WordPress Image Hover Effects for Elementor plugin <= 1.0.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Upload vulnerability discovered by theviper17y in WordPress Plugin Image Hover Effects for Elementor versions = 1.0.2.3...

WordPress Image Comparison Addon for Elementor plugin <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Upload vulnerability discovered by theviper17y in WordPress Plugin Image Comparison Addon for Elementor versions = 1.0.2.2...

WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by kr0d in WordPress Plugin Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One versions = 2.3.0...

WordPress CE21 Suite plugin 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via plugin Settings Update vulnerability

WordPress CE21 Suite plugin 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via plugin Settings Update vulnerability discovered by kr0d in WordPress Plugin CE21 Suite versions 2.2.1-2.3.1...

WordPress Content Locker for Elementor plugin <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Upload vulnerability discovered by theviper17y in WordPress Plugin Content Locker for Elementor versions = 1.0.3...

WordPress WP-CRM System plugin <= 3.4.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP-CRM System versions = 3.4.5...

WordPress LMB^Box Smileys plugin <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin LMB^Box Smileys versions = 3.2...

WordPress Reuse Builder plugin <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Reuse Builder versions = 1.7...

WordPress All in One Time Clock Lite plugin <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure vulnerability

Missing Authorization to Page Creation and Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin All in One Time Clock Lite versions = 2.0.3...

WordPress Multi-language Responsive Portfolio plugin <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Marco Gasi in WordPress Plugin Multi-language Responsive Portfolio versions = 1.0...

WordPress Crypto Payment Gateway with Payeer for WooCommerce plugin <= 1.0.3 - Unauthenticated Payment Bypass vulnerability

Unauthenticated Payment Bypass vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Crypto Payment Gateway with Payeer for WooCommerce versions = 1.0.3...

WordPress Import Export For WooCommerce plugin <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Import Export For WooCommerce versions = 1.6.2...

WordPress Free Quotation plugin <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Free Quotation versions = 3.1.6...

WordPress Footnotes Made Easy plugin <= 3.0.7 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Footnotes Made Easy versions = 3.0.7...

WordPress Centangle Team Showcase plugin <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Centangle Team Showcase versions = 1.0.0...

WordPress Clubmember plugin <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Clubmember versions = 0.2...

WordPress LinkedIn Resume plugin <= 2.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin LinkedIn Resume versions = 2.00...

WordPress SH Contextual Help plugin <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin SH Contextual Help versions = 3.2.1...

WordPress Pagerank Tools plugin <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Pagerank Tools versions = 1.1.5...

WordPress EM Beer Manager plugin <= 3.2.3 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin EM Beer Manager versions = 3.2.3...

WordPress Social Media WPCF7 Stop Words plugin <= 1.1.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Social Media WPCF7 Stop Words versions = 1.1.3...

WordPress MapMap plugin <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin MapMap versions = 1.1...

WordPress Elegance Menu plugin <= 1.9 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by zaim in WordPress Plugin Elegance Menu versions = 1.9...

WordPress Simple User Capabilities plugin <= 1.0 - Missing Authorization to Unauthenticated Capability Reset vulnerability

Missing Authorization to Unauthenticated Capability Reset vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin Simple User Capabilities versions = 1.0...

WordPress Simple User Capabilities plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin Simple User Capabilities versions = 1.0...

WordPress Associados Amazon plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Associados Amazon versions = 0.8...

WordPress Extensions for Leaflet Map plugin <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Extensions for Leaflet Map versions = 4.7...

WordPress MeetingList plugin <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin MeetingList versions = 0.11...

WordPress Nari Accountant plugin <= 1.0.12 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Nari Accountant versions = 1.0.12...

WordPress DominoKit plugin <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin DominoKit versions = 1.1.0...

WordPress WP Carticon plugin <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin WP Carticon versions = 1.0.0...

WordPress Posts Navigation Links for Sections and Headings plugin <= 1.0.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Posts Navigation Links for Sections and Headings versions = 1.0.1...

WordPress Label Plugins plugin <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Label Plugins versions = 0.5...

WordPress CE21 Suite plugin <= 2.3.1 - Unauthenticated Sensitive Information Exposure to Privilege Escalation vulnerability

Unauthenticated Sensitive Information Exposure to Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin CE21 Suite versions = 2.3.1...

WordPress ViaAds plugin <= 2.1.1 - Cross-Site Request Forgery to API Key Update vulnerability

Cross-Site Request Forgery to API Key Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin ViaAds versions = 2.1.1...

WordPress WP Global Screen Options plugin <= 0.2 - Cross-Site Request Forgery to Screen Options Update vulnerability

Cross-Site Request Forgery to Screen Options Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Global Screen Options versions = 0.2...

WordPress TablePress plugin <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Rafshanzani Suhada in WordPress Plugin TablePress versions = 3.2.4...

WordPress Greenshift plugin <= 12.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Data Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Chart Data Attributes vulnerability discovered by Webbernaut in WordPress Plugin Greenshift versions = 12.2.7...

WordPress Ohio Extra plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Ohio Extra versions = 3.6.0...

WordPress Kallyas theme <= 4.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Theme KALLYAS versions = 4.23.0...

WordPress Kallyas theme <= 4.24.0 - Authenticated (Contributor+) Remote Code Execution vulnerability

Authenticated Contributor+ Remote Code Execution vulnerability discovered by stealthcopter in WordPress Theme KALLYAS versions = 4.24.0...

WordPress Doccure Core plugin < 1.5.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Doccure Core versions 1.5.4...

WordPress Advanced Ads plugin <= 2.0.12 - Unauthenticated Limited Code Execution vulnerability

Unauthenticated Limited Code Execution vulnerability discovered by mikemyers in WordPress Plugin Advanced Ads versions = 2.0.12...

WordPress Tablesome plugin <= 1.1.32 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Talal Nasraddeen in WordPress Plugin Tablesome versions = 1.1.32...

WordPress Delicious Recipes plugin <= 1.9.0 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by stealthcopter and theviper17 in WordPress Plugin WP Delicious versions = 1.9.0...

WordPress Import WP plugin <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read vulnerability

Authenticated Admin+ Arbitrary File Read vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Import WP versions = 2.14.16...

WordPress wpForo Forum plugin <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection vulnerability

Authenticated Susbscriber+ SQL Injection vulnerability discovered by YCInfosec in WordPress Plugin wpForo Forum versions = 2.4.9...

WordPress WP Discourse plugin <= 2.5.9 - Authenticated (Author+) Information Exposure vulnerability

Authenticated Author+ Information Exposure vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WP Discourse versions = 2.5.9...

WordPress Qi Blocks plugin <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update vulnerability

Missing Authorization to Authenticated Contributor+ Plugin Settings Update vulnerability discovered by Adrian Lukita in WordPress Plugin Qi Blocks versions = 1.4.3...

WordPress Schema & Structured Data for WP & AMP plugin <= 1.51 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Schema & Structured Data for WP & AMP versions = 1.51...