WordPress Mollie Payments for WooCommerce plugin <= 8.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Mollie Payments for WooCommerce versions = 8.1.1...

WordPress JetEngine plugin <= 3.8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin JetEngine versions = 3.8.0...

WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.5.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Slider Responsive Slideshow – Image slider, Gallery slideshow versions = 1.5.4...

WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery versions = 1.6.0...

WordPress WP FullCalendar plugin <= 1.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin WP FullCalendar versions = 1.6...

WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin PDF for Elementor Forms + Drag And Drop Template Builder versions = 6.3.1...

WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin PDF for WPForms versions = 6.3.0...

WordPress FiveStar theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FiveStar versions = 1.7...

WordPress Belletrist theme <= 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Belletrist versions = 1.2...

WordPress PJ | Life & Business Coaching theme <= 3.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PJ | Life & Business Coaching versions = 3.0.0...

WordPress HealthFirst theme <= 1.0.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme HealthFirst versions = 1.0.1...

WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Struktur versions = 2.5.1...

WordPress Lorem Ipsum | Books & Media Store theme <= 1.2.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lorem Ipsum | Books & Media Store versions = 1.2.6...

WordPress Extreme Store theme <= 1.5.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Extreme Store versions = 1.5.7...

WordPress Bravis Addons plugin <= 1.1.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Bravis Addons versions = 1.1.9...

WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Paid Member Subscriptions versions = 2.16.8...

WordPress WooODT Lite plugin <= 2.5.2 - Payment Bypass Vulnerability vulnerability

Payment Bypass Vulnerability vulnerability discovered by benzdeus in WordPress Plugin WooODT Lite versions = 2.5.2...

WordPress Cnvrse plugin <= 026.02.10.20 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Jitlada in WordPress Plugin Cnvrse versions = 026.02.10.20...

WordPress FreightCo theme <= 1.1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FreightCo versions = 1.1.7...

WordPress R&F theme <= 1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme R&F versions = 1.5...

WordPress Yokoo theme <= 1.1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Yokoo versions = 1.1.11...

WordPress Cobble theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cobble versions = 1.7...

WordPress Plank theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Plank versions = 1.7...

WordPress Tint theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tint versions = 1.7...

WordPress Splendour theme <= 1.23 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Splendour versions = 1.23...

WordPress Gable theme <= 1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Gable versions = 1.5...

WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nika versions = 1.2.14...

WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Diza versions = 1.3.15...

WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Fana versions = 1.1.35...

WordPress New User Approve plugin <= 3.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin New User Approve versions = 3.2.0...

WordPress Exzo theme <= 1.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Exzo versions = 1.2.4...

WordPress Prestige theme < 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Prestige versions 1.4.1...

WordPress Prestige theme < 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Prestige versions 1.4.1...

WordPress Modal Popup Box plugin <= 1.6.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Modal Popup Box versions = 1.6.1...

WordPress Zota theme <= 1.3.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Zota versions = 1.3.14...

WordPress Master Addons plugin <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget vulnerability

Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget vulnerability discovered by Webbernaut in WordPress Plugin Master Addons for Elementor versions = 2.0.6.1...

WordPress Download Manager Addons for Elementor plugin <= 1.3.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by NumeX in WordPress Plugin Download Manager Addons for Elementor versions = 1.3.0...

WordPress iMoney plugin <= 0.36 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin iMoney versions = 0.36...

WordPress Diamond theme <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Diamond versions = 2.4.8...

WordPress Custom Block Builder - Lazy Blocks plugin <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution vulnerability

WordPress Custom Block Builder - Lazy Blocks plugin = 4.2.0 - Authenticated Contributor+ Remote Code Execution vulnerability discovered by Youssef Elouaer - ISET ZAGHOUAN in WordPress Plugin Lazy Blocks versions = 4.2.0...

WordPress Twitter posts to Blog plugin <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Twitter posts to Blog versions = 1.11.25...

WordPress SlimStat Analytics plugin <= 5.3.1 - Authenticated (Subscriber+) SQL Injection via `args` Parameter vulnerability

Authenticated Subscriber+ SQL Injection via args Parameter vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Slimstat Analytics versions = 5.3.1...

WordPress Videospirecore Theme Plugin plugin <= 1.0.6 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover vulnerability

Authenticated Subscriber+ Privilege Escalation via User Email Change/Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Videospirecore Theme versions = 1.0.6...

WordPress Migration, Backup, Staging plugin <= 0.9.123 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin WPvivid Backup and Migration versions = 0.9.123...

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more vulnerability

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin = 1.3.2 - Unauthenticated Protected Post Exposure via ajaxpostgridloadmore vulnerability discovered by Webbernaut in WordPress Plugin WPZOOM Addons for Elementor versions = 1.3.2...

WordPress IDE Micro code-editor plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin IDE Micro code-editor versions = 1.0.0...

WordPress BuddyHolis ListSearch plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin BuddyHolis ListSearch versions = 1.1...

WordPress WDES Responsive Popup plugin <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'attr' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'attr' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WDES Responsive Popup versions = 1.3.6...

WordPress Invoct - PDF Invoices & Billing for WooCommerce plugin <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability

WordPress Invoct - PDF Invoices & Billing for WooCommerce plugin = 1.6 - Missing Authorization to Authenticated Subscriber+ Information Exposure vulnerability discovered by WordFence in WordPress Plugin Invoct – PDF Invoices & Billing for WooCommerce versions = 1.6...

WordPress MMA Call Tracking plugin <= 2.3.15 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin MMA Call Tracking versions = 2.3.15...