WordPress Hide WP Toolbar Plugin <= 2.7 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin Hide WP Toolbar versions = 2.7...

WordPress SALESmanago Plugin <= 3.8.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin SALESmanago versions = 3.8.1...

WordPress SALESmanago Plugin <= 3.8.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin SALESmanago versions = 3.8.1...

WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Helpdesk Support Ticket System for WooCommerce versions = 2.1.1...

WordPress WP-Members Plugin <= 3.5.4.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin WP-Members versions = 3.5.4.2...

WordPress TZ PlusGallery Plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Jieun Kim in WordPress Plugin TZ PlusGallery versions = 1.5.5...

WordPress Team Plugin <= 5.0.6 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Team versions = 5.0.6...

WordPress CardCom Payment Gateway plugin <= 3.5.0.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin CardCom Payment Gateway versions = 3.5.0.5...

WordPress Flexible PDF Invoices for WooCommerce & WordPress Plugin <= 6.0.13 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by theviper17 in WordPress Plugin Flexible PDF Invoices for WooCommerce & WordPress versions = 6.0.13...

WordPress Advanced Appointment Booking & Scheduling plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Advanced Appointment Booking & Scheduling versions = 2.1...

WordPress AuthorSure Plugin <= 2.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin AuthorSure versions = 2.3...

WordPress Safety Exit Plugin <= 1.8.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Safety Exit versions = 1.8.0...

WordPress WP Social Widget Plugin <= 2.3.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin WP Social Widget versions = 2.3.1...

WordPress Advance Portfolio Grid plugin <= 1.07.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Advance Portfolio Grid versions = 1.07.6...

WordPress BP Disable Activation Reloaded Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin BP Disable Activation Reloaded versions = 1.2.1...

WordPress MakeStories (for Google Web Stories) Plugin <= 3.0.4 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin MakeStories for Google Web Stories versions = 3.0.4...

WordPress Ultimate Watermark Plugin <= 1.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin Ultimate Watermark versions = 1.1...

WordPress WP Subtitle Plugin <= 3.4.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin WP Subtitle versions = 3.4.1...

WordPress WP Events Manager Plugin <= 2.2.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin WP Events Manager versions = 2.2.1...

WordPress Uncanny Toolkit for LearnDash Plugin <= 3.7.0.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Uncanny Toolkit for LearnDash versions = 3.7.0.3...

WordPress WordPress Widgets Shortcode Plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WordPress Widgets Shortcode versions = 1.0.3...

WordPress Blog Designer Plugin <= 3.1.8 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Blog Designer versions = 3.1.8...

WordPress Clariti Plugin <= 1.2.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin Clariti versions = 1.2.1...

WordPress Mail Baby SMTP plugin <= 2.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Mail Baby SMTP versions = 2.8...

WordPress Geolocation IP Detection plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Geolocation IP Detection versions = 5.5.0...

WordPress Upcoming Events Lists Plugin <= 1.4.0 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by Nabil Irawan in WordPress Plugin Upcoming Events Lists versions = 1.4.0...

WordPress DethemeKit For Elementor Plugin <= 2.1.10 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin DethemeKit For Elementor versions = 2.1.10...

WordPress Buckets Plugin <= 0.3.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Buckets versions = 0.3.9...

WordPress Trustpilot Reviews Plugin <= 2.5.925 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Trustpilot Reviews versions = 2.5.925...

WordPress E-namad & Shamed Logo Manager Plugin <= 2.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Bao BlueRock in WordPress Plugin E-namad & Shamed Logo Manager versions = 2.2...

WordPress WPKoi Templates for Elementor Plugin <= 3.4.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin WPKoi Templates for Elementor versions = 3.4.3...

WordPress Memberful plugin <= 1.75.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Memberful - Membership Plugin versions = 1.75.0...

WordPress Compact Archives plugin <= 4.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Compact Archives versions = 4.1.0...

WordPress GD bbPress Tools Plugin <= 3.5.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin GD bbPress Tools versions = 3.5.3...

WordPress Javo Core Plugin <= 3.0.0.266 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Bonds in WordPress Plugin Javo Core versions = 3.0.0.266...

WordPress DriCub Theme <= 2.9 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Bonds in WordPress Theme DriCub versions = 2.9...

WordPress DriCub Theme <= 2.9 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Bonds in WordPress Theme DriCub versions = 2.9...

WordPress WP Gravity Forms Keap/Infusionsoft plugin <= 1.2.6 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Bonds in WordPress Plugin WP Gravity Forms Keap/Infusionsoft versions = 1.2.6...

WordPress Social Pug Plugin <= 1.35.2 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Hubbub Lite versions = 1.35.2...

WordPress Participants Database Plugin <= 2.7.6.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Participants Database versions = 2.7.6.3...

WordPress CP Multi View Event Calendar plugin <= 1.4.34 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin CP Multi View Event Calendar versions = 1.4.34...

WordPress SV Proven Expert Plugin <= 2.0.06 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin SV Proven Expert versions = 2.0.06...

WordPress Content Mask plugin <= 1.8.5.2 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Content Mask versions = 1.8.5.2...

WordPress Content Mask plugin <= 1.8.5.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Nabil Irawan in WordPress Plugin Content Mask versions = 1.8.5.3...

WordPress CouponXxL Theme <= 4.5.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Bonds in WordPress Theme CouponXxL versions = 4.5.0...

WordPress Quiz Maker Plugin <= 6.7.0.64 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Muhammad Zidan Ali Mansur in WordPress Plugin Quiz Maker versions = 6.7.0.64...

WordPress Quiz Maker Plugin <= 6.7.0.65 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Muhammad Zidan Ali Mansur in WordPress Plugin Quiz Maker versions = 6.7.0.65...

WordPress CF7 Submissions Plugin <= 0.26 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin CF7 Submissions versions = 0.26...

WordPress Ultimate Store Kit Elementor Addons plugin <= 2.8.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 2.8.6...

WordPress Mail Subscribe List Plugin <= 2.1.10 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Mail Subscribe List versions = 2.1.10...