom+ Privilege Escalation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Multiple Roles per User versions = 1.0...

WordPress The Permalinks Cascade plugin <= 2.2 - Missing Authorization To Authenticated (Subscriber+) Plugin Settings Update vulnerability

Missing Authorization To Authenticated Subscriber+ Plugin Settings Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin The Permalinks Cascade versions = 2.2...

WordPress WP Dropzone plugin <= 1.1.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin WP Dropzone versions = 1.1.0...

WordPress CSV to SortTable plugin <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin CSV to SortTable versions = 4.2...

WordPress WP Admin Microblog plugin <= 3.1.1 - Cross-Site Request Forgery to Message Creation vulnerability

Cross-Site Request Forgery to Message Creation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Admin Microblog versions = 3.1.1...

WordPress Premmerce Wholesale Pricing for WooCommerce plugin <= 1.1.10 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Powpy in WordPress Plugin Premmerce Wholesale Pricing for WooCommerce versions = 1.1.10...

WordPress Project Honey Pot Spam Trap plugin <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Project Honey Pot Spam Trap versions = 1.0.1...

WordPress Pie Forms for WP plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Vanh - GCSC in WordPress Plugin Drag & Drop Builder versions = 1.6...

WordPress RTMKit Addons plugin <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Repeater Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Accordion Repeater Block Attribute vulnerability discovered by zer0gh0st in WordPress Plugin RTMKit versions = 1.6.5...

WordPress VK All in One Expansion Unit plugin <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by r0skie in WordPress Plugin VK All in One Expansion Unit versions = 9.112.1...

WordPress Post Type Switcher plugin <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change vulnerability

Insecure Direct Object Reference to Authenticated Author+ Post Type Change vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Post Type Switcher versions = 4.0.0...

WordPress Team Members Showcase plugin <= 3.4.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Gregory Allegoet in WordPress Plugin Team Members Plugin versions = 3.4.0...

WordPress Google Maps plugin <= 9.0.47 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by sunghoon kim in WordPress Plugin WP Go Maps versions = 9.0.47...

WordPress Make Email Customizer for WooCommerce plugin <= 1.0.6 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Make Email Customizer for WooCommerce versions = 1.0.6...