WordPress My Tickets plugin <= 2.1.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin My Tickets versions = 2.1.0...

WordPress Profile Builder Pro plugin <= 3.13.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Profile Builder Pro versions = 3.13.9...

WordPress SiteGuard WP Plugin plugin <= 1.7.9 - Captcha Bypass vulnerability

Captcha Bypass vulnerability discovered by Ahmad in WordPress Plugin SiteGuard WP Plugin versions = 1.7.9...

WordPress Eagle Booking plugin <= 1.3.4.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin Eagle Booking versions = 1.3.4.3...

WordPress Sweet Date theme < 4.0.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Sweet Date versions 4.0.1...

WordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tennis Club versions = 1.2.3...

WordPress Kingler theme <= 1.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kingler versions = 1.7...

WordPress Dentario theme <= 1.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Dentario versions = 1.5...

WordPress Simple Membership plugin <= 4.7.0 - Unauthenticated Improper Handling of Missing Values vulnerability

Unauthenticated Improper Handling of Missing Values vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin Simple Membership versions = 4.7.0...

WordPress WP Customer Reviews plugin <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter vulnerability

Reflected Cross-Site Scripting via 'wpcr3fname' Parameter vulnerability discovered by WordFence in WordPress Plugin WP Customer Reviews versions = 3.7.5...

WordPress Shield Security plugin <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter vulnerability

Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.8...

WordPress xmlrpc attacks blocker plugin <= 1.0 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin xmlrpc attacks blocker versions = 1.0...

WordPress iXML - Google XML sitemap generator plugin <= 0.6 - Reflected Cross-Site Scripting via 'iXML_email' Parameter vulnerability

WordPress iXML - Google XML sitemap generator plugin = 0.6 - Reflected Cross-Site Scripting via 'iXMLemail' Parameter vulnerability discovered by johska in WordPress Plugin iXML versions = 0.6...

WordPress Easy Author Image plugin <= 1.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Picture URL vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Profile Picture URL vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Easy Author Image versions = 1.7...

WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Teemu Saarentaus in WordPress Plugin Woocommerce Wholesale Lead Capture versions = 2.0.3.1...

WordPress Wholesale Suite plugin <= 2.2.6 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Teemu Saarentaus in WordPress Plugin Wholesale Suite versions = 2.2.6...

WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Teemu Saarentaus in WordPress Plugin Woocommerce Wholesale Lead Capture versions = 2.0.3.1...

WordPress EventPrime plugin <= 4.2.8.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin EventPrime versions = 4.2.8.3...

WordPress Smartsupp - live chat, AI shopping assistant and chatbots plugin <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

WordPress Smartsupp - live chat, AI shopping assistant and chatbots plugin = 3.9.1 - Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Smartsupp – live chat, chatbots, AI and lead generation versions = 3.9.1...

WordPress Checkout Field Manager (Checkout Manager) for WooCommerce plugin <= 7.8.1 - Unauthenticated Limited File Upload vulnerability

Unauthenticated Limited File Upload vulnerability discovered by Jamiryoo in WordPress Plugin WooCommerce Checkout Manager versions = 7.8.1...

WordPress Aruba HiSpeed Cache plugin <= 3.0.2 - Missing Authorization to Unauthenticated Plugin's Settings Modification vulnerability

Missing Authorization to Unauthenticated Plugin's Settings Modification vulnerability discovered by mikemyers in WordPress Plugin Aruba HiSpeed Cache versions = 3.0.2...

WordPress Ads Pro plugin <= 5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 5.0...

WordPress Aruba HiSpeed Cache plugin <= 3.0.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin Aruba HiSpeed Cache versions = 3.0.2...

WordPress Ultimate Member plugin <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters vulnerability

Reflected Cross-Site Scripting via Filter Parameters vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Ultimate Member versions = 2.11.1...

WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Image Optimizer by Elementor versions = 1.7.1...

WordPress wpForo Forum plugin <= 2.4.14 - Unauthenticated Time-Based SQL Injection vulnerability

Unauthenticated Time-Based SQL Injection vulnerability discovered by Youssef Elouaer in WordPress Plugin wpForo Forum versions = 2.4.14...

