WordPress TopBar plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by jsonc in WordPress Plugin TopBar versions = 1.0.0...

WordPress Oceanpayment CreditCard Gateway plugin <= 6.0 - Missing Authentication to Unauthenticated Order Status Update vulnerability

Missing Authentication to Unauthenticated Order Status Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Oceanpayment CreditCard Gateway versions = 6.0...

WordPress Shortcode Button plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Shortcode Button versions = 1.1.9...

WordPress Zip Attachments plugin <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure vulnerability

Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Zip Attachments versions = 1.6...

WordPress Quick Social Login plugin <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Quick Social Login versions = 1.4.6...

WordPress Zip Attachments plugin <= 1.6 - Missing Authorization to Limited File Deletion vulnerability

Missing Authorization to Limited File Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Zip Attachments versions = 1.6...

WordPress Flex QR Code Generator plugin <= 1.2.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by johska in WordPress Plugin Flex QR Code Generator versions = 1.2.5...

WordPress OwnID Passwordless Login plugin <= 1.3.4 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin OwnID Passwordless Login versions = 1.3.4...

WordPress Dynamically Display Posts plugin <= 1.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by dayea song in WordPress Plugin Dynamically Display Posts versions = 1.1...

WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module vulnerability

Stored Cross-Site Scripting via Custom JS Module vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WPBakery Page Builder versions = 8.6.1...

WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode vulnerability

Stored Cross-Site Scripting via vccustomheading Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WPBakery Page Builder versions = 8.6.1...

WordPress Quick Featured Images plugin <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation vulnerability

Insecure Direct Object Reference to Image Manipulation vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Quick Featured Images versions = 13.7.2...

WordPress Ova Advent plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Marco Wotschka in WordPress Plugin Ova Advent versions = 1.1.7...

WordPress Lisfinity Core plugin <= 1.4.0 - Unauthenticated Privilege Escalation to Editor vulnerability

Unauthenticated Privilege Escalation to Editor vulnerability discovered by Alyudin Nafiie in WordPress Plugin Lisfinity Core versions = 1.4.0...

WordPress XStore theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion vulnerability

Authenticated Subscriber+ Local File Inclusion vulnerability discovered by khanhhnahk1 in WordPress Theme XStore versions = 9.5.4...

WordPress Pz-LinkCard plugin < 2.5.7 - Contributor+ SSRF vulnerability

Contributor+ SSRF vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Pz-LinkCard versions 2.5.7...

WordPress Simple SEO plugin < 2.0.32 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Simple SEO versions 2.0.32...

WordPress WoodMart theme < 8.3.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme WoodMart versions 8.3.2...

WordPress TempTool [Show Current Template Info] plugin <= 1.3.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by MD ISMAIL in WordPress Plugin TempTool Show Current Template Info versions = 1.3.1...

WordPress Penci Bookmark & Follow plugin < 2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Bookmark & Follow versions 2.4...

WordPress Revive Old Posts plugin <= 9.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Revive Old Posts versions = 9.3.3...

WordPress Simple Job Board plugin <= 2.13.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin Simple Job Board versions = 2.13.7...

WordPress Welcart e-Commerce plugin <= 2.11.24 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Welcart e-Commerce versions = 2.11.24...

WordPress replyMail plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin replyMail versions = 1.2.0...

WordPress Case Addons plugin < 1.3.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by ? in WordPress Plugin Case Addons versions 1.3.0...

WordPress SureForms – Drag and Drop Form Builder for WordPress plugin <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Information Disclosure vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin SureForms versions = 1.12.1...

WordPress ChatBot plugin <= 7.7.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin ChatBot versions = 7.7.3...

WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by ? in WordPress Plugin TheGem Demo Import for WPBakery versions = 5.10.5...

WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.10.5.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by ? in WordPress Plugin TheGem Theme Elements for WPBakery versions = 5.10.5.1...

WordPress Block Country plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Block Country versions = 1.0...

WordPress Slick Google Map plugin <= 0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Slick Google Map versions = 0.3...

WordPress wpNamedUsers plugin <= 0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin wpNamedUsers versions = 0.5...

WordPress Simple Stripe plugin <= 0.9.17 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Simple Stripe versions = 0.9.17...

WordPress The Plus Addons for Elementor plugin < 6.3.16 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Tan Nguyen in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions 6.3.16...

WordPress Colibri Page Builder plugin <= 1.0.334 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_newsletter Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via colibrinewsletter Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Colibri Page Builder versions = 1.0.334...

WordPress GSheetConnector For Gravity Forms plugin <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation vulnerability

Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation vulnerability discovered by wesley wcraft in WordPress Plugin Gravity Forms Google Sheet Connector versions = 1.3.23...

WordPress GSheetConnector For Gravity Forms plugin <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Installation vulnerability discovered by wesley wcraft in WordPress Plugin Gravity Forms Google Sheet Connector versions = 1.3.27...

WordPress Newsup theme <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Installation vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Newsup versions = 5.0.10...

WordPress Stock History & Reports Manager for WooCommerce plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Stock History & Reports Manager for WooCommerce versions = 2.2.1...

WordPress WidgetPack Comment System plugin <= 1.6.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Claw.k in WordPress Plugin WidgetPack Comment System versions = 1.6.1...

WordPress Web Accessibility By accessiBe plugin <= 2.10 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Moose Love in WordPress Plugin Web Accessibility By accessiBe versions = 2.10...

WordPress Page Blocks plugin <= 1.1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Claw.k in WordPress Plugin Page Blocks versions = 1.1.0...

WordPress WP Scraper plugin <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Valatty in WordPress Plugin TwentyFourth WP Scraper versions = 5.8.1...

WordPress WP Easy Toggles plugin <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WP Easy Toggles versions = 1.9.0...

WordPress WooCommerce Designer Pro plugin <= 1.9.26 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Tonn in WordPress Plugin WooCommerce Designer Pro versions = 1.9.26...

WordPress Code Quality Control Tool plugin <= 0.1 - Unauthenticated Information Exposure via Log Files vulnerability

Unauthenticated Information Exposure via Log Files vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Code Quality Control Tool versions = 0.1...

WordPress Course Redirects for Learndash Plugin plugin <= 0.4 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Course Redirects for Learndash versions = 0.4...

WordPress Education WordPress Theme | HiStudy theme < 3.1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Theme Education WordPress Theme | HiStudy versions 3.1.0...

WordPress Error Log Viewer by BestWebSoft plugin <= 1.1.6 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Duc Manh in WordPress Plugin Error Log Viewer by BestWebSoft versions = 1.1.6...

WordPress Custom 404 Pro plugin <= 3.12.0 - Authenticated (Administrator+) SQL Injection via `path` Parameter vulnerability

Authenticated Administrator+ SQL Injection via path Parameter vulnerability discovered by jamaal in WordPress Plugin Custom 404 Pro versions = 3.12.0...