WordPress User Extra Fields plugin <= 16.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin User Extra Fields versions = 16.8...

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.5 - Unauthenticated Stored Cross-Site Scripting vulnerability

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.5 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by w41bu1 - VNPT Cyber Immunity in WordPress Plugin LatePoint versions = 5.2.5...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by w41bu1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.4...

WordPress Coachify theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Coachify versions = 1.1.5...

WordPress Coachify theme <= 1.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Coachify versions = 1.1.5...

WordPress Secure Copy Content Protection and Content Locking plugin <= 5.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by w41bu1 in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 5.0.0...

WordPress Shopwell theme <= 1.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Shopwell versions = 1.0.11...

WordPress Sigmize plugin <= 0.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Sigmize versions = 0.0.9...

WordPress Endless Posts Navigation plugin <= 2.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Endless Posts Navigation versions = 2.2.9...

WordPress The Bucketlister plugin <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Bucket List Modification vulnerability discovered by Ivan Cese in WordPress Plugin The Bucketlister versions = 0.1.5...

WordPress The Bucketlister plugin <= 0.1.5 - Authenticated (Contributor+) SQL Injection via `category` and `id` Shortcode Attributes vulnerability

Authenticated Contributor+ SQL Injection via category and id Shortcode Attributes vulnerability discovered by Ivan Cese in WordPress Plugin The Bucketlister versions = 0.1.5...

WordPress Video Onclick plugin <= 0.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Video Onclick versions = 0.4.7...

WordPress Simple Bible Verse via Shortcode plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin Simple Bible Verse via Shortcode versions = 1.1...

WordPress Wikiloops Track Player plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Wikiloops Track Player versions = 1.0.1...

WordPress Advanced Country Blocker plugin <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability

Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability discovered by Hector Flores in WordPress Plugin Advanced Country Blocker versions = 2.3.1...

WordPress TITLE ANIMATOR plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin TITLE ANIMATOR versions = 1.0...

WordPress OMIGO plugin <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin OMIGO versions = 3.3...

WordPress Wonka Slide plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Wonka Slide versions = 1.3.3...

WordPress Bold Page Builder plugin <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Bold Page Builder versions = 5.4.8...

WordPress Bold Page Builder plugin <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid vulnerability

Authenticated Author+ Stored DOM-based Cross-Site Scripting in Post Grid vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Bold Page Builder versions = 5.5.3...

WordPress Bold Page Builder plugin <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via btbbaccordionitem Shortcode vulnerability discovered by theviper17y in WordPress Plugin Bold Page Builder versions = 5.5.7...

WordPress Bold Builder plugin <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via btbbtabs Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Bold Page Builder versions = 5.5.1...

WordPress AIomatic - Automatic AI Content Writer plugin <= 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability

WordPress AIomatic - Automatic AI Content Writer plugin = 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability discovered by István Márton - Wordfence in WordPress Plugin Aiomatic versions = 2.0.5...

WordPress Form Maker by 10Web plugin <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field vulnerability

Unauthenticated Stored Cross-Site Scripting via Hidden Field vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Form Maker by 10Web versions = 1.15.35...

WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by johska in WordPress Plugin PublishPress Authors versions = 4.10.1...

WordPress OS DataHub Maps plugin <= 1.8.3 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by Williwollo CybrX in WordPress Plugin OS DataHub Maps versions = 1.8.3...

WordPress Form Maker by 10Web plugin <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG file vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Form Maker by 10Web versions = 1.15.35...

WordPress PeproDev WooCommerce Receipt Uploader plugin <= 2.6.9 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin PeproDev WooCommerce Receipt Uploader versions = 2.6.9...

WordPress Mail Mint plugin <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by w41bu1 - VNPT Cyber Immunity in WordPress Plugin Mail Mint versions = 1.19.2...

WordPress Library Viewer plugin < 3.2.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Muhammad Rohan khan in WordPress Plugin Library Viewer versions 3.2.0...

WordPress EventON-RSVP plugin < 2.9.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by kauenavarro in WordPress Plugin EventON-RSVP versions 2.9.5...

WordPress Meris theme <= 1.2.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Angelo Delicato in WordPress Theme Meris versions = 1.1.2...

WordPress Essential Blocks plugin < 4.4.3 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Marc Montpas in WordPress Plugin Essential Blocks for Gutenberg versions 4.4.3...

WordPress WP Duplicate plugin <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action vulnerability

Authenticated Subscriber+ Arbitrary File Upload via 'processaddsite' AJAX Action vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WP Duplicate versions = 1.1.8...

WordPress Yoast SEO plugin <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'yoast-schema' Block Attribute vulnerability discovered by dragonzenai - AhnLab in WordPress Plugin Yoast SEO versions = 26.8...

WordPress Events Listing Widget plugin <= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Event URL Field vulnerability discovered by WordFence in WordPress Plugin Events Listing Widget versions = 1.3.4...

WordPress Code Snippets plugin <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability

Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability discovered by type5afe in WordPress Plugin Code Snippets versions = 3.9.4...

WordPress Employee Directory plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'formtitle' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Employee Directory versions = 1.2.1...

WordPress Docus plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Docus versions = 1.0.6...

WordPress WaveSurfer-WP plugin <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability discovered by Ivan Cese in WordPress Plugin WaveSurfer-WP versions = 2.8.3...

WordPress Orange Confort+ accessibility toolbar for WordPress plugin <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Orange Comfort+ accessibility toolbar for WordPress versions = 0.7...

WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 6.26.14 - Missing Authorization vulnerability

WordPress OAuth Single Sign On - SSO OAuth Client plugin = 6.26.14 - Missing Authorization vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin OAuth Single Sign On – SSO OAuth Client versions = 6.26.14...

WordPress Timeline Block plugin <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute vulnerability

Insecure Direct Object Reference to Authenticated Author+ Private Timeline Exposure via Shortcode Attribute vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Timeline Block versions = 1.3.3...

WordPress Product Enquiry for WooCommerce plugin < 3.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Product Enquiry for WooCommerce versions 3.1...

WordPress Ultimate Maps by Supsystic plugin < 1.2.16 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Mert Umut in WordPress Plugin Ultimate Maps by Supsystic versions 1.2.16...

WordPress WP Customer Area plugin < 8.2.1 - Subscriber+ Account Address Update vulnerability

Subscriber+ Account Address Update vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin WP Customer Area versions 8.2.1...

WordPress Post SMTP plugin < 2.8.7 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Alex Sanford in WordPress Plugin Post SMTP versions 2.8.7...

WordPress easy.jobs plugin < 2.4.7 - Subscriber+ Arbitrary Settings Update vulnerability

Subscriber+ Arbitrary Settings Update vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin EasyJobs versions 2.4.7...

WordPress CommentTweets plugin <= 0.6 - Settings Update via CSRF vulnerability

Settings Update via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin CommentTweets versions = 0.6...

WordPress Keap Official Opt-in Forms plugin < 1.0.12 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by MINGYOUNG BAN in WordPress Plugin Keap Official Opt-in Forms versions 1.0.12...