WordPress BP Direct Menus plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BP Direct Menus versions = 1.0.0...

WordPress GutenBee plugin <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin GutenBee versions = 2.18.0...

WordPress Tiny Bootstrap Elements Light plugin <= 4.3.34 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Aril Aprilio forsak3n in WordPress Plugin Tiny Bootstrap Elements Light versions = 4.3.34...

WordPress Eulerpool Research Systems plugin <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan in WordPress Plugin Eulerpool Research Systems versions = 4.0.1...

WordPress Any News Ticker plugin <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Any News Ticker versions = 3.1.1...

WordPress Copypress Rest API plugin 1.1-1.2 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by kr0d in WordPress Plugin Copypress Rest API versions 1.1-1.2...

WordPress Nexa Blocks plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Google Maps Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Google Maps Widget vulnerability discovered by zer0gh0st in WordPress Plugin Nexa Blocks versions = 1.1.0...

WordPress The Pack Elementor addon plugin <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typing Letter Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Typing Letter Widget vulnerability discovered by zer0gh0st in WordPress Plugin The Pack Elementor addons versions = 2.1.5...

WordPress SurveyAnyplace Plugin plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Survey Anyplace versions = 1.0.0...

WordPress FancyTabs plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via title Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin FancyTabs versions = 1.1.0...

WordPress Video Gallery by Huzzaz plugin <= 10.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Video Gallery by Huzzaz versions = 10.5...

WordPress WeedMaps Menu for WordPress plugin <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via weedmaps_menu Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via weedmapsmenu Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WeedMaps Menu versions = 1.2.0...

WordPress dbview plugin <= 0.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin dbview versions = 0.5.5...

WordPress Chat by Chatwee plugin <= 2.1.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin Chat by Chatwee versions = 2.1.3...

WordPress My AskAI plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin My AskAI versions = 1.0.0...

WordPress Big Post Shipping for WooCommerce plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Big Post Shipping for WooCommerce versions = 2.1.2...

WordPress Postie plugin < 1.9.71 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Guido Iván García Duva in WordPress Plugin Postie versions 1.9.71...

WordPress Smart WeTransfer plugin <= 1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Smart WeTransfer versions = 1.3...

WordPress Custom Post Type Attachment plugin <= 3.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Custom Post Type Attachment versions = 3.4.6...

WordPress LBG Zoominoutslider plugin <= 5.4.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin LBG Zoominoutslider versions = 5.4.4...

WordPress Image&Video FullScreen Background plugin <= 1.6.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Image&Video FullScreen Background versions = 1.6.7...

WordPress Referral Link Tracker plugin <= 1.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Referral Link Tracker versions = 1.1.4...

WordPress WordPress Social Login and Register plugin <= 7.7.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by dutafi in WordPress Plugin WordPress Social Login and Register versions = 7.7.0...

WordPress Greenify theme <= 2.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Greenify versions = 2.2...

WordPress Ivory Search plugin <= 5.5.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Ivory Search versions = 5.5.12...

WordPress Query Posts plugin <= 0.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Query Posts versions = 0.3.2...

WordPress User Avatar - Reloaded plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability

WordPress User Avatar - Reloaded plugin = 1.2.2 - Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin User Avatar - Reloaded versions = 1.2.2...

WordPress WP Geo plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Geo versions = 3.5.1...

WordPress WPC Smart Messages for WooCommerce plugin <= 4.2.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WPC Smart Messages for WooCommerce versions = 4.2.7...

WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ? in WordPress Plugin BuddyPress versions = 14.3.4...

WordPress WordPress Image shrinker plugin <= 1.1.0 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by theviper17 in WordPress Plugin WordPress Image shrinker versions = 1.1.0...

WordPress WP Popup Builder plugin <= 1.3.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin WP Popup Builder versions = 1.3.6...

WordPress WP Microdata plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin WP Microdata versions = 1.0...

WordPress Popular Posts by Webline plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Popular Posts by Webline versions = 1.1.1...

WordPress Photospace Responsive plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Photospace Responsive versions = 2.2.0...

WordPress Links shortcode plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Links shortcode versions = 1.8.3...

WordPress Professional Contact Form plugin <= 1.0.0 - Cross-Site Request Forgery to Test Email Sending vulnerability

Cross-Site Request Forgery to Test Email Sending vulnerability discovered by Nabil Irawan in WordPress Plugin Professional Contact Form versions = 1.0.0...

WordPress Sync Feedly plugin <= 1.0.1 - Cross-Site Request Forgery to Sync Trigger vulnerability

Cross-Site Request Forgery to Sync Trigger vulnerability discovered by Nabil Irawan in WordPress Plugin Sync Feedly versions = 1.0.1...

WordPress cForms – Light speed fast Form Builder plugin <= 3.0.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin cForms versions = 3.0.0...

WordPress Trust Reviews plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Trust Reviews versions = 1.0...

WordPress VM Menu Reorder plugin plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin VM Menu Reorder versions = 1.0.0...

WordPress WP Statistics plugin <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header vulnerability

Unauthenticated Stored Cross-Site Scripting via User-Agent Header vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Statistics versions = 14.15.4...

WordPress Ninja Forms plugin <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion vulnerability

Cross-Site Request Forgery to Limited File Deletion vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Ninja Forms versions = 3.12.0...

WordPress Ninja Forms plugin <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Ninja Forms versions = 3.12.0...

WordPress Team Members plugin <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Team Members versions = 5.3.5...

WordPress Norebro Extra plugin <= 1.6.8 - Content Injection vulnerability

Content Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Norebro Extra versions = 1.6.8...

WordPress Workreap (theme's plugin) plugin <= 3.3.5 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Workreap theme's plugin versions = 3.3.5...

WordPress WP Recipe Maker plugin < 10.1.0 - Content Injection vulnerability

Content Injection vulnerability discovered by Najib Sinjari in WordPress Plugin WP Recipe Maker versions 10.1.0...

WordPress Icegram Express Pro plugin <= 5.9.5 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by theviper17 in WordPress Plugin Icegram Express Pro versions = 5.9.5...

WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by Najib Sinjari in WordPress Plugin Everest Forms versions = 3.4.1...