WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin WooCommerce PDF Invoices & Packing Slips versions 5.9.0...

WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin ShortPixel Image Optimizer versions = 6.4.3...

WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Anti-Malware Security and Brute-Force Firewall versions = 4.23.87...

WordPress Modula Image Gallery plugin <= 2.14.18 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Modula Image Gallery versions = 2.14.18...

WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by loris4py in WordPress Plugin Paid Member Subscriptions versions = 2.17.3...

WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Valeska versions = 1.2.2...

WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Behold versions = 1.5...

WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Esmée versions = 1.4...

WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Léonie versions = 1.2.1...

WordPress Château theme <= 1.2.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Château versions = 1.2.1...

WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme TechLink versions = 1.3...

WordPress Zoya theme <= 1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Zoya versions = 1.4...

WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Roisin versions = 1.4...

WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme EasyMeals versions = 1.5.1...

WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Manufaktur Solutions versions = 1.1.1...

WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Ashtanga versions = 1.2...

WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability

Non-Arbitrary File Download vulnerability discovered by daroo in WordPress Plugin Download Monitor versions = 5.1.9...

WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Marc-André Beaulieu h3dg3h0g in WordPress Plugin Responsive Slider by MetaSlider versions = 3.106.0...

WordPress RepairBuddy plugin <= 4.1132 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin RepairBuddy versions = 4.1132...

WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by lagi bljr in WordPress Plugin Tutor LMS versions = 3.9.7...

WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Kids Online Store versions = 0.8.9...

WordPress Charity Zone theme <= 1.1.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Charity Zone versions = 1.1.1...

WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Kids Gift Shop versions = 0.5.4...

WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Ecommerce Zone versions = 0.9.7...

WordPress Restaurant Zone theme <= 0.7.8 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Restaurant Zone versions = 0.7.8...

WordPress Webenvo theme <= 0.0.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Webenvo versions = 0.0.6...

WordPress Atomlab theme <= 2.4.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Atomlab versions = 2.4.5...

WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by James Pirstin in WordPress Plugin EventPrime versions = 4.3.0.0...

WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Notification for Telegram versions = 3.5...

WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hivesec in WordPress Plugin JupiterX Core versions = 4.14.1...

WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Elementra versions = 1.0.9...

WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hivesec in WordPress Plugin WP Sessions Time Monitoring Full Automatic versions = 1.1.4...

WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hivesec in WordPress Plugin InPost Gallery versions = 2.1.4.6...

WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Easy Digital Downloads versions = 3.6.5...

WordPress Hostel plugin <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter vulnerability

Reflected Cross-Site Scripting via 'shortcodeid' Parameter vulnerability discovered by Bee - FPT University in WordPress Plugin Hostel versions = 1.1.6...

WordPress Youzify plugin <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'checkinplaceid' Parameter vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin Youzify versions = 1.3.6...

WordPress Easy Appointments plugin <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API vulnerability

Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Easy Appointments versions = 3.12.21...

WordPress wpDataTables plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Lio in WordPress Plugin wpDataTables versions = 6.5.0.4...

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.6 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass vulnerability

Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.6...

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.6 - Unauthenticated Limited Arbitrary File Read via mfile Field vulnerability

Unauthenticated Limited Arbitrary File Read via mfile Field vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.6...

WordPress WP Customer Area plugin <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file vulnerability

Authenticated Subscriber+ Arbitrary File Read/Deletion via ajaxattachfile vulnerability discovered by shark3y in WordPress Plugin WP Customer Area versions = 8.3.4...

WordPress Image Source Control Lite – Show Image Credits and Captions plugin <= 3.9.1 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Image Source Control versions = 3.9.1...

WordPress Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion vulnerability

Unauthenticated Arbitrary File Read and Deletion vulnerability discovered by ll in WordPress Plugin Everest Forms versions = 3.4.4...

WordPress wpForo Forum plugin <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by ? in WordPress Plugin wpForo Forum versions = 3.0.5...

WordPress Website LLMs.txt plugin <= 8.2.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Website LLMs.txt versions = 8.2.6...

WordPress CMP - Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution vulnerability

WordPress CMP - Coming Soon & Maintenance Plugin by NiteoThemes plugin = 4.1.16 - Missing Authorization to Authenticated Administrator+ Arbitrary File Upload and Remote Code Execution vulnerability discovered by ll in WordPress Plugin CMP – Coming Soon & Maintenance versions = 4.1.16...

WordPress Flipbox Addon for Elementor plugin <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by WordFence in WordPress Plugin Ultimate Flipbox Addon for Elementor versions = 2.0.8...

WordPress Pz-LinkCard plugin <= 2.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Pz-LinkCard versions = 2.5.8.1...

WordPress EMC – Easily Embed Calendly Scheduling plugin <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Embed Calendly versions = 4.4...

WordPress Contextual Related Posts plugin <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Contextual Related Posts versions = 4.2.1...