WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Alexis Lafontaine in WordPress Plugin Post Timeline versions = 2.4.1...

WordPress GamiPress plugin <= 7.6.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by letchupkt in WordPress Plugin GamiPress versions = 7.6.6...

WordPress List category posts plugin <= 0.93.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin List category posts versions = 0.93.1...

WordPress LBG Zoominoutslider plugin <= 5.4.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin LBG Zoominoutslider versions = 5.4.5...

WordPress uListing plugin <= 2.2.0 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin uListing versions = 2.2.0...

WordPress Site Suggest plugin <= 1.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Site Suggest versions = 1.3.9...

WordPress Good Energy theme <= 1.7.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Good Energy versions = 1.7.7...

WordPress LambertGroup - AllInOne - Banner with Thumbnails plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress LambertGroup - AllInOne - Banner with Thumbnails plugin = 3.8 - Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin LambertGroup - AllInOne - Banner with Thumbnails versions = 3.8...

WordPress LambertGroup - AllInOne - Content Slider plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress LambertGroup - AllInOne - Content Slider plugin = 3.8 - Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin LambertGroup - AllInOne - Content Slider versions = 3.8...

WordPress LambertGroup - AllInOne - Banner with Playlist plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress LambertGroup - AllInOne - Banner with Playlist plugin = 3.8 - Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin LambertGroup - AllInOne - Banner with Playlist versions = 3.8...

WordPress AllInOne - Banner Rotator plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress AllInOne - Banner Rotator plugin = 3.8 - Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin AllInOne - Banner Rotator versions = 3.8...

WordPress Ultimate Learning Pro plugin <= 3.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Ultimate Learning Pro versions = 3.9.1...

WordPress WooCommerce License Manager plugin <= 7.0.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Bonds in WordPress Plugin WooCommerce License Manager versions = 7.0.6...

WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - SQL Injection vulnerability

WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin = 1.25 - SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Attractive Donations System - Easy Stripe & Paypal donations versions = 1.25...

WordPress ListingPro plugin <= 2.9.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin ListingPro versions = 2.9.8...

WordPress RH Frontend Publishing Pro plugin <= 4.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin RH Frontend Publishing Pro versions = 4.3.2...

WordPress Lawyer Directory plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Lawyer Directory versions = 1.3.2...

WordPress Muzicon theme <= 1.9.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Muzicon versions = 1.9.0...

WordPress smart SEO theme <= 2.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme smart SEO versions = 2.9...

WordPress Welldone theme <= 2.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Welldone versions = 2.4...

WordPress Nirvana theme <= 2.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Nirvana versions = 2.6...

WordPress Nirvana theme <= 2.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Nirvana versions = 2.6...

WordPress Dr.Patterson theme <= 1.3.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Dr.Patterson versions = 1.3.2...

WordPress Anderson theme <= 1.4.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Anderson versions = 1.4.2...

WordPress Veil theme <= 1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Veil versions = 1.9...

WordPress Notarius theme <= 1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Notarius versions = 1.9...

WordPress Midi theme <= 1.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Midi versions = 1.14...

WordPress Verse theme <= 1.7.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Verse versions = 1.7.0...

WordPress Little Birdies theme <= 1.3.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Little Birdies versions = 1.3.16...

WordPress UDesign theme <= 4.14.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme UDesign versions = 4.14.0...

WordPress Filr plugin <= 1.2.14 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Que Thanh Tuan in WordPress Plugin Filr versions = 1.2.14...

WordPress JetEngine plugin <= 3.7.2 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by stealthcopter in WordPress Plugin JetEngine versions = 3.7.2...

WordPress Royal Elementor Addons plugin <= 1.7.1051 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by mcdruid in WordPress Plugin Royal Elementor Addons versions = 1.7.1051...

WordPress Planaday API plugin <= 11.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Planaday API versions = 11.4...

WordPress MediCenter - Health Medical Clinic WordPress Theme theme <= 14.9 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress MediCenter - Health Medical Clinic WordPress Theme theme = 14.9 - Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme MediCenter - Health Medical Clinic versions = 14.9...

WordPress EM Cost Calculator plugin <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'customername' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Cost Calculator Pro versions = 2.3.1...

WordPress Responsive Lightbox & Gallery plugin < 2.6.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Responsive Lightbox versions 2.6.1...

WordPress OVRI Payment plugin 1.7.0 - Malicious .htaccess directive vulnerability

Malicious .htaccess directive vulnerability discovered by Marco Wotschka - Wordfence in WordPress Plugin OVRI Payment versions 1.7.0...

WordPress Worry Proof Backup plugin <= 0.2.4 - Authenticated (Subscriber+) Path Traversal via Backup Upload vulnerability

Authenticated Subscriber+ Path Traversal via Backup Upload vulnerability discovered by WordFence in WordPress Plugin Worry Proof Backup versions = 0.2.4...

WordPress User Registration & Membership plugin <= 5.1.2 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin User Registration versions = 5.1.2...

WordPress WP Responsive Images plugin <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src vulnerability

Unauthenticated Path Traversal to Arbitrary File Read via src vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Responsive Images versions = 1.0...

WordPress Meow Gallery plugin <= 5.4.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Meow Gallery versions = 5.4.4...

WordPress Advanced Woo Labels plugin <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter vulnerability

Authenticated Contributor+ Remote Code Execution via 'callback' Parameter vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin Advanced Woo Labels versions = 2.36...

WordPress User Registration & Membership plugin <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion vulnerability

Insecure Direct Object Reference to Unauthenticated Limited User Deletion vulnerability discovered by hoshino in WordPress Plugin User Registration versions = 5.1.2...

WordPress TP2WP Importer plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Watched domains' Textarea vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Watched domains' Textarea vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin TP2WP Importer versions = 1.1...

WordPress Custom Logo plugin <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Logo Path Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Custom Logo versions = 2.2...

WordPress WP Social Meta plugin <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP Social Meta versions = 1.0.1...

WordPress The Events Calendar plugin <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API vulnerability

Improper Authorization to Authenticated Contributor+ Event/Organizer/Venue Update/Trash via REST API vulnerability discovered by type5afe in WordPress Plugin The Events Calendar versions = 6.15.16...

WordPress Pochipp plugin < 1.18.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Pochipp versions 1.18.9...

WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin PDF Poster versions = 2.4.0...