WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin MW WP Form versions = 5.1.3...

WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Enfold versions = 7.1.4...

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by anhcd05 in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.9...

WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin Gravity Forms versions = 2.10.0.1...

WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO in WordPress Plugin Support Board versions 3.8.9...

WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin LearnPress versions = 4.3.6...

WordPress Product Filter Widget for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Evan NR in WordPress Plugin Product Filter Widget for Elementor versions = 1.0.6...

WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by HaiND in WordPress Plugin Easy Invoice versions = 2.1.19...

WordPress WP Google Review Slider plugin <= 17.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin WP Google Review Slider versions = 17.9...

WordPress Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) plugin <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by kai63001 in WordPress Plugin Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO versions = 4.9...

WordPress Slider Revolution plugin 6.0.0-6.7.55, 7.0.0-7.0.14 - Missing Authorization to Authenticated (Contributor+) Arbitrary plugin Deactivation vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary plugin Deactivation vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Slider Revolution versions 6.0.0-6.7.55...

WordPress Slider Revolution plugin 7.0.0-7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Incorrect Authorization to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Prickly Cactus in WordPress Plugin Slider Revolution versions 7.0.0-7.0.14...

WordPress Active Products Tables for WooCommerce plugin <= 1.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin Active Products Tables for WooCommerce versions = 1.0.9...

WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin AIWU versions = 1.4.17...

WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Statistics versions = 14.16.6...

WordPress Booknetic plugin <= 4.8.5 - Account Takeover vulnerability

Account Takeover vulnerability discovered by Phat RiO in WordPress Plugin Booknetic versions = 4.8.5...

WordPress WP Full Stripe Free plugin <= 8.4.1 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by hhhai in WordPress Plugin WP Full Stripe Free versions = 8.4.1...

WordPress CformsII plugin <= 15.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ilay Striechman in WordPress Plugin CformsII versions = 15.1.3...

WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by benzdeus in WordPress Plugin WpTravelly versions = 2.1.7...

WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by mcdruid in WordPress Plugin Slimstat Analytics versions 5.4.0...

WordPress HT Contact Form plugin <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field vulnerability

Unauthenticated Stored Cross-Site Scripting via File Upload Field vulnerability discovered by Azril Fathoni kiseki - Heroes Cyber Security in WordPress Plugin HT Contact Form 7 versions = 2.8.2...

WordPress GutenBee – Gutenberg Blocks plugin <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin GutenBee versions = 2.20.1...

WordPress Crawlomatic Multipage Scraper Post Generator plugin <= 2.7.2 - Authenticated (Author+) Remote Code Execution vulnerability

Authenticated Author+ Remote Code Execution vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Crawlomatic Multisite Scraper Post Generator versions = 2.7.2...

WordPress Advanced Custom Fields: Extended plugin <= 0.9.2.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by daroo in WordPress Plugin ACF Extended versions = 0.9.2.5...

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.25 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by dodoh4t in WordPress Plugin Backup and Staging by WP Time Capsule versions = 1.22.25...

WordPress Advanced Custom Fields (ACF®) plugin <= 6.8.1 - Unauthenticated Arbitrary Post Modification vulnerability

Unauthenticated Arbitrary Post Modification vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Advanced Custom Fields versions = 6.8.1...

WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Affiliate Super Assistent versions = 1.10.1...

WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by hhhai in WordPress Plugin WebinarIgnition versions 4.08.253...

WordPress WebinarIgnition plugin < 4.08.253 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by hhhai in WordPress Plugin WebinarIgnition versions 4.08.253...

WordPress QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly plugin <= 3.2.7 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by dodoh4t in WordPress Plugin QuickWebP Compress / Optimize Images & Convert WebP | SEO Friendly versions = 3.2.7...

WordPress TableOn plugin <= 1.0.5.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin TableOn versions = 1.0.5.1...

WordPress Favicon plugin <= 1.3.46 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin Favicon versions = 1.3.46...

WordPress WCFM Membership plugin <= 2.11.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bima Ikhsan in WordPress Plugin WCFM Membership versions = 2.11.10...

WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by dodoh4t in WordPress Plugin Stripe Payments versions = 2.0.98...

WordPress Booking Manager plugin <= 2.1.18 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin Booking Manager versions = 2.1.18...

WordPress WPComplete plugin <= 2.9.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin WPComplete versions = 2.9.5.4...

WordPress LiteSpeed Cache plugin <= 7.7 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin LiteSpeed Cache versions = 7.7...

WordPress WP Travel Pro plugin <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators vulnerability

Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators vulnerability discovered by Ren Voza in WordPress Plugin WP Travel Pro versions = 10.6.0...

WordPress WooCommerce Infinite Scroll and Ajax Pagination plugin <= 1.8 - Authenticated (Subscriber+) PHP Object Injection vulnerability

Authenticated Subscriber+ PHP Object Injection vulnerability discovered by cuokon in WordPress Plugin WooCommerce Infinite Scroll versions = 1.8...

WordPress Link Whisper Free plugin <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin Link Whisper Free versions = 0.9.0...

WordPress StatCounter – Free Real Time Visitor Stats plugin <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin StatCounter versions = 2.1.1...

WordPress OTP Login With Phone Number, OTP Verification plugin 1.8.50-1.8.60 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by luckybuddy in WordPress Plugin Login with phone number versions 1.8.50-1.8.60...

WordPress WP Maps Pro plugin <= 6.0.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by David Brown in WordPress Plugin Advanced Google Maps versions = 6.0.4...

WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by dodoh4t in WordPress Plugin Disable Comments for Any Post Types Remove comments versions = 1.3.0...

WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by kai63001 in WordPress Plugin WPify Woo Czech versions = 5.4.1...

WordPress Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification vulnerability

Missing Authorization to Unauthenticated Homepage Settings Modification vulnerability discovered by ? in WordPress Plugin Rank Math SEO versions = 1.0.271...

WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.4.9 - Unauthenticated Payment Bypass vulnerability

Unauthenticated Payment Bypass vulnerability discovered by Stranger825 in WordPress Plugin Contact Form 7 – PayPal & Stripe Add-on versions = 2.4.9...

WordPress Frontend Admin by DynamiApps plugin <= 3.28.8 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by ? in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.8...

WordPress Media Library Assistant plugin <= 3.35 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Media LIbrary Assistant versions = 3.35...

WordPress The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.15...