WordPress Photo Engine plugin <= 6.4.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Photo Engine versions = 6.4.9...

WordPress Riode | Multi-Purpose WooCommerce theme < 1.6.29 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Riode versions 1.6.29...

WordPress Bookly plugin <= 26.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by ickogz in WordPress Plugin Bookly versions = 26.7...

WordPress WpEvently plugin <= 5.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin WpEvently versions = 5.1.4...

WordPress Pendulum theme < 3.1.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pendulum versions 3.1.5...

WordPress Vex theme < 1.2.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Vex versions 1.2.9...

WordPress Kargo Takip plugin < 0.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Kargo Takip versions 0.2.4...

WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Terms Popup versions = 2.10.0...

WordPress Bit SMTP plugin <= 1.2.2 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by johska in WordPress Plugin Bit SMTP versions = 1.2.2...

WordPress RewardsWP plugin <= 1.0.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin RewardsWP versions = 1.0.4...

WordPress Lumise Product Designer plugin < 2.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Lumise Product Designer versions 2.0.9...

WordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Andrea Bocchetti in WordPress Plugin Spam Protect for Contact Form 7 versions = 1.2.9...

WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Supakiad S. m3ez in WordPress Plugin RegistrationMagic versions = 6.0.7.6...

WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin ChatBot versions = 7.7.9...

WordPress Petitioner plugin <= 0.7.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Petitioner versions = 0.7.3...

WordPress Kiddy theme <= 2.0.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme Kiddy versions = 2.0.8...

WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin JS Archive List versions = 6.1.7...

WordPress Miraculous theme < 2.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Miraculous versions 2.1.2...

WordPress WooCommerce Support Ticket System plugin < 18.5 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Phat RiO in WordPress Plugin WooCommerce Support Ticket System versions 18.5...

WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Abandoned Cart Recovery for WooCommerce versions = 1.1.10...

WordPress Miraculous Core Plugin plugin < 2.1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Miraculous Core Plugin versions 2.1.2...

WordPress WPJAM Basic plugin <= 6.9.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by NumeX in WordPress Plugin WPJAM Basic versions = 6.9.2...

WordPress New User Approve plugin <= 3.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin New User Approve versions = 3.2.3...

WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions = 1.1.5...

WordPress Creator LMS plugin <= 1.1.18 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Creator LMS versions = 1.1.18...

WordPress JS Help Desk plugin <= 3.0.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin JS Help Desk versions = 3.0.3...

WordPress Molla theme < 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Molla versions 1.5.19...

WordPress WP Custom Admin Interface plugin <= 7.42 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin WP Custom Admin Interface versions = 7.42...

WordPress Kunco theme < 1.4.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kunco versions 1.4.5...

WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Visual Portfolio, Photo Gallery & Post Grid versions = 3.5.1...

WordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Comments Import & Export versions = 2.4.9...

WordPress SMTP Mailer plugin <= 1.1.24 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SMTP Mailer versions = 1.1.24...

WordPress Green Downloads plugin <= 2.08 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phat RiO in WordPress Plugin Green Downloads versions = 2.08...

WordPress Premmerce Redirect Manager plugin <= 1.0.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan in WordPress Plugin Premmerce Redirect Manager versions = 1.0.12...

WordPress Scape theme < 1.5.16 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Scape versions 1.5.16...

WordPress Fusion Builder plugin < 3.15.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Fusion Builder versions 3.15.0...

WordPress Taboola Pixel plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ali Osman ERBAS 0110m4n in WordPress Plugin Taboola Pixel versions = 1.1.4...

WordPress Restrict Content plugin <= 3.2.22 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Restrict Content versions = 3.2.22...

WordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hivesec in WordPress Plugin Product Rearrange for WooCommerce versions = 1.2.2...

WordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hivesec in WordPress Plugin Product Rearrange for WooCommerce versions = 1.2.2...

WordPress KiviCare - Clinic & Patient Management System (EHR) plugin <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token vulnerability

WordPress KiviCare - Clinic & Patient Management System EHR plugin = 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token vulnerability discovered by Gibran Abdillah in WordPress Plugin KiviCare versions = 4.1.2...

WordPress KiviCare plugin <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard vulnerability

Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard vulnerability discovered by WordFence in WordPress Plugin KiviCare versions = 4.1.2...

WordPress Post SMTP plugin <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'eventtype' vulnerability discovered by hoshino in WordPress Plugin Post SMTP versions = 3.8.0...

WordPress SlimStat Analytics plugin <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'fh' vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Slimstat Analytics versions = 5.3.5...

WordPress Membership Plugin - Restrict Content plugin <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect vulnerability

WordPress Membership Plugin - Restrict Content plugin = 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcpredirect vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Restrict Content versions = 3.2.24...

WordPress Appointment Booking Calendar plugin <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter vulnerability

Unauthenticated SQL Injection via 'fields' Parameter vulnerability discovered by momopon1415 in WordPress Plugin Simply Schedule Appointments versions = 1.6.10.0...

WordPress Aimogen Pro plugin <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call vulnerability

Unauthenticated Privilege Escalation via Arbitrary Function Call vulnerability discovered by Hung Nguyen yoriss - VN in WordPress Plugin Aimogen Pro versions = 2.7.5...

WordPress ilGhera Carta Docente for WooCommerce plugin <= 1.5.0 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Deletion via 'cert' Parameter vulnerability discovered by Legion Hunter in WordPress Plugin ilGhera Carta Docente for WooCommerce versions = 1.5.0...

WordPress CM Custom Reports plugin <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Labels vulnerability discovered by san6051 - PWC in WordPress Plugin CM Custom WordPress Reports and Analytics versions = 1.2.7...

WordPress RockPress plugin <= 1.0.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification via AJAX Actions vulnerability discovered by Poli - CMC Global in WordPress Plugin RockPress versions = 1.0.17...