WordPress WoodMart theme <= 8.3.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme WoodMart versions = 8.3.8...

WordPress LatePoint plugin <= 5.2.6 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin LatePoint versions = 5.2.6...

WordPress JS Help Desk plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Bonds in WordPress Plugin JS Help Desk versions = 3.0.3...

WordPress OOPSpam Anti-Spam plugin <= 1.2.62 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin OOPSpam Anti-Spam versions = 1.2.62...

WordPress themesflat-addons-for-elementor plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin themesflat-addons-for-elementor versions = 2.3.2...

WordPress Kali Forms plugin <= 2.4.9 - Unauthenticated Remote Code Execution via form_process vulnerability

Unauthenticated Remote Code Execution via formprocess vulnerability discovered by ISMAILSHADOW in WordPress Plugin Kali Forms versions = 2.4.9...

WordPress Injection Guard plugin <= 1.2.9 - Unauthenticated Stored Cross-Site Scripting via Query Parameter Name vulnerability

Unauthenticated Stored Cross-Site Scripting via Query Parameter Name vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Injection Guard versions = 1.2.9...

WordPress OttoKit plugin <= 1.1.20 - SQL Injection vulnerability

SQL Injection vulnerability discovered by timomangcut in WordPress Plugin OttoKit versions = 1.1.20...

WordPress WowOptin: Next-Gen Popup Maker plugin <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API vulnerability

Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin WowOptin versions = 1.4.29...

WordPress Pre* Party Resource Hints plugin <= 1.8.20 - Authenticated (Subscriber+) SQL Injection via 'hint_ids' Parameter vulnerability

Authenticated Subscriber+ SQL Injection via 'hintids' Parameter vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin Pre Party Resource Hints versions = 1.8.20...

WordPress Expire Users plugin <= 1.2.2 - Authenticated (Subscriber+) Privilege Escalation to Administrator via save_extra_user_profile_fields vulnerability

Authenticated Subscriber+ Privilege Escalation to Administrator via saveextrauserprofilefields vulnerability discovered by Hunter Jensen skid in WordPress Plugin Expire Users versions = 1.2.2...

WordPress Linksy Search and Replace plugin <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Update via linksy_search_and_replace_item_details vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Database Update via linksysearchandreplaceitemdetails vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Linksy Search and Replace versions = 1.0.4...

WordPress DirectoryPress plugin <= 3.6.26 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin DirectoryPress versions = 3.6.26...

WordPress WP-Chatbot for Messenger plugin <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability

Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin WP-Chatbot for Messenger versions = 4.9...

WordPress Autoptimize plugin <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lazy-loaded Image Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Lazy-loaded Image Attributes vulnerability discovered by stealthcopter in WordPress Plugin Autoptimize versions = 3.1.14...

WordPress Scoreboard for HTML5 Games Lite plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Scoreboard for HTML5 Games Lite versions = 1.2...

WordPress Autoptimize plugin <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ao_post_preload' Meta Value vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'aopostpreload' Meta Value vulnerability discovered by Hung Nguyen yoriss - VN in WordPress Plugin Autoptimize versions = 3.1.14...

WordPress RepairBuddy plugin <= 4.1132 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via wc_rep_shop_settings_submission AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Modification via wcrepshopsettingssubmission AJAX Action vulnerability discovered by WordFence in WordPress Plugin RepairBuddy versions = 4.1132...

WordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Bus Ticket Booking with Seat Reservation versions 5.6.5...

WordPress 12 Step Meeting List plugin <= 3.19.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin 12 Step Meeting List versions = 3.19.9...

WordPress Simple History plugin <= 5.24.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by timomangcut in WordPress Plugin Simple History versions = 5.24.0...

WordPress 12 Step Meeting List plugin <= 3.19.9 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin 12 Step Meeting List versions = 3.19.9...

WordPress Post Expirator plugin <= 4.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Post Expirator versions = 4.9.4...

WordPress WpTravelly plugin <= 2.1.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Александр in WordPress Plugin WpTravelly versions = 2.1.7...

WordPress EmailKit plugin <= 1.6.3 - Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API Parameter vulnerability

Authenticated Administrator+ Path Traversal via 'emailkit-editor-template' REST API Parameter vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin EmailKit versions = 1.6.3...

WordPress Contact List plugin <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'clmapiframe' Parameter vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin Contact List versions = 3.0.18...

WordPress Keep Backup Daily plugin <= 2.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Backup Title vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via Backup Title vulnerability discovered by san6051 - PWC in WordPress Plugin Keep Backup Daily versions = 2.1.2...

WordPress Keep Backup Daily plugin <= 2.1.1 - Authenticated (Admin+) Limited Path Traversal via 'kbd_path' Parameter vulnerability

Authenticated Admin+ Limited Path Traversal via 'kbdpath' Parameter vulnerability discovered by san6051 - PWC in WordPress Plugin Keep Backup Daily versions = 2.1.1...

WordPress Motta Addons plugin < 1.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Motta Addons versions 1.6.1...

WordPress My Tickets plugin <= 2.1.1 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin My Tickets versions = 2.1.1...

WordPress FAQ Builder AYS plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by w41bu1 in WordPress Plugin FAQ Builder AYS versions = 1.8.2...

WordPress Image Slider by Ays plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by w41bu1 in WordPress Plugin Image Slider by Ays versions = 2.7.1...

WordPress Jaroti theme < 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Jaroti versions 1.4.8...

WordPress Loobek theme < 1.5.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Loobek versions 1.5.2...

WordPress Miti theme < 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Miti versions 1.5.3...

WordPress MyMedi theme < 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme MyMedi versions 1.7.7...

WordPress Yobazar theme < 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Yobazar versions 1.6.7...

WordPress Reebox theme < 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Reebox versions 1.4.8...

WordPress Nooni theme < 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Nooni versions 1.5.1...

WordPress Image Alt Text Manager plugin <= 1.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Title vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Post Title vulnerability discovered by WordFence in WordPress Plugin Alt Manager versions = 1.8.2...

WordPress MyDecor theme < 1.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme MyDecor versions 1.5.9...

WordPress Pelicula theme < 1.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Pelicula versions 1.10...

WordPress PublishPress Revisions plugin <= 3.7.23 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin PublishPress Revisions versions = 3.7.23...

WordPress MetaMax theme <= 1.1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme MetaMax versions = 1.1.4...

WordPress VintWood theme <= 1.1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme VintWood versions = 1.1.8...

WordPress Trendustry theme <= 1.1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme Trendustry versions = 1.1.4...

WordPress IdealAuto theme < 3.8.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme IdealAuto versions 3.8.6...

WordPress LoveDate theme < 3.8.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme LoveDate versions 3.8.6...

WordPress Feedy theme < 2.1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme Feedy versions 2.1.5...

WordPress StreamVid theme < 6.8.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme StreamVid versions 6.8.6...