WordPress Block Editor Gallery Slider plugin <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Limited Post Meta Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Post Meta Update vulnerability discovered by Poli in WordPress Plugin Block Editor Gallery Slider versions = 1.1.1...

WordPress Crowdfunding for WooCommerce plugin <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Crowdfunding for WooCommerce versions = 3.1.14...

WordPress Forminator Forms plugin <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter vulnerability

Authenticated Administrator+ SQL Injection via orderby Parameter vulnerability discovered by Chive in WordPress Plugin Forminator versions = 1.45.0...

WordPress Biteship plugin <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking Details vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ View Order Tracking Details vulnerability discovered by ch4r0n in WordPress Plugin Biteship versions = 3.2.0...

WordPress aapanel WP Toolkit plugin 1.0 - 1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via auto_login() Function vulnerability

WordPress aapanel WP Toolkit plugin 1.0 - 1.1 - Missing Authorization to Authenticated Subscriber+ Privilege Escalation via autologin Function vulnerability discovered by kr0d in WordPress Plugin aapanel WP Toolkit versions 1.0 - 1.1...

WordPress Map My Locations plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Map My Locations versions = 1.1...

WordPress Ruven Themes: Shortcodes plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Ruven Themes: Shortcodes versions = 1.0...

WordPress Copymatic plugin <= 2.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Copymatic versions = 2.1...

WordPress School Management System plugin <= 93.1.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update vulnerability

Authenticated Subscriber+ Local File Inclusion to Privilege Escalation via Password Update vulnerability discovered by Thái An in WordPress Plugin School Management versions = 93.1.0...

WordPress JetSearch plugin <= 3.5.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by stealthcopter in WordPress Plugin JetSearch versions = 3.5.10...

WordPress JetBlog plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin JetBlog versions = 2.4.4...

WordPress Knowledge Base plugin <= 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Slug vulnerability discovered by Đỗ Quang Huy in WordPress Plugin Knowledge Base versions = 2.3.1...

WordPress Stop User Enumeration plugin < 1.7.3 - Protection Bypass vulnerability

Protection Bypass vulnerability discovered by Stan, Chin Siang Leow in WordPress Plugin Stop User Enumeration versions 1.7.3...

WordPress JetBlocks For Elementor plugin <= 1.3.18 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin JetBlocks For Elementor versions = 1.3.18...

WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Missing Authorization Checks vulnerability

Missing Authorization Checks vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.8.1...

WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Authenticated (Admin+) SQL Injection via 'tp_editor' vulnerability

Authenticated Admin+ SQL Injection via 'tpeditor' vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.8.1...

WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Remote Code Execution vulnerability

Remote Code Execution vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.8.1...

WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.8.1...

WordPress Transposh WordPress Translation plugin <= 1.0.7 - Reflected Cross-Site Scripting via tp_tp vulnerability

Reflected Cross-Site Scripting via tptp vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.7...

WordPress Transposh WordPress Translation plugin <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting via 'tp_translation' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'tptranslation' vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.7...

WordPress Alike - WordPress Custom Post Comparison <= 3.0.1 - Cross Site Scripting (XSS) Vulnerability

WordPress Alike - WordPress Custom Post Comparison = 3.0.1 - Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Alike - WordPress Custom Post Comparison versions = 3.0.1...

WordPress Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer versions = 1.2...

WordPress Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability

WordPress Universal Video Player - Addon for WPBakery Page Builder = 3.2.1 - Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Universal Video Player - Addon for WPBakery Page Builder versions = 3.2.1...

WordPress WooCommerce Shop Page Builder <= 2.27.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WooCommerce Shop Page Builder versions = 2.27.7...

WordPress FoodMenu <= 1.20 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin FoodMenu versions = 1.20...

WordPress Apollo - Sticky Full Width HTML5 Audio Player <= 3.4 - Cross Site Scripting (XSS) Vulnerability

WordPress Apollo - Sticky Full Width HTML5 Audio Player = 3.4 - Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Apollo - Sticky Full Width HTML5 Audio Player versions = 3.4...

WordPress SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support <= 3.5.4 - Cross Site Scripting (XSS) Vulnerability

WordPress SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support = 3.5.4 - Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support versions = 3.5.4...

WordPress Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability

WordPress Universal Video Player - Addon for WPBakery Page Builder = 3.2.1 - Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Universal Video Player - Addon for WPBakery Page Builder versions = 3.2.1...

WordPress Madara plugin <= 2.2.3 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Thái An in WordPress Plugin Madara – Responsive Manga Site versions = 2.2.3...

WordPress Alone theme <= 7.8.3 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Alone versions = 7.8.3...

WordPress bbPress Move Topics plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin bbPress Move Topics versions = 1.1.6...

WordPress Bears Backup plugin <= 2.0.0 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Bears Backup versions = 2.0.0...

WordPress Pinterest Automatic Pin plugin < 4.19.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Anhchangmutrang in WordPress Plugin Pinterest Automatic Pin versions 4.19.0...

WordPress Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin plugin <= 4.48 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Mika in WordPress Plugin Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin versions = 4.48...

WordPress Import CDN-Remote Images plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Skalucy in WordPress Plugin Import CDN-Remote Images versions = 2.1.2...

WordPress Residential Address Detection plugin <= 2.5.9 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Residential Address Detection versions = 2.5.9...

WordPress Image Wall plugin <= 3.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Image Wall versions = 3.1...

WordPress YaySMTP plugin <= 1.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Plugin YaySMTP versions = 1.3...

WordPress Stop and Block bots plugin Anti bots <= 1.48 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Stop and Block bots plugin Anti bots versions = 1.48...

WordPress Chatbox Manager plugin <= 1.2.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Mika in WordPress Plugin Chatbox Manager versions = 1.2.5...

WordPress FG Drupal to WordPress plugin <= 3.90.0 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin FG Drupal to WordPress versions = 3.90.0...

WordPress Easy Elementor Addons plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin Easy Elementor Addons versions = 2.2.5...

WordPress YayExtra plugin <= 1.5.5 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Plugin YayExtra versions = 1.5.5...

WordPress SMTP for SendGrid – YaySMTP plugin <= 1.5 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Plugin SMTP for SendGrid – YaySMTP versions = 1.5...

WordPress LightBox Block plugin <= 1.1.30 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin LightBox Block versions = 1.1.30...

WordPress Responsive Addons for Elementor plugin <= 1.7.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin Responsive Addons for Elementor versions = 1.7.3...

WordPress Cost Calculator plugin <= 7.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Cost Calculator versions = 7.4...

WordPress SMTP for Amazon SES plugin <= 1.9 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Plugin SMTP for Amazon SES versions = 1.9...

WordPress WP Post Hide plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP Post Hide versions = 1.0.9...

WordPress Wallet System for WooCommerce plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Wallet System for WooCommerce versions = 2.6.7...