WordPress Contact Form 7 AWeber Extension plugin <= 0.1.42 - Missing Authorization to Authenticated (Subscriber+) Log Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Log Reset vulnerability discovered by Legion Hunter in WordPress Plugin Contact Form 7 AWeber Extension versions = 0.1.42...

WordPress HTML Forms plugin <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin HTML Forms versions = 1.5.5...

WordPress Smart Auto Upload Images plugin <= 1.2.0 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by Dieu Link and GCSC Vietnam in WordPress Plugin Smart Auto Upload Images versions = 1.2.0...

WordPress Download Manager plugin <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key vulnerability

Unauthenticated Cron Trigger due to Hardcoded Cron Key vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Download Manager versions = 3.3.30...

WordPress WPFunnels plugin <= 3.6.2 - Unauthorized User Registration vulnerability

Unauthorized User Registration vulnerability discovered by Ahmed Rayen Ayari in WordPress Plugin WPFunnels versions = 3.6.2...

WordPress Insert Headers and Footers Code – HT Script plugin <= 1.1.6 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Insert Headers and Footers Code – HT Script versions = 1.1.6...

WordPress WPFunnels plugin <= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal vulnerability

Authenticated Administrator+ Arbitrary File Deletion via Path Traversal vulnerability discovered by vodanh in WordPress Plugin WPFunnels versions = 3.6.2...

WordPress Groups plugin <= 3.7.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by shark3y in WordPress Plugin Groups versions = 3.7.0...

WordPress Simple Downloads List plugin <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Simple Downloads List versions = 1.4.3...

WordPress WP2Social Auto Publish plugin <= 2.4.7 - Reflected Cross-Site Scripting via PostMessage vulnerability

Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP2Social Auto Publish versions = 2.4.7...

WordPress Asgaros Forum plugin <= 3.1.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Asgaros Forum versions = 3.1.0...

WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Seriously Simple Podcasting versions = 3.13.0...

WordPress WooCommerce Recover Abandoned Cart plugin <= 24.6.0 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Plugin WooCommerce Recover Abandoned Cart versions = 24.6.0...

WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Seriously Simple Podcasting versions = 3.13.0...

WordPress Hub Core plugin <= 5.0.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Hub Core versions = 5.0.8...

WordPress WooCommerce Ultimate Points And Rewards plugin <= 2.10.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Denver Jackson in WordPress Plugin WooCommerce Ultimate Points And Rewards versions = 2.10.2...

WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Client Invoicing by Sprout Invoices versions = 20.8.7...

WordPress SUMO Affiliates Pro plugin <= 11.0.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Denver Jackson in WordPress Plugin SUMO Affiliates Pro versions = 11.0.0...

WordPress Follow My Blog Post plugin <= 2.3.9 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Denver Jackson in WordPress Plugin Follow My Blog Post versions = 2.3.9...

WordPress WP Delicious plugin <= 1.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin WP Delicious versions = 1.9.1...

WordPress Traveler Option Tree plugin <= 2.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Denver Jackson in WordPress Plugin Traveler Option Tree versions = 2.8...

WordPress Restaurant Menu by MotoPress plugin <= 2.4.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Restaurant Menu by MotoPress versions = 2.4.7...

WordPress Travelers' Map plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Travelers' Map versions = 2.3.2...

WordPress New User Approve plugin <= 3.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Psai in WordPress Plugin New User Approve versions = 3.2.3...

WordPress Auto Prune Posts plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Auto Prune Posts versions = 3.0.0...

WordPress myCred plugin <= 2.9.7.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Psai in WordPress Plugin myCred versions = 2.9.7.6...

WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.10...

WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.0.3...

WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin Ultimate FAQ versions = 2.4.3...

WordPress PowerPress Podcasting plugin <= 11.13.12 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin PowerPress Podcasting versions = 11.13.12...

WordPress WP Content Pilot plugin <= 2.1.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Content Pilot versions = 2.1.7...

WordPress Geo Controller plugin <= 8.9.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Geo Controller versions = 8.9.4...

WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Login Page Customizer Customizer Login Page, Admin Page, Custom Design versions = 2.1.1...

WordPress Traveler theme < 3.2.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Traveler versions 3.2.6...

WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Traveler versions = 3.2.6...

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.2...

WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin ZoloBlocks versions = 2.3.11...

WordPress Uncanny Automator plugin < 6.10.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin Uncanny Automator versions 6.10.0...

WordPress Traveler theme < 3.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Traveler versions 3.2.6...

WordPress Page & Post Notes plugin <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Note Update/Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Page & Post Notes versions = 1.3.4...

WordPress WP Airbnb Review Slider plugin <= 4.2 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by CyberResearchHub.com in WordPress Plugin WP Airbnb Review Slider versions = 4.2...

WordPress Gravity Forms plugin <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' vulnerability

Unauthenticated Arbitrary File Upload via 'copypostimage' vulnerability discovered by Talal Nasraddeen in WordPress Plugin Gravity Forms versions = 2.9.20...

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function vulnerability

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via idonatedonorpassword Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.1.5-2.1.9...

WordPress IDonate plugin 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Function vulnerability

WordPress IDonate plugin 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Deletion via adminpostdonordelete Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.0.0-2.1.9...

WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability

WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin LC Wizard versions 1.2.10-1.3.0...

WordPress Ace User Management plugin <= 2.0.3 - Subscriber+ Authentication Bypass via Password Rest vulnerability

Subscriber+ Authentication Bypass via Password Rest vulnerability discovered by aschoiloa1890 in WordPress Plugin Ace User Management versions = 2.0.3...

WordPress Download Counter Button plugin <= 1.8.6.7 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Download Counter Button versions = 1.8.6.7...

WordPress Elementinvader Addons for Elementor plugin < 1.4.1 – Unauthenticated Arbitrary Email Sending vulnerability

Unauthenticated Arbitrary Email Sending vulnerability discovered by Lucas Montes in WordPress Plugin ElementInvader Addons for Elementor versions 1.4.1...

WordPress FunnelKit plugin < 3.12.0.1 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Marc Montpas in WordPress Plugin Funnel Builder by FunnelKit versions 3.12.0.1...

WordPress Traveler theme < 3.2.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Traveler versions 3.2.6...