WordPress ShortPixel Image Optimizer plugin <= 6.3.4 - Authenticated (Contributor+) Settings Import/Export vulnerability

Authenticated Contributor+ Settings Import/Export vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin ShortPixel Image Optimizer versions = 6.3.4...

WordPress GoCache plugin <= 1.3.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin GoCache versions = 1.3.6...

WordPress XStore Core plugin < 5.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin XStore Core versions 5.6...

WordPress Memberlite Shortcodes plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Memberlite Shortcodes versions = 1.4.1...

WordPress Admin Management Xtended plugin <= 2.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Admin Management Xtended versions = 2.5.1...

WordPress Sale! Immigration law, Visa services support, Migration Agent Consulting theme <= 1.5.8 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sale! Immigration law, Visa services support, Migration Agent Consulting versions = 1.5.8...

WordPress MDTF plugin <= 1.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by D01EXPLOIT in WordPress Plugin MDTF versions = 1.3.5...

WordPress KALLYAS theme < 4.25.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme KALLYAS versions 4.25.0...

WordPress Binary MLM Plan plugin <= 5.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Binary MLM Plan versions = 5.0...

WordPress Booking Manager plugin < 2.1.15 - Contributor+ Booking Deletion vulnerability

Contributor+ Booking Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Booking Manager versions 2.1.15...

WordPress WP Private Content Plus plugin <= 3.6.2 - Password Protection Bypass vulnerability

Password Protection Bypass vulnerability discovered by Lorenzo Camilli in WordPress Plugin WP Private Content Plus versions = 3.6.2...

WordPress Ally plugin <= 3.8.0 - Cross-Site Request Forgery to plugin Settings Update vulnerability

Cross-Site Request Forgery to plugin Settings Update vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ally versions = 3.8.0...

WordPress SureRank plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ? in WordPress Plugin SureRank versions = 1.3.2...

WordPress Estatik plugin <= 4.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Estatik versions = 4.3.0...

WordPress CloudSearch plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CloudSearch versions = 3.0.0...

WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability

WordPress Houzez Theme - Functionality plugin 4.2.0 - Cross Site Scripting XSS vulnerability discovered by ? in WordPress Plugin Houzez Theme - Functionality versions 4.2.0...

WordPress MeetingHub plugin <= 1.23.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin MeetingHub versions = 1.23.9...

WordPress Front End Users plugin <= 3.2.33 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Front End Users versions = 3.2.33...

WordPress Social proof testimonials and reviews by Repuso plugin <= 5.29 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Social proof testimonials and reviews by Repuso versions = 5.29...

WordPress WowRevenue plugin <= 1.2.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WowRevenue versions = 1.2.13...

WordPress MDTF plugin <= 1.3.3.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin MDTF versions = 1.3.3.8...

WordPress e2pdf plugin <= 1.28.09 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin e2pdf versions = 1.28.09...

WordPress WP Travel Gutenberg Blocks plugin <= 3.9.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Travel Gutenberg Blocks versions = 3.9.2...

WordPress Easy Post Submission plugin <= 1.7.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Easy Post Submission versions = 1.7.0...

WordPress Product Catalog Simple plugin <= 1.8.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Product Catalog Simple versions = 1.8.4...

WordPress Tab Ultimate plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Tab Ultimate versions = 1.8...

WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability

WordPress Houzez Theme - Functionality plugin 4.2.0 - Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Houzez Theme - Functionality versions 4.2.0...

WordPress Houzez Theme - Functionality plugin <= 4.1.8 - Local File Inclusion vulnerability

WordPress Houzez Theme - Functionality plugin = 4.1.8 - Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Houzez Theme - Functionality versions = 4.1.8...

WordPress One Page Express Companion plugin <= 1.6.43 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin One Page Express Companion versions = 1.6.43...

WordPress UDesign Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin UDesign Core versions = 4.14.1...

WordPress SmartCrawl plugin <= 3.14.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin SmartCrawl versions = 3.14.3...

WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for WPBakery versions = 5.10.5.1...

WordPress WPCasa plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin WPCasa versions = 1.4.1...

WordPress Event post plugin <= 5.10.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Event post versions = 5.10.3...

WordPress tagDiv Cloud Library plugin < 3.9.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin tagDiv Cloud Library versions 3.9.2...

WordPress tagDiv Composer plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin tagDiv Composer versions = 5.4.1...

WordPress Salient theme < 17.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Salient versions 17.4.0...

WordPress Event Tickets plugin <= 5.26.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by n0arafatn0 in WordPress Plugin Event Tickets versions = 5.26.3...

WordPress Blockspare plugin <= 3.2.13.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abu Hurayra in WordPress Plugin Blockspare versions = 3.2.13.2...

WordPress Pie Calendar plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Pie Calendar versions = 1.2.9...

WordPress Acknowledgify plugin <= 1.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by R1sky in WordPress Plugin Acknowledgify versions = 1.1.3...

WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme KALLYAS versions = 4.22.0...

WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme KALLYAS versions = 4.22.0...

WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.6.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Advanced Coupons for WooCommerce Coupons versions = 4.6.8...

WordPress UiChemy plugin <= 4.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Peter Thaleikis in WordPress Plugin UiChemy versions = 4.0.0...

WordPress WP SMS plugin <= 7.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin WP SMS versions = 7.0.1...

WordPress News Event theme <= 1.0.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by ? in WordPress Theme News Event versions = 1.0.1...

WordPress Sparkle FSE theme <= 1.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Theme Sparkle FSE versions = 1.0.9...

WordPress MasterStudy LMS plugin <= 3.6.20 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bibek Dhakal in WordPress Plugin MasterStudy LMS versions = 3.6.20...

WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Theme Construction Light versions = 1.6.7...