WordPress SM CountDown Widget plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin SM CountDown Widget versions = 1.2...

Drupal CivicTheme Design System module < 1.12.0 - Unauthenticated Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure vulnerability discovered by Lee Rowlands larowlan in WordPress Module CivicTheme Design System versions 1.12.0...

WordPress Print Button Shortcode plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Print Button Shortcode versions = 1.0.1...

WordPress Cinza Grid plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Skin Content Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Skin Content Field vulnerability discovered by Nabil Irawan in WordPress Plugin Cinza Grid versions = 1.2.1...

Drupal CivicTheme Design System module < 1.12.0 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Adam Bramley acbramley in WordPress Module CivicTheme Design System versions 1.12.0...

WordPress Oboxmedia Ads plugin <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Oboxmedia Ads versions = 1.9.8...

WordPress WP Responsive Meet The Team plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Responsive Meet The Team versions = 1.0.1...

WordPress Photographers galleries plugin <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Photographers galleries versions = 1.1.8...

WordPress Responsive iframe GoogleMap plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Responsive iframe GoogleMap versions = 1.0.2...

WordPress Material Design Iconic Font Integration plugin <= 2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Material Design Iconic Font Integration versions = 2...

WordPress Bg Book Publisher plugin <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Bg Book Publisher versions = 1.25...

WordPress Simple Youtube Shortcode plugin <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Simple Youtube Shortcode versions = 1.1.3...

WordPress Simple Business Data plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Business Data versions = 1.0.1...

WordPress This-or-That plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin This-or-That versions = 1.0.4...

WordPress WP-Thumbnail plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin WP-Thumbnail versions = 1.1...

WordPress JB News Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin JB News Ticker versions = 1.0...

WordPress WP Restaurant Listings plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Restaurant Listings versions = 1.0.2...

WordPress Playerzbr plugin <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Meta Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via URL Meta Field vulnerability discovered by Nabil Irawan in WordPress Plugin Playerzbr versions = 1.6...

WordPress Responsive Progress Bar plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Responsive Progress Bar versions = 1.0...

WordPress Email Tracker plugin <= 5.3.12 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by dutafi in WordPress Plugin Email Tracker versions = 5.3.12...

WordPress WP AD Gallery plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP AD Gallery versions = 1.3...

WordPress ST Categories Widget plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin ST Categories Widget versions = 1.0.0...

WordPress Flexible Refund and Return Order for WooCommerce plugin <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Order Refund vulnerability discovered by Powpy in WordPress Plugin Flexible Refund and Return Order for WooCommerce versions = 1.0.38...

WordPress WP-Force Images Download plugin <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP-Force Images Download versions = 1.8...

WordPress PixelYourSite plugin <= 11.1.2 – Cross-Site Request Forgery to GDPR Options Modification vulnerability

Cross-Site Request Forgery to GDPR Options Modification vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 11.1.2...

WordPress Welcart e-Commerce plugin <= 2.11.22 - Authenticated (Editor+) Stored Cross-Site Scripting via order_mail vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via ordermail vulnerability discovered by Miguel Santareno in WordPress Plugin Welcart e-Commerce versions = 2.11.22...

WordPress Simple Banner plugin <= 3.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Cody Sixteen in WordPress Plugin Simple Banner versions = 3.0.10...

WordPress FormGent plugin < 1.0.4 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin FormGent versions 1.0.4...

WordPress Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.5.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Cookie Notice & Compliance for GDPR / CCPA versions = 2.5.8...

WordPress Motors theme <= 5.6.81 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Motors versions = 5.6.81...

WordPress Enfold theme <= 7.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Enfold versions = 7.1.2...

WordPress Dynamic User Directory plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jin Yub in WordPress Plugin Dynamic User Directory versions = 2.3...

WordPress Ajax Search Lite plugin <= 4.13.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Valentinos Chouris in WordPress Plugin Ajax Search Lite versions = 4.13.3...

WordPress Bard theme <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Bard versions = 1.6...

WordPress Litho Addons plugin <= 3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin Litho Addons versions = 3.5...

WordPress Codiqa theme < 1.2.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Codiqa versions 1.2.8...

WordPress WP Gravity Forms Zoho CRM and Bigin plugin <= 1.2.8 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Bonds in WordPress Plugin WP Gravity Forms Zoho CRM and Bigin versions = 1.2.8...

WordPress Stockie Extra plugin <= 1.2.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Bonds in WordPress Plugin Stockie Extra versions = 1.2.11...

WordPress Stockie Extra plugin <= 1.2.11 - Content Injection vulnerability

Content Injection vulnerability discovered by Bonds in WordPress Plugin Stockie Extra versions = 1.2.11...

WordPress Hercules Core plugin <= 7.4 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Plugin Hercules Core versions = 7.4...

WordPress Reservation Plugin plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Reservation Plugin versions = 1.6...

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by an unknown individual in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.2...

WordPress King Addons for Elementor plugin <= 51.1.36 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Abu Hurayra in WordPress Plugin King Addons for Elementor versions = 51.1.36...

WordPress King Addons for Elementor plugin <= 51.1.36 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Najib Sinjari in WordPress Plugin King Addons for Elementor versions = 51.1.36...

WordPress Persian Admnin Fonts plugin <= 4.1.03 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Persian Admnin Fonts versions = 4.1.03...

WordPress Element Pack Addons for Elementor plugin <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Blind Server-Side Request Forgery vulnerability discovered by LionTree in WordPress Plugin Element Pack Elementor Addons versions = 8.2.5...

WordPress ACF to REST API plugin <= 3.3.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mohamad Fattyr in WordPress Plugin ACF to REST API versions = 3.3.4...

WordPress KiotViet Sync plugin <= 1.8.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin KiotViet Sync versions = 1.8.5...

WordPress Whydonate plugin <= 4.0.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Whydonate versions = 4.0.15...

WordPress WPC Countdown Timer for WooCommerce plugin <= 3.1.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WPC Countdown Timer for WooCommerce versions = 3.1.4...