WordPress Nelio AB Testing plugin <= 8.2.7 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin Nelio AB Testing versions = 8.2.7...

WordPress Contact Form by WPForms plugin <= 1.9.8.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by CidKagenouSama in WordPress Plugin Contact Form by WPForms versions = 1.9.8.7...

WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeover vulnerability

Account Takeover vulnerability discovered by daroo in WordPress Plugin Contest Gallery versions = 28.1.2.2...

WordPress Ultimate Membership Pro plugin <= 13.7 - Account Takeover vulnerability

Account Takeover vulnerability discovered by Phat RiO in WordPress Plugin Ultimate Membership Pro versions = 13.7...

WordPress The Grid plugin < 2.8.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO in WordPress Plugin The Grid versions 2.8.0...

WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability

Path Traversal vulnerability discovered by johska in WordPress Plugin File Uploader for WooCommerce versions = 1.0.4...

WordPress Golo theme < 1.7.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Golo versions 1.7.5...

WordPress ElementInvader Addons for Elementor plugin <= 1.4.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nabil Irawan in WordPress Plugin ElementInvader Addons for Elementor versions = 1.4.2...

WordPress WPBookit Pro plugin <= 1.6.18 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO in WordPress Plugin WPBookit Pro versions = 1.6.18...

WordPress Ona theme < 1.24 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phat RiO in WordPress Theme Ona versions 1.24...

WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by w41bu1 in WordPress Plugin B Blocks versions 2.0.30...

WordPress Apicona theme <= 24.1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Apicona versions = 24.1.0...

WordPress NaturaLife Extensions plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin NaturaLife Extensions versions = 2.1...

WordPress NaturaLife Extensions plugin <= 2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin NaturaLife Extensions versions = 2.1...

WordPress WPCargo Track & Trace plugin <= 8.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WPCargo Track & Trace versions = 8.0.2...

WordPress Sanzo theme < 2.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sanzo versions 2.4.3...

WordPress JobSearch plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Phat RiO in WordPress Plugin JobSearch versions = 3.2.0...

WordPress WP Review Slider plugin <= 13.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Doan Dinh Van in WordPress Plugin WP Review Slider versions = 13.9...

WordPress Vayvo - Media Streaming & Membership WordPress Theme theme < 6.8 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress Vayvo - Media Streaming & Membership WordPress Theme theme 6.8 - Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Vayvo versions 6.8...

WordPress Addon Jobsearch Chat plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Phat RiO in WordPress Plugin Addon Jobsearch Chat versions = 3.0...

WordPress KiviCare plugin <= 3.6.16 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin KiviCare versions = 3.6.16...

WordPress WP Configurator Pro plugin <= 3.7.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin WP Configurator Pro versions = 3.7.9...

WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Doan Dinh Van in WordPress Plugin Review Schema versions = 2.2.6...

WordPress Meloo theme < 2.8.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Meloo versions 2.8.2...

WordPress RSFirewall! plugin <= 1.1.45 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin RSFirewall! versions = 1.1.45...

WordPress WP Telegram Widget and Join Link plugin <= 2.2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin WP Telegram Widget and Join Link versions = 2.2.13...

WordPress Jobmonster theme < 4.8.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO in WordPress Theme Jobmonster versions 4.8.4...

WordPress VikRestaurants plugin <= 1.5.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin VikRestaurants versions = 1.5.2...

WordPress Salon Booking System Pro plugin < 10.30.12 - Account Takeover vulnerability

Account Takeover vulnerability discovered by Phat RiO in WordPress Plugin Salon Booking System Pro versions 10.30.12...

WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP User Frontend versions = 4.2.8...

WordPress Boutique theme < 2.4.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Boutique versions 2.4.6...

WordPress KiviCare plugin <= 3.6.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Andrea Bocchetti in WordPress Plugin KiviCare versions = 3.6.16...

WordPress Contact Manager plugin <= 9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin Contact Manager versions = 9.1...

WordPress Gaea theme < 3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Gaea versions 3.8...

WordPress Beaver Builder plugin <= 2.10.1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Beaver Builder versions = 2.10.1.2...

WordPress YML for Yandex Market plugin < 5.3.0 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin YML for Yandex Market versions 5.3.0...

WordPress Addon Jobsearch Chat plugin <= 3.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO in WordPress Plugin Addon Jobsearch Chat versions = 3.0...

WordPress Borgholm theme < 1.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Borgholm versions 1.6...

WordPress Halstein theme < 1.8 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Halstein versions 1.8...

WordPress Leroux theme < 1.4 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Leroux versions 1.4...

WordPress Archicon theme < 1.7 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Archicon versions 1.7...

WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Stål versions 1.7...

WordPress Kamperen theme < 1.3 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Kamperen versions 1.3...

WordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Gracey versions 1.4...

WordPress Gyan Elements plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Gyan Elements versions = 2.2.1...

WordPress Product File Upload for WooCommerce plugin <= 2.2.4 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Denver Jackson in WordPress Plugin Product File Upload for WooCommerce versions = 2.2.4...

WordPress KIDZ theme <= 5.24 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme KIDZ versions = 5.24...

WordPress Ricky theme < 2.31 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Ricky versions 2.31...

WordPress Tasty Daily theme < 1.27 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Tasty Daily versions 1.27...

WordPress Goldish theme < 3.47 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Goldish versions 3.47...