WordPress pdfl.io plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'text' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin pdfl.io versions = 1.0.5...

WordPress Majestic Support plugin <= 1.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Majestic Support versions = 1.1.2...

WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Martín Martín in WordPress Plugin WP Directory Kit versions = 1.5.0...

WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by ch4r0n in WordPress Plugin Backup Migration versions = 2.1.1...

WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Plugin MultiLoca versions = 4.2.15...

WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability

WordPress Masteriyo - LMS plugin = 2.1.5 - Payment Bypass vulnerability discovered by davidfdzmorilla in WordPress Plugin Masteriyo - LMS versions = 2.1.5...

WordPress WP-BusinessDirectory plugin <= 4.0.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin WP-BusinessDirectory versions = 4.0.0...

WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin WP BASE Booking versions = 5.9.0...

WordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dahmani ToumipegaSUS in WordPress Plugin AWP Classifieds versions = 4.4.4...

WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Micdrop versions = 1.3.1...

WordPress SingleMalt theme <= 1.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme SingleMalt versions = 1.5...

WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Mildhill versions = 1.5...

WordPress Santé theme <= 1.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Santé versions = 1.5.1...

WordPress Konsept theme <= 1.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Konsept versions = 1.9...

WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Valiance versions = 1.2...

WordPress Playroom theme <= 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Playroom versions = 1.4.1...

WordPress NeoBeat theme <= 1.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme NeoBeat versions = 1.7...

WordPress Askka theme <= 1.3.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Askka versions = 1.3.1...

WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Fidalgo versions = 1.2.2...

WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Töbel versions = 1.8.1...

WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Aperitif versions = 1.6...

WordPress Hiroshi theme <= 1.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Hiroshi versions = 1.5.1...

WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Zermatt versions = 1.6.1...

WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability

WordPress Alloggio - Hotel Booking theme = 2.1.2 - PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Alloggio - Hotel Booking versions = 2.1.2...

WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme WaveRide versions = 1.4...

WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion Pro versions 2.1.29...

WordPress Hitek theme < 1.8.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Hitek versions 1.8.3...

WordPress Uppercase theme < 1.2.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Uppercase versions 1.2.2...

WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Blueprint versions 1.1.5...

WordPress Getaway theme < 1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Getaway versions 1.8...

WordPress Solene Core plugin <= 2.3.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Solene Core versions = 2.3.2...

WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Solene versions = 3.4...

WordPress Mr. SEO theme <= 2.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Mr. SEO versions = 2.0...

WordPress Malmö theme <= 2.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Malmö versions = 2.2...

WordPress Aperitif theme <= 1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Aperitif versions = 1.5...

WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin GeekyBot versions = 1.2.0...

WordPress WooCommerce Cart Abandonment Recovery plugin < 2.1.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WooCommerce Cart Abandonment Recovery versions 2.1.0...

WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.27...

WordPress Datalogics Ecommerce Delivery plugin <= 2.6.62 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Datalogics Ecommerce Delivery versions = 2.6.62...

WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP Maps versions = 4.9.1...

WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Form Maker by 10Web versions = 1.15.38...

WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Mikado Core versions = 1.6...

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2sid' Parameter vulnerability discovered by s00me00ne in WordPress Plugin Blog2Social versions = 8.8.3...

WordPress Awesome Support plugin <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticketid' Parameter vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Awesome Support versions = 6.3.7...

WordPress Masteriyo LMS plugin <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint vulnerability

Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Masteriyo - LMS versions = 2.1.7...

WordPress WP Blockade plugin <= 0.9.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'shortcode' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Shortcode Execution via 'shortcode' Parameter vulnerability discovered by theviper17y in WordPress Plugin WP Blockade versions = 0.9.14...

WordPress Pinterest Site Verification plugin using Meta Tag plugin <= 1.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'post_var' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'postvar' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Pinterest Site Verification plugin using Meta Tag versions = 1.8...

WordPress Gravity Forms plugin <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field vulnerability

Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.9.30...

WordPress Gravity Forms plugin <= 2.9.30 - Reflected Cross-Site Scripting via 'form_ids' Parameter vulnerability

Reflected Cross-Site Scripting via 'formids' Parameter vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin Gravity Forms versions = 2.9.30...

WordPress Popup Box AYS Pro plugin < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF vulnerability

Admin+ Stored Cross-Site Scripting XSS via CSRF vulnerability discovered by Spider Sec Ltd in WordPress Plugin Popup box versions 5.5.0...