WordPress 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin <= 2.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin 百度站长SEO合集支持百度/神马/Bing/头条推送 versions = 2.1.4...

WordPress Sendle Shipping plugin <= 6.02 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Sendle Shipping versions = 6.02...

WordPress Raychat plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Raychat versions = 2.2.1...

WordPress ListingPro Lead Form plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin ListingPro Lead Form versions = 1.0.2...

WordPress Headline Analyzer plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Headline Analyzer versions = 1.3.7...

WordPress Business Directory plugin <= 6.4.18 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Hoang Tuan Kiet in WordPress Plugin Business Directory versions = 6.4.18...

WordPress BuddyForms plugin <= 2.9.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin BuddyForms versions = 2.9.0...

WordPress ListingPro Lead Form plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin ListingPro Lead Form versions = 1.0.2...

WordPress Pondol BBS plugin <= 1.1.8.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hy30nq in WordPress Plugin Pondol BBS versions = 1.1.8.4...

WordPress WebinarPress plugin <= 1.33.28 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WebinarPress versions = 1.33.28...

WordPress ListingPro theme <= 2.9.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme ListingPro versions = 2.9.9...

WordPress ListingPro plugin <= 2.9.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin ListingPro versions = 2.9.9...

WordPress Attesa Extra plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Attesa Extra versions = 1.4.7...

WordPress Stockholm Core plugin <= 2.4.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Stockholm Core versions = 2.4.6...

WordPress Stockholm Core plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Stockholm Core versions = 2.4.6...

WordPress Stockholm theme <= 9.14.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Stockholm versions = 9.14.1...

WordPress Stockholm theme <= 9.14.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Stockholm versions = 9.14.1...

WordPress Savory theme <= 2.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by ? in WordPress Theme Savory versions = 2.5...

WordPress Revolution theme < 2.5.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by ? in WordPress Theme Revolution versions 2.5.8...

WordPress RTMKit plugin <= 1.6.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by ? in WordPress Plugin RTMKit versions = 1.6.5...

WordPress Search & Go theme <= 2.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Search & Go versions = 2.7...

WordPress Link Whisper Free plugin <= 0.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Link Whisper Free versions = 0.9.1...

WordPress REHub Framework plugin <= 19.9.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin REHub Framework versions = 19.9.8...

WordPress Rehub theme < 19.9.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Rehub versions 19.9.9.1...

WordPress NextMove Lite plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NextMove Lite versions = 2.23.0...

WordPress Eduma theme <= 5.7.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Eduma versions = 5.7.6...

WordPress Eduma theme <= 5.7.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Eduma versions = 5.7.6...

WordPress Booster for WooCommerce plugin <= 7.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Booster for WooCommerce versions = 7.3.2...

WordPress WP Last Modified Info plugin <= 1.9.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Last Modified Info versions = 1.9.2...

WordPress DirectoryPress plugin <= 3.6.25 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin DirectoryPress versions = 3.6.25...

WordPress Related Posts Lite plugin <= 1.12 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Tst23@1 in WordPress Plugin Related Posts Lite versions = 1.12...

WordPress Theme Editor plugin <= 3.0 - Cross-Site Request Forgery to Remote Code Execution vulnerability

Cross-Site Request Forgery to Remote Code Execution vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Theme Editor versions = 3.0...

WordPress Kognetiks Chatbot plugin <= 2.3.5 - Missing Authorization to Unauthenticated Limited File Uploads and Conversation Erasing vulnerability

Missing Authorization to Unauthenticated Limited File Uploads and Conversation Erasing vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Kognetiks Chatbot for WordPress versions = 2.3.5...

WordPress PowerBI Embed Reports plugin <= 1.2.0 - Unauthenticated Sensitive Information Disclosure vulnerability

Unauthenticated Sensitive Information Disclosure vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin PowerBI Embed Reports versions = 1.2.0...

WordPress LearnPress plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation vulnerability

Missing Authorization to Unauthenticated Database Table Manipulation vulnerability discovered by Lucas Montes Nirox in WordPress Plugin LearnPress versions = 4.2.9.3...

WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Essential Blocks for Gutenberg versions = 5.7.1...

WordPress WPC Smart Quick View for WooCommerce plugin <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product Exposure vulnerability

Insecure Direct Object Reference to Unauthenticated Private Product Exposure vulnerability discovered by Lucas Montes Nirox in WordPress Plugin WPC Smart Quick View for WooCommerce versions = 4.2.5...

WordPress FileBird plugin <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset vulnerability

Improper Authorization to Authenticated Author+ Settings Reset vulnerability discovered by fuchong jun in WordPress Plugin Filebird versions = 6.4.9...

WordPress WPBakery Page Builder plugin <= 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin WPBakery Page Builder versions = 8.6...

WordPress PPOM – Product Addons & Custom Fields for WooCommerce plugin <= 33.0.15 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Talal Nasraddeen in WordPress Plugin PPOM for WooCommerce versions = 33.0.15...

WordPress PPOM – Product Addons & Custom Fields for WooCommerce plugin <= 33.0.15 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Talal Nasraddeen in WordPress Plugin PPOM for WooCommerce versions = 33.0.15...

WordPress Event Tickets and Registration plugin <= 5.26.5 - Unauthenticated Ticket Payment Bypass vulnerability

Unauthenticated Ticket Payment Bypass vulnerability discovered by Jack Pas Dark. in WordPress Plugin Event Tickets versions = 5.26.5...

WordPress Image optimization service by Optimole plugin <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload vulnerability

Insecure Direct Object Reference to Authenticated Author+ Media Offload vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Optimole versions = 4.1.0...

WordPress GSpeech TTS – WordPress Text To Speech Plugin plugin <= 3.17.13 - Authenticated (Admin+) SQL injection vulnerability

Authenticated Admin+ SQL injection vulnerability discovered by Moose Love in WordPress Plugin GSpeech TTS versions = 3.17.3...

WordPress WP Go Maps (formerly WP Google Maps) plugin <= 9.0.48 - Unauthenticated Cache Poisoning vulnerability

Unauthenticated Cache Poisoning vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Go Maps versions = 9.0.48...

WordPress Redirection for Contact Form 7 plugin <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via qs_date Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via qsdate Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.6...

WordPress WPC Smart Wishlist for WooCommerce plugin <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WPC Smart Wishlist for WooCommerce versions = 5.0.4...

WordPress Media Library Assistant plugin <= 3.29 - Unauthenticated Limited File Read vulnerability

Unauthenticated Limited File Read vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Media LIbrary Assistant versions = 3.29...

WordPress XX2WP Integration Tools plugin <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin XX2WP Integration Tools versions = 1.9.9...

WordPress Essential Blocks plugin <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Essential Blocks for Gutenberg versions = 5.7.1...