WordPress Like & Share My Site plugin <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Like & Share My Site versions = 0.2...

WordPress Orion Login with SMS plugin <= 1.0.5 - Authenticated Bypass via Weak OTP vulnerability

Authenticated Bypass via Weak OTP vulnerability discovered by kr0d in WordPress Plugin Orion Login with SMS versions = 1.0.5...

WordPress Nginx Cache Purge Preload plugin <= 2.1.1 - Authenticated (Administrator+) Remote Code Execution vulnerability

Authenticated Administrator+ Remote Code Execution vulnerability discovered by cynau1t TianGong in WordPress Plugin Nginx Cache Purge Preload versions = 2.1.1...

WordPress Birth Chart Compatibility plugin <= 2.0 - Unauthenticated Full Path Exposure vulnerability

Unauthenticated Full Path Exposure vulnerability discovered by Amin Beheshti in WordPress Plugin Birth Chart Compatibility versions = 2.0...

WordPress Extensions For CF7 plugin <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion vulnerability

Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Extensions For CF7 versions = 3.2.8...

WordPress WP JobHunt plugin <= 7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Account Deletion vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Account Deletion vulnerability discovered by ixec in WordPress Plugin WP JobHunt versions = 7.2...

WordPress Pixel Gallery Addons for Elementor plugin <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Pixel Gallery Addons for Elementor versions = 1.6.7...

WordPress WP-Members plugin <= 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin WP-Members versions = 3.5.4.1...

WordPress FoxyPress plugin <= 0.4.2.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by WordFence in WordPress Plugin Foxypress versions 0.4.2.2...

WordPress SureForms plugin < 1.7.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SureForms versions 1.7.2...

WordPress User Registration plugin <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via urcrrestrict Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin User Registration versions = 4.2.4...

WordPress CRM and Lead Management by vcita plugin <= 2.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via type Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin CRM and Lead Management by vcita versions = 2.7.5...

WordPress Ebook Store plugin <= 5.8012 - Authenticated (Administrator+) Stored Cross-Site Scripting via Order Details vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Order Details vulnerability discovered by Bee in WordPress Plugin Ebook Store versions = 5.8012...

WordPress LearnPress Export Import plugin <= 4.1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin LearnPress Export Import versions = 4.1.2...

WordPress WP Customer Area plugin <= 8.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin WP Customer Area versions = 8.3.4...

WordPress The E-Commerce ERP <= 2.1.1.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin The E-Commerce ERP versions = 2.1.1.3...

WordPress Favorites plugin <= 2.3.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Favorites versions = 2.3.6...

WordPress Post SMTP plugin <= 3.2.0 - Account Takeover Vulnerability

Account Takeover Vulnerability discovered by Denver Jackson Patchstack Alliance in WordPress Plugin Post SMTP versions = 3.2.0...

WordPress CM Map Locations <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin CM Map Locations versions = 2.1.6...

WordPress Shortcodes Ultimate plugin <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution vulnerability

Cross-Site Request Forgery to Arbitrary Shortcode Execution vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Shortcodes Ultimate versions = 7.4.2...

WordPress Shortcodes Ultimate plugin <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Plugin Shortcodes vulnerability discovered by stealthcopter in WordPress Plugin Shortcodes Ultimate versions = 7.4.2...

WordPress Gutentor plugin <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin Gutentor versions = 3.4.8...

WordPress Avishi WP PayPal Payment Button plugin <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Avishi WP PayPal Payment Button versions = 2.0...

WordPress EPay.bg Payments plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin EPay.bg Payments versions = 0.1...

WordPress ThemeREX Addons plugin <= 2.35.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trx_addons_get_svg_from_file Function vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via trxaddonsgetsvgfromfile Function vulnerability discovered by stealthcopter in WordPress Plugin ThemeREX Addons versions = 2.35.1.1...

WordPress Vchasno Kasa plugin <= 1.0.3 - Missing Authorization to Unauthenticated Invoice Generation vulnerability

Missing Authorization to Unauthenticated Invoice Generation vulnerability discovered by Poli in WordPress Plugin Vchasno Kasa versions = 1.0.3...

WordPress Vchasno Kasa plugin <= 1.0.3 - Unauthenticated Log File Clearing vulnerability

Unauthenticated Log File Clearing vulnerability discovered by Poli in WordPress Plugin Vchasno Kasa versions = 1.0.3...

WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function vulnerability

Unauthenticated PHP Object Injection via verifyfieldval Function vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.1.1...

WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function vulnerability

Unauthenticated PHP Object Injection via verifyfieldval Function vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.2.3...

WordPress Partnerský systém Martinus plugin <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Partnerský systém Martinus versions = 1.7.1...

WordPress Live Stream Badger plugin <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Live Stream Badger versions = 1.4.3...

WordPress Temporarily Hidden Content plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Temporarily Hidden Content versions = 1.0.6...

WordPress Simple Stripe Checkout plugin <= 1.1.28 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Simple Stripe Checkout versions = 1.1.28...

WordPress bbPress Notify plugin <= 2.19.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin bbPress Notify versions = 2.19.5...

WordPress Breeze Checkout plugin <= 1.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Breeze Checkout versions = 1.4.0...

WordPress FAQ Revolution - WordPress Plugin <= 1.5.0 - Cross Site Scripting (XSS) Vulnerability

WordPress FAQ Revolution - WordPress Plugin = 1.5.0 - Cross Site Scripting XSS Vulnerability discovered by Anhchangmutrang in WordPress Plugin FAQ Revolution - WordPress Plugin versions = 1.5.0...

WordPress LeadBI Plugin for WordPress plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin LeadBI Plugin for WordPress versions = 1.7...

WordPress JetSearch plugin <= 3.5.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin JetSearch versions = 3.5.10...

WordPress Malcure Malware Scanner plugin <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Malcure Malware Scanner versions = 16.8...

WordPress Terms descriptions plugin <= 3.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Terms descriptions versions = 3.4.8...

WordPress Zuppler Online Ordering plugin <= 2.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Zuppler Online Ordering versions = 2.1.0...

WordPress LoginPress Pro plugin <= 5.0.1 - Authentication Bypass via WordPress.com OAuth provider vulnerability

Authentication Bypass via WordPress.com OAuth provider vulnerability discovered by Foxyyy in WordPress Plugin LoginPress Pro versions = 5.0.1...

WordPress MasterStudy LMS Pro plugin <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Thái An in WordPress Plugin MasterStudy LMS Pro versions = 4.7.9...

WordPress Attachment Manager plugin <= 2.1.2 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by johska in WordPress Plugin Attachment Manager versions = 2.1.2...

WordPress WooCommerce Refund And Exchange with RMA plugin <= 3.2.6 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Plugin WooCommerce Refund And Exchange with RMA versions = 3.2.6...

WordPress B1.lt for WooCommerce plugin <= 2.2.56 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Injection vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary SQL Injection vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin B1.lt for WooCommerce versions = 2.2.56...

WordPress Useful Tab Block plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via className Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Useful Tab Block versions = 1.3.2...

WordPress Testimonial Post type plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via autoplay Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Testimonial Post type versions = 1.2.1...

WordPress Listly plugin <= 2.7 - Unauthenticated Arbitrary Transient Deletion vulnerability

Unauthenticated Arbitrary Transient Deletion vulnerability discovered by ch4r0n in WordPress Plugin Listly versions = 2.7...

WordPress Vertical scroll image slideshow gallery plugin <= 11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Vertical scroll image slideshow gallery versions = 11.1...