WordPress Trinity Audio plugin <= 5.21.0 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Moose Love in WordPress Plugin Trinity Audio versions = 5.21.0...

WordPress Enable Media Replace plugin <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via filemodified Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Enable Media Replace versions = 4.1.6...

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.1.6 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by dutafi in WordPress Plugin NEX-Forms versions = 9.1.6...

WordPress Draft List plugin <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Draft List versions = 2.6.1...

WordPress My Auctions Allegro plugin <= 3.6.31 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin My auctions allegro versions = 3.6.31...

WordPress WP Freeio plugin <= 1.2.21 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin WP Freeio versions = 1.2.21...

WordPress Everest Backup plugin <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure vulnerability

Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by netranger in WordPress Plugin Everest Backup versions = 2.3.5...

WordPress Publitio plugin <= 2.2.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by n0arafatn0 in WordPress Plugin Publitio versions = 2.2.5...

WordPress WoodMart theme < 8.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme WoodMart versions 8.3.2...

WordPress Everest Backup plugin <= 2.3.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Everest Backup versions = 2.3.8...

WordPress Did Prestashop Display plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Did Prestashop Display versions = 1.0.30...

WordPress MSTW CSV EXPORTER plugin <= 1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jin Yub in WordPress Plugin MSTW CSV EXPORTER versions = 1.4...

WordPress WP Gmail SMTP plugin <= 1.0.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin WP Gmail SMTP versions = 1.0.7...

WordPress Noisa theme <= 2.6.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Noisa versions = 2.6.0...

WordPress HomeRoofer theme <= 2.11.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme HomeRoofer versions = 2.11.0...

WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions 3.21.1...

WordPress Next Page, Not Next Post plugin <= 0.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Next Page, Not Next Post versions = 0.3.0...

WordPress WP Mapbox GL JS Maps plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Mapbox GL JS Maps versions = 3.0.1...

WordPress Events Maker by dFactory plugin <= 1.6.14 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Events Maker by dFactory versions = 1.6.14...

WordPress Blox Lite plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Blox Lite versions = 1.2.8...

WordPress Open Currency Converter plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Open Currency Converter versions = 1.5.0...

WordPress WP JobHunt plugin <= 7.6 Authenticated (Custom+) Authorization Bypass vulnerability

WordPress WP JobHunt plugin = 7.6 Authenticated Custom+ Authorization Bypass vulnerability discovered by meghnine islem in WordPress Plugin WP JobHunt versions = 7.6...

WordPress WP JobHunt plugin <= 7.6 - Authenticated (Candidate+) Stored Cross-Site Scripting via ‘cs_job_title’ vulnerability

Authenticated Candidate+ Stored Cross-Site Scripting via ‘csjobtitle’ vulnerability discovered by meghnine islem in WordPress Plugin WP JobHunt versions = 7.6...

WordPress Slider Revolution plugin <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary File Read vulnerability discovered by stealthcopter in WordPress Plugin Slider Revolution versions = 6.7.37...

WordPress tagDiv Composer plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ? in WordPress Plugin tagDiv Composer versions = 5.4.1...

WordPress Survey Maker plugin <= 5.1.8.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Kim YunJi in WordPress Plugin Survey Maker versions = 5.1.8.8...

WordPress Survey Maker plugin <= 5.1.8.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by balejin in WordPress Plugin Survey Maker versions = 5.1.8.8...

WordPress All In One Login plugin <= 2.0.8 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by R1sky in WordPress Plugin All In One Login versions = 2.0.8...

WordPress AppExperts plugin <= 1.4.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin AppExperts versions = 1.4.5...

WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Smash Balloon Social Post Feed versions = 4.3.2...

WordPress Reoon Email Verifier plugin <= 2.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Reoon Email Verifier versions = 2.0.1...

WordPress Grevo theme <= 2.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by ? in WordPress Theme Grevo versions = 2.4...

WordPress Salient Portfolio theme <= 1.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Salient Portfolio versions = 1.8.2...

WordPress Media LIbrary Assistant plugin <= 3.29 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Certus Cybersecurity in WordPress Plugin Media LIbrary Assistant versions = 3.29...

WordPress Post List Featured Image plugin <= 0.5.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Post List Featured Image versions = 0.5.9...

WordPress Salient Shortcodes plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Salient Shortcodes versions = 1.5.4...

WordPress Find Me On plugin <= 2.0.9.1 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Find Me On versions = 2.0.9.1...

WordPress Betheme plugin <= 28.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'pagetitle' vulnerability discovered by Zbigniew Piotrak in WordPress Theme Betheme versions = 28.1.6...

WordPress PopupKit plugin <= 2.1.3 - Unauthenticated SQL Injection via 'id' vulnerability

Unauthenticated SQL Injection via 'id' vulnerability discovered by Rafshanzani Suhada in WordPress Plugin PopupKit versions = 2.1.3...

WordPress Search & Go - Directory WordPress Theme plugin <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover vulnerability

WordPress Search & Go - Directory WordPress Theme plugin = 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover vulnerability discovered by khanhhnahk1 in WordPress Theme Search & Go versions = 2.7...

WordPress WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin <= 6.6.7 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by wesley wcraft in WordPress Plugin WP Travel Engine versions = 6.6.7...

WordPress WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via File Renaming vulnerability discovered by wesley wcraft in WordPress Plugin WP Travel Engine versions = 6.6.7...

WordPress Lisfinity Core plugin <= 1.4.0 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Lisfinity Core versions = 1.4.0...

WordPress Cookie Notice & Consent plugin <= 1.6.5 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Cookie Notice & Consent versions = 1.6.5...

WordPress WP Go Maps (formerly WP Google Maps) plugin <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Go Maps versions = 9.0.46...

WordPress Welcart e-Commerce plugin <= 2.11.21 - Authenticated (Author+) SQL Injection via Cookie vulnerability

Authenticated Author+ SQL Injection via Cookie vulnerability discovered by Peter Thaleikis in WordPress Plugin Welcart e-Commerce versions = 2.11.21...

WordPress Salient Core plugin <= 3.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Salient Core versions = 3.0.8...

WordPress Joly theme <= 1.22.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Joly versions = 1.22.0...

WordPress Fix Multiple Redirects plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Fix Multiple Redirects versions = 1.2.3...

WordPress Password only login plugin <= 0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Password only login versions = 0.2...