WordPress Product Table and List Builder for WooCommerce Lite plugin <= 4.6.2 - Unauthenticated Time-Based SQL Injection via 'search' Parameter vulnerability

Unauthenticated Time-Based SQL Injection via 'search' Parameter vulnerability discovered by Nguyen Ba Hung bashu - KCSC in WordPress Plugin WooCommerce Product Table Lite versions = 4.6.2...

WordPress Master Addons For Elementor plugin <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'maelbhtablebtntext' vulnerability discovered by Thanakorn Bunsin - KMITL in WordPress Plugin Master Addons for Elementor versions = 2.1.1...

WordPress Quiz Maker plugin <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Quiz Maker versions = 6.7.1.7...

WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Ally versions = 4.0.2...

WordPress Advanced AJAX Product Filters plugin <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility vulnerability

Authenticated Author+ PHP Object Injection via Live Composer Compatibility vulnerability discovered by WordFence in WordPress Plugin Advanced AJAX Product Filters versions = 3.1.9.6...

WordPress Brevo plugin <= 3.3.0 - Unauthenticated Authorization Bypass via Type Juggling vulnerability

Unauthenticated Authorization Bypass via Type Juggling vulnerability discovered by ISMAILSHADOW in WordPress Plugin Brevo versions = 3.3.0...

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Modification vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Blog2Social versions = 8.7.4...

WordPress Shield Security plugin <= 21.0.8 - Cross-Site Request Forgery to SQL Injection vulnerability

Cross-Site Request Forgery to SQL Injection vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.8...

WordPress Checkout Field Manager (Checkout Manager) for WooCommerce plugin <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by NosleeP++ in WordPress Plugin WooCommerce Checkout Manager versions = 7.8.5...

WordPress Prodigy Commerce plugin <= 3.2.9 - Unauthenticated Local File Inclusion via parameters[template_name] vulnerability

Unauthenticated Local File Inclusion via parameterstemplatename vulnerability discovered by WordFence in WordPress Plugin Prodigy Commerce versions = 3.2.9...

WordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Jitlada in WordPress Plugin URL Shortify versions = 1.12.3...

WordPress Orderable plugin <= 1.20.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Installation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Orderable versions = 1.20.0...

WordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin WP-Lister Lite for eBay versions = 3.8.5...

WordPress Two Factor (2FA) Authentication via Email plugin <= 1.9.8 - Two-Factor Authentication Bypass via token vulnerability

Two-Factor Authentication Bypass via token vulnerability discovered by Ulyses Saicha in WordPress Plugin Two Factor 2FA Authentication via Email versions = 1.9.8...

WordPress Library Management System plugin <= 3.2.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by WordFence in WordPress Plugin Library Management System versions = 3.2.1...

WordPress Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent plugin <= 4.1.2 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.1.2...

WordPress Video Conferencing with Zoom API plugin < 4.6.6 - Unauthenticated SDK Signature Generation vulnerability

Unauthenticated SDK Signature Generation vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Video Conferencing with Zoom versions 4.6.6...

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name vulnerability

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.37 - Authenticated Subscriber+ SQL Injection via File Name vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.37...

WordPress s2Member plugin <= 260127 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Alyudin Nafiie in WordPress Plugin s2Member versions = 260127...

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function vulnerability

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via idonatedonorprofile Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.1.5-2.1.9...

WordPress Slider Future plugin <= 1.0.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Slider Future versions = 1.0.5...

WordPress Lizza LMS Pro plugin <= 1.0.3 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Lizza LMS Pro versions = 1.0.3...

WordPress Buyent Theme (with Buyent Classified Plugin) plugin <= 1.0.7 - Unauthenticated Privilege Escalation via User Registration vulnerability

Unauthenticated Privilege Escalation via User Registration vulnerability discovered by シルAsuna in WordPress Theme Buyent versions = 1.0.7...

WordPress WP AUDIO GALLERY plugin <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation vulnerability

Authenticated Subscriber+ Arbitrary File Read via .htaccess Manipulation vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP AUDIO GALLERY versions = 2.0...