WordPress NeoBeat theme <= 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme NeoBeat versions = 1.2...

WordPress Amoli theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Amoli versions = 1.0...

WordPress WP All Import plugin <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath' vulnerability

Reflected Cross-Site Scripting via 'filepath' vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin WP All Import versions = 4.0.0...

WordPress WowOptin: Next-Gen Popup Maker - Create Stunning Popups and Optins for Lead Generation plugin <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Installation vulnerability

WordPress WowOptin: Next-Gen Popup Maker - Create Stunning Popups and Optins for Lead Generation plugin = 1.4.24 - Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Installation vulnerability discovered by WordFence in WordPress Plugin WowOptin versions = 1.4.24...

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Thomas Sanzey in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.5...

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' vulnerability

Unauthenticated PHP Object Injection via 'downloadcsv' vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Contact Form Entries versions = 1.4.7...

WordPress Greenshift - animation and page builder blocks plugin <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup vulnerability

WordPress Greenshift - animation and page builder blocks plugin = 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Greenshift versions = 12.8.3...

WordPress Greenshift - animation and page builder blocks plugin <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Greenshift - animation and page builder blocks plugin = 12.8.5 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Greenshift versions = 12.8.5...

WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Morning Records versions = 1.2...

WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme m2 | Construction and Tools Store versions = 1.1.2...

WordPress Tripgo theme < 1.5.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tripgo versions 1.5.6...

WordPress Triompher theme <= 1.1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Triompher versions = 1.1.0...

WordPress Gioia theme <= 1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Gioia versions = 1.4...

WordPress Dentalux theme <= 3.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Dentalux versions = 3.3...

WordPress ProLingua theme <= 1.1.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme ProLingua versions = 1.1.12...

WordPress Nelson theme <= 1.2.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Nelson versions = 1.2.0...

WordPress Mr. Cobbler theme <= 1.1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Mr. Cobbler versions = 1.1.9...

WordPress Lella theme <= 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lella versions = 1.2...

WordPress Laurent theme <= 3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Laurent versions = 3.1...

WordPress Hypnotherapy theme <= 1.2.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Hypnotherapy versions = 1.2.10...

WordPress Greenville theme <= 1.3.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Greenville versions = 1.3.2...

WordPress Good Homes theme <= 1.3.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Good Homes versions = 1.3.13...

WordPress Gaspard theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Gaspard versions = 1.3...

WordPress My auctions allegro plugin <= 3.6.35 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin My auctions allegro versions = 3.6.35...

WordPress My Album Gallery plugin <= 1.0.4 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Jitlada in WordPress Plugin My Album Gallery versions = 1.0.4...

WordPress Lisfinity Core plugin <= 1.5.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Lisfinity Core versions = 1.5.0...

WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Jitlada in WordPress Plugin WPSubscription versions = 1.8.10...

WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mrreee in WordPress Plugin Product Feed for WooCommerce versions = 2.3.3...

WordPress Bus Ticket Booking with Seat Reservation plugin <= 5.6.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Bus Ticket Booking with Seat Reservation versions = 5.6.0...

WordPress LatePoint plugin <= 5.2.7 - Authenticated (Agent+) Privilege Escalation vulnerability

Authenticated Agent+ Privilege Escalation vulnerability discovered by Nguyen Ba Hung bashu - KCSC in WordPress Plugin LatePoint versions = 5.2.7...

WordPress Fluent Forms Pro plugin <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission vulnerability

Unauthenticated Stored Cross-Site Scripting via Draft Form Submission vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...

WordPress WPBookit plugin <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters vulnerability

Unauthenticated Stored Cross-Site Scripting via 'wpbusername' and 'wpbuseremail' Parameters vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin WPBookit versions = 1.0.8...

WordPress Product Feed PRO for WooCommerce plugin <= 13.5.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Product Feed PRO for WooCommerce versions = 13.5.2...

WordPress Fluent Forms Pro Add On Pack plugin <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...

WordPress Mail Mint plugin < 1.19.5 - Unauthenticated Emails Disclosure vulnerability

Unauthenticated Emails Disclosure vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Mail Mint versions 1.19.5...

WordPress Membership plugin - Restrict Content plugin <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level' vulnerability

WordPress Membership plugin - Restrict Content plugin = 3.2.20 - Unauthenticated Privilege Escalation via 'rcplevel' vulnerability discovered by shark3y in WordPress Plugin Restrict Content versions = 3.2.20...

WordPress Page and Post Clone plugin <= 6.3 - Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter vulnerability

Authenticated Contributor+ SQL Injection via 'metakey' Parameter vulnerability discovered by Arthur GRIMAULT in WordPress Plugin Page and Post Clone versions = 6.3...

WordPress Media Library Assistant plugin <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Attachment Taxonomy Modification vulnerability discovered by Muhammad Sharief in WordPress Plugin Media LIbrary Assistant versions = 3.33...

WordPress Apocalypse Meow plugin <= 22.1.0 - Authenticated (Administrator+) SQL Injection via 'type' Parameter vulnerability

Authenticated Administrator+ SQL Injection via 'type' Parameter vulnerability discovered by Louis Deschanel - Patrowl in WordPress Plugin Apocalypse Meow versions = 22.1.0...

WordPress OoohBoi Steroids for Elementor plugin <= 2.1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple URL Controls vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin OoohBoi Steroids for Elementor versions = 2.1.24...

WordPress My Calendar - Accessible Event Manager plugin <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

WordPress My Calendar - Accessible Event Manager plugin = 3.7.3 - Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin My Calendar versions = 3.7.3...

WordPress Seraphinite Accelerator plugin <= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Authenticated Subscriber+ Exposure of Sensitive Information to an Unauthorized Actor vulnerability discovered by lucsob in WordPress Plugin Seraphinite Accelerator versions = 2.28.14...

WordPress Seraphinite Accelerator plugin <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing vulnerability

Missing Authorization to Authenticated Subscriber+ Log Clearing vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Seraphinite Accelerator versions = 2.28.14...

WordPress ionCube tester plus plugin <= 1.3 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin ionCube tester plus versions = 1.3...

WordPress Easy Post Submission plugin <= 2.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Easy Post Submission versions = 2.4.0...

WordPress Mounthood theme <= 1.3.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Mounthood versions = 1.3.2...

WordPress Jardi theme <= 1.7.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Jardi versions = 1.7.2...

WordPress Estate theme <= 1.3.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Estate versions = 1.3.4...

WordPress Equestrian Centre theme <= 1.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Equestrian Centre versions = 1.5...

WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Dental Clinic versions = 3.7...