WordPress Quttera Web Malware Scanner plugin <= 3.5.1.41 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Quttera Web Malware Scanner versions = 3.5.1.41...

WordPress Essential Addons for Elementor plugin <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 6.2.2...

WordPress Graphina plugin <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Graphina versions = 3.1.3...

WordPress B Slider - Gutenberg Slider Block for WP plugin <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

WordPress B Slider - Gutenberg Slider Block for WP plugin = 2.0.0 - Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by wesley wcraft in WordPress Plugin B Slider versions = 2.0.0...

WordPress B Slider - Gutenberg Slider Block for WP plugin <= 2.0.0 - Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

WordPress B Slider - Gutenberg Slider Block for WP plugin = 2.0.0 - Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by wesley wcraft in WordPress Plugin B Slider versions = 2.0.0...

WordPress WooCommerce OTP Login With Phone Number, OTP Verification plugin <= 1.8.47 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Login with phone number versions = 1.8.47...

WordPress Order Tip for WooCommerce plugin <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts vulnerability

Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts vulnerability discovered by t.t.brothers in WordPress Plugin Order Tip for WooCommerce versions = 1.5.4...

WordPress PPWP plugin < 1.9.11 - Subscriber+ Access Bypass via REST API vulnerability

Subscriber+ Access Bypass via REST API vulnerability discovered by Pierre Rudloff in WordPress Plugin PPWP versions 1.9.11...

WordPress Injection Guard plugin < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI'] vulnerability

Reflected XSS via $SERVER'REQUESTURI' vulnerability discovered by Bob Matyas in WordPress Plugin Injection Guard versions 1.2.8...

WordPress WP Shopify plugin < 1.5.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin External Store for Shopify versions 1.5.4...

WordPress QSM plugin < 10.2.3 - Template Creation via CSRF vulnerability

Template Creation via CSRF vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Quiz And Survey Master versions 10.2.3...

WordPress Structured Content plugin < 1.7.0 - Contributor Stored XSS vulnerability

Contributor Stored XSS vulnerability discovered by Krugov Aryom in WordPress Plugin Structured Content versions 1.7.0...

WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin NetInsight Analytics Implementation Plugin versions = 1.0.3...

WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin NetInsight Analytics Implementation Plugin versions = 1.0.3...

WordPress flexo-social-gallery Plugin <= 1.0006 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin flexo-social-gallery versions = 1.0006...

WordPress Video Expander Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin Video Expander versions = 1.0...

WordPress StoryMap Plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by astra.r3verii in WordPress Plugin StoryMap versions = 2.1...

WordPress WP-Database-Optimizer-Tools Plugin <= 0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Skalucy in WordPress Plugin WP-Database-Optimizer-Tools versions = 0.2...

WordPress CodeablePress plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin CodeablePress versions = 1.0.2...

WordPress Simplified plugin <= 1.0.11 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Simplified versions = 1.0.11...

WordPress Build App Online Plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by theviper17 in WordPress Plugin Build App Online versions = 1.0.23...

WordPress WP Rentals theme <= 3.16.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme WP Rentals versions = 3.16.1...

WordPress Awesome Support plugin <= 6.3.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Awesome Support versions = 6.3.6...

WordPress Stratus Theme <= 4.2.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme App, SaaS & Software Startup Tech Theme - Stratus versions = 4.2.5...

WordPress Modernize Theme <= 3.4.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Modernize versions = 3.4.0...

WordPress Modernize Theme <= 3.4.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Modernize versions = 3.4.0...

WordPress Thim Core Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Thim Core versions = 2.3.3...

WordPress Thim Core Plugin <= 2.3.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Thim Core versions = 2.3.3...

WordPress Kalium Theme <= 3.18.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Kalium versions = 3.18.3...

WordPress Primer MyData for Woocommerce Plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Primer MyData for Woocommerce versions = 4.2.5...

WordPress RSS Feed Pro Plugin <= 1.1.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin RSS Feed Pro versions = 1.1.8...

WordPress WordLift Plugin <= 3.54.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WordLift versions = 3.54.5...

WordPress Findgo Theme <= 1.3.57 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by 0xd4rk5id3 in WordPress Theme Findgo versions = 1.3.57...

WordPress 12 Step Meeting List Plugin <= 3.18.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin 12 Step Meeting List versions = 3.18.3...

WordPress B Blocks Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin B Blocks versions = 2.0.5...

WordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Easy Elementor Addons versions = 2.2.7...

WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.9.0 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by domiee13 in WordPress Plugin Barcode Scanner with Inventory & Order Manager versions = 1.9.0...

WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability

Settings Change Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Membership versions = 1.6.3...

WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Bao BlueRock in WordPress Plugin CM On Demand Search And Replace versions = 1.5.2...

WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Bao BlueRock in WordPress Plugin CM On Demand Search And Replace versions = 1.5.2...

WordPress Webba Booking Plugin <= 6.0.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by greenhats in WordPress Plugin Webba Booking versions = 6.0.5...

WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Bao BlueRock in WordPress Plugin Embedder for Google Reviews versions = 1.7.3...

WordPress WPDM – Premium Packages Plugin <= 6.0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Mika in WordPress Plugin WPDM – Premium Packages versions = 6.0.2...

WordPress Savoy Theme <= 3.0.8 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Savoy versions = 3.0.8...

WordPress Nexter Blocks Plugin <= 4.5.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by MD ISMAIL in WordPress Plugin Nexter Blocks versions = 4.5.4...

WordPress Print My Blog Plugin <= 3.27.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Print My Blog versions = 3.27.9...

WordPress Shortcode Redirect Plugin <= 1.0.02 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Rooting in WordPress Plugin Shortcode Redirect versions = 1.0.02...

WordPress Templatera Plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin Templatera versions = 2.3.0...

WordPress JetProductGallery Plugin <= 2.2.0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetProductGallery versions = 2.2.0.2...

WordPress Quiz And Survey Master Plugin <= 10.2.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Quiz And Survey Master versions = 10.2.4...