WordPress Contest Gallery plugin <= 27.0.2 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Contest Gallery versions = 27.0.2...

WordPress Trinity Audio plugin <= 5.20.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Moose Love in WordPress Plugin Trinity Audio versions = 5.20.2...

WordPress Trinity Audio plugin <= 5.20.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Moose Love in WordPress Plugin Trinity Audio versions = 5.20.2...

WordPress Integrate Dynamics 365 CRM plugin <= 1.0.9 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Integrate Dynamics 365 CRM versions = 1.0.9...

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure vulnerability

Missing Authorization to Unauthenticated Forms and Campaigns Disclosure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin GiveWP versions = 4.10.0...

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association vulnerability

Missing Authorization to Unauthenticated Forms-Campaign Association vulnerability discovered by Rafshanzani Suhada in WordPress Plugin GiveWP versions = 4.10.0...

WordPress OAuth Single Sign On – SSO (OAuth Client) plugin <= 6.26.12 - Authentication Bypass via get_resource_owner_from_id_token() vulnerability

Authentication Bypass via getresourceownerfromidtoken vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin OAuth Single Sign On – SSO OAuth Client versions = 6.26.12...

WordPress Majestic Before After Image plugin <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Majestic Before After Image versions = 2.0.2...

WordPress WDesignKit plugin <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission Function vulnerability

Missing Authentication via wdkithandlereviewsubmission Function vulnerability discovered by Peter Thaleikis in WordPress Plugin WDesignkit versions = 1.2.16...

WordPress WP Photo Album Plus plugin <= 9.0.11.006 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wppa_user_upload vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via wppauserupload vulnerability discovered by zer0gh0st in WordPress Plugin WP Photo Album Plus versions = 9.0.11.006...

WordPress TicketSpot plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin TicketSpot versions = 1.0.2...

WordPress A Simple Multilanguage Plugin plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Multilanguage Plugin versions = 1.0...

WordPress WP SinoType plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin WP SinoType versions = 1.0...

WordPress Appy Pie Connect for WooCommerce plugin <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password vulnerability

Missing Authorization to Unauthenticated Privilege Escalation via resetuserpassword vulnerability discovered by johska in WordPress Plugin Appy Pie Connect for WooCommerce versions = 1.1.2...

WordPress Constructor plugin <= 1.6.5 - Missing Authorization to Authenticated (Subscriber+) Theme Clean vulnerability

Missing Authorization to Authenticated Subscriber+ Theme Clean vulnerability discovered by Sulabh Jain pentestmonkey11 in WordPress Theme Constructor versions = 1.6.5...

WordPress Unify plugin <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via unify_checkout Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via unifycheckout Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Unify versions = 3.4.7...

WordPress Customify theme <= 0.4.11 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Customify versions = 0.4.11...

WordPress Backup Bolt plugin <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download vulnerability

Authenticated Admin+ Arbitrary File Download vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Backup Bolt versions = 1.4.1...

WordPress Ultimate Viral Quiz plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin Ultimate Viral Quiz versions = 1.0...

WordPress SiteAlert (Formerly WP Health) plugin <= 1.9.8 - Missing Authorization to Unauthenticated Site Health Information Exposure vulnerability

Missing Authorization to Unauthenticated Site Health Information Exposure vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin SiteAlert Formerly WP Health versions = 1.9.8...

WordPress WP Photo Effects plugin <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin WP Photo Effects versions = 1.2.4...

WordPress X Addons for Elementor plugin <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Video ID Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Youtube Video ID Field vulnerability discovered by zer0gh0st in WordPress Plugin X Addons for Elementor versions = 1.0.16...

WordPress WPRecovery plugin <= 2.0 - Unauthenticated SQL Injection to Arbitrary File Deletion vulnerability

Unauthenticated SQL Injection to Arbitrary File Deletion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WPRecovery versions = 2.0...

WordPress Interactive Medical Drawing of Human Body plugin <= 2.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Interactive Medical Drawing of Human Body versions = 2.6...

WordPress Woo superb slideshow transition gallery with random effect plugin <= 9.1 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Woo superb slideshow transition gallery with random effect versions = 9.1...

WordPress Meks Easy Maps plugin <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Meks Easy Maps versions = 2.1.4...

WordPress Easy Elementor Addons plugin <= 2.2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zer0gh0st in WordPress Plugin Easy Elementor Addons versions = 2.2.9...

WordPress Notification Bar plugin <= 2.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Notification Bar versions = 2.2...

WordPress Smart Docs plugin <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Smart Docs versions = 1.1.1...

WordPress TableGen – Data Table Generator plugin <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin TableGen – Data Table Generator versions = 1.3.1...

WordPress Optimize More! – CSS plugin <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset vulnerability

Cross-Site Request Forgery to Plugin Settings Reset vulnerability discovered by Nabil Irawan in WordPress Plugin Optimize More! – CSS versions = 1.0.3...

WordPress Restrict User Registration plugin <= 1.0.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin Restrict User Registration versions = 1.0.1...

WordPress Ultimate Multi Design Video Carousel plugin <= 1.4 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan in WordPress Plugin Ultimate Multi Design Video Carousel versions = 1.4...

WordPress Wp cycle text announcement plugin <= 8.1 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Wp cycle text announcement versions = 8.1...

WordPress Ird Slider plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Ird Slider versions = 1.0.2...

WordPress ContentMX Content Publisher plugin <= 1.0.6 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin ContentMX Content Publisher versions = 1.0.6...

WordPress Mobile Site Redirect plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Mobile Site Redirect versions = 1.2.1...

WordPress WP Dispatcher plugin <= 1.2.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Craig Webb in WordPress Plugin WP Dispatcher versions = 1.2.0...

WordPress WP Dispatcher plugin <= 1.2.0 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by theviper17y in WordPress Plugin WP Dispatcher versions = 1.2.0...

WordPress JoomSport plugin <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion vulnerability

Unauthenticated Directory Traversal to Local File Inclusion vulnerability discovered by mikemyers in WordPress Plugin JoomSport versions = 5.7.3...

WordPress RestroPress plugin 3.0.0-3.2.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by kr0d in WordPress Plugin RestroPress versions 3.0.0-3.2.1...

WordPress Flexi plugin <= 4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via flexi-form-tag Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via flexi-form-tag Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Flexi – Guest Submit versions = 4.28...

WordPress Comment Info Detector plugin <= 1.0.5 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin Comment Info Detector versions = 1.0.5...

WordPress Ultra Addons Lite for Elementor plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Animated Text Field vulnerability discovered by zer0gh0st in WordPress Plugin Ultra Addons Lite for Elementor versions = 1.1.9...

WordPress TextBuilder plugin 1.0.0-1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover vulnerability

Cross-Site Request Forgery to Privilege Escalation via Account Takeover vulnerability discovered by kr0d in WordPress Plugin TextBuilder versions 1.0.0-1.1.1...

WordPress Fusion Builder plugin <= 3.13.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Fusion Builder versions = 3.13.2...

WordPress Avada theme <= 7.13.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Avada versions = 7.13.2...

WordPress JobSearch plugin < 3.0.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by ? in WordPress Plugin JobSearch versions 3.0.8...

WordPress Tooltipy plugin <= 5.5.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Tooltipy versions = 5.5.9...

WordPress Auto Bulb Finder for WordPress plugin <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Auto Bulb Finder for WordPress versions = 2.8.0...