WordPress Views for WPForms plugin <= 3.2.2 - Cross-Site Request Forgery via create_view vulnerability

Cross-Site Request Forgery via createview vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

WordPress Views for WPForms plugin <= 3.2.2 - Cross-Site Request Forgery via save_view vulnerability

Cross-Site Request Forgery via saveview vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

WordPress Views for WPForms plugin <= 3.2.2 - Missing Authorization via get_form_fields vulnerability

Missing Authorization via getformfields vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

WordPress Views for WPForms plugin <= 3.2.2 - Missing Authorization via create_view vulnerability

Missing Authorization via createview vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

WordPress Bulk Edit Post Titles plugin <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles vulnerability

Missing Authorization via bulkUpdatePostTitles vulnerability discovered by Francesco Carlucci in WordPress Plugin Bulk Edit Post Titles versions = 5.0.0...

WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes vulnerability

Authenticated Contributor+ Cross-Site Scripting via Elementor Widget URL Custom Attributes vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...

WordPress WebSub (FKA. PubSubHubbub) plugin <= 3.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Sh in WordPress Plugin WebSub versions = 3.1.4...

WordPress Royal Elementor Kit plugin <= 1.0.116 - Missing Authorization to Arbitrary Transient Update vulnerability

Missing Authorization to Arbitrary Transient Update vulnerability discovered by Sean Murphy in WordPress Theme Royal Elementor Kit versions = 1.0.116...

WordPress Schema App Structured Data plugin <= 2.2.0 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Francesco Carlucci in WordPress Plugin Schema App Structured Data versions = 2.2.0...

WordPress PDF Flipbook, 3D Flipbook - DearFlip plugin <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress PDF Flipbook, 3D Flipbook - DearFlip plugin = 2.2.26 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Daffa in WordPress Plugin DearFlip versions = 2.2.26...

WordPress Beaver Builder plugin <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Beaver Builder versions = 2.7.4.2...

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via restore_records() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via restorerecords vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...

WordPress WP ERP plugin <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection vulnerability

Authenticated Accounting Manager+ SQL Injection vulnerability discovered by Edwin Siebel edwinsiebel in WordPress Plugin WP ERP versions = 1.13.0...

WordPress WP AdCenter plugin <= 2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpadcenter_ad Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpadcenterad Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP AdCenter versions = 2.5.7...

WordPress Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.1...

WordPress ShopLentor plugin <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin ShopLentor versions = 2.8.1...

WordPress Shortcodes for Elementor plugin <= 1.0.4 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Shortcodes for Elementor versions = 1.0.4...

WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Order Deletion vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...

WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Import vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Import vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...

WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Installation vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Tutor LMS Elementor Addons versions = 2.1.5...

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin = 3.4.3 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.3...

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export vulnerability

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin = 3.4.1 - Missing Authorization to Authenticated Subscriber+ Event Export vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.1...

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via set_starred() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via setstarred vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...

WordPress SEOPress - On-site SEO plugin <= 7.5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress SEOPress - On-site SEO plugin = 7.5.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Daffa in WordPress Plugin SEOPress versions = 7.5.2.1...

WordPress WP eMember plugin < 10.6.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.7...

WordPress Redirects plugin <= 1.2.1 - Missing Authorization via save vulnerability

Missing Authorization via save vulnerability discovered by Francesco Carlucci in WordPress Plugin Redirects versions = 1.2.1...

WordPress Optimize More! – Images plugin <= 1.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Optimize More! Images versions = 1.1.3...

WordPress SevenHills theme <= 1.6.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme SevenHills versions = 1.6.2...

WordPress Authorsy plugin <= 1.0.6 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by NumeX in WordPress Plugin Authorsy versions = 1.0.6...

WordPress PhotoMe theme <= 5.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PhotoMe versions = 5.7.1...

WordPress Reflector plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Reflector versions = 1.2.2...

WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.8.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 5.8.0...

WordPress Subscribe2 plugin <= 10.44 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by chokri hammedi in WordPress Plugin Subscribe2 versions = 10.44...

WordPress Grand Conference theme <= 5.3.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Conference versions = 5.3.4...

WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WP Job Portal versions = 2.4.4...

WordPress WP Job Portal plugin <= 2.2.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.1...

WordPress Frontend Admin by DynamiApps plugin <= 3.24.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Max Boll b0lli - Max Boll - IT Security in WordPress Plugin Frontend Admin by DynamiApps versions = 3.24.5...

WordPress Kudos Donations plugin <= 3.2.9 - Reflected Cross-Site Scripting via 'add_query_arg' vulnerability

Reflected Cross-Site Scripting via 'addqueryarg' vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Kudos Donations versions = 3.2.9...

WordPress Frontend Admin by DynamiApps plugin <= 3.24.5 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Max Boll b0lli - Max Boll - IT Security in WordPress Plugin Frontend Admin by DynamiApps versions = 3.24.5...

WordPress Contact Form by BestWebSoft plugin <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_subject vulnerability

Reflected Cross-Site Scripting via cntctfrmcontactsubject vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Contact Form by BestWebSoft versions = 4.2.8...

WordPress Brizy plugin <= 2.4.43 - Authenticated(Contributor+) Stored Cross-Site Scripting via Form Functionality vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Form Functionality vulnerability discovered by RandomRoot in WordPress Plugin Brizy versions = 2.4.43...

WordPress WP Job Portal plugin <= 2.2.2 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.2...

WordPress WP Job Portal plugin <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() vulnerability

Authenticated Admin+ SQL Injection via wpjobportaldeactivate vulnerability discovered by WordFence in WordPress Plugin WP Job Portal versions = 2.2.2...

WordPress WP Job Portal plugin <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download vulnerability

Missing Authorization to Unauthenticated Arbitrary Resume Download vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.2...

WordPress WP Job Portal plugin <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox() vulnerability

Authenticated Admin+ SQL Injection via getFieldsForVisibleCombobox vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.2...

WordPress WP Job Portal plugin <= 2.2.2 - Missing Authorization to Limited Privilege Escalation vulnerability

Missing Authorization to Limited Privilege Escalation vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.2...

WordPress All-in-One Video Gallery plugin <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypass vulnerability

Authenticated Author+ Arbitrary File Upload via VTT Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin All-in-One Video Gallery versions = 4.5.7...

WordPress ONLYOFFICE DocSpace plugin <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin ONLYOFFICE DocSpace versions = 2.1.1...

WordPress IMS Countdown plugin <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin IMS Countdown versions = 1.3.5...

WordPress Eveeno plugin <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Eveeno versions = 1.7...