WordPress WP GeoNames plugin <= 1.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin WP GeoNames versions = 1.9.0.1...

WordPress Bukza plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Bukza versions = 2.0.0...

WordPress Plezi plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Plezi versions = 1.0.6...

WordPress GS Books Showcase plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Books Showcase versions = 1.3.1...

WordPress GS Filterable Portfolio plugin <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Filterable Portfolio versions = 1.6.3...

WordPress WP Mailster plugin <= 1.8.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Mailster versions = 1.8.17.0...

WordPress Integrate Firebase plugin <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Integrate Firebase versions = 0.9.3...

WordPress Smart Agenda plugin <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Smart Agenda versions = 4.6...

WordPress WPB Show Core plugin < 2.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WPB Show Core versions 2.7...

WordPress Salon booking system plugin < 9.6.3 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by cyc707 in WordPress Plugin Salon booking system versions 9.6.3...

WordPress Arena.IM - Live Blogging for real-time events plugin <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Arena.IM - Live Blogging for real-time events plugin = 0.3.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Arena.IM – Live Blogging for real-time events versions = 0.3.0...

WordPress Password for WP plugin <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Password for WP versions = 1.5...

WordPress Catch Popup plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Catch Popup versions = 1.4.4...

WordPress WordPress Pinterest Plugin - Make a Popup, User Profile, Masonry and Gallery Layout plugin <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress WordPress Pinterest Plugin - Make a Popup, User Profile, Masonry and Gallery Layout plugin = 1.8.8 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Pins for Pinterest versions = 1.8.8...

WordPress Brizy - Page Builder plugin <= 2.4.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes vulnerability

WordPress Brizy - Page Builder plugin = 2.4.43 - Authenticated Contributor+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by wesley wcraft in WordPress Plugin Brizy versions = 2.4.43...

WordPress Contact Form 7 Connector plugin < 1.2.3 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Contact Form 7 Connector versions 1.2.3...

WordPress WP Courses LMS plugin <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary User Meta Update vulnerability discovered by Thanh Nam Tran in WordPress Plugin WP Courses LMS versions = 3.2.21...

WordPress IdeaPush plugin <= 8.71 - Missing Authorization to Board Term Deletion vulnerability

Missing Authorization to Board Term Deletion vulnerability discovered by Lucio Sá in WordPress Plugin IdeaPush versions = 8.71...

WordPress Store Locator plugin <= 3.98.9 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Jay Nguyen in WordPress Plugin Store Locator versions 3.98.9...

WordPress Koalendar plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via height Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Koalendar versions = 1.0.2...

WordPress Social Media Shortcodes plugin <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Social Media Shortcodes versions = 1.3.0...

WordPress Tabs Maker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Pham Van Tam - The Vietnamese Security Network - VSEC in WordPress Plugin Tabs Maker versions = 1.0...

WordPress Add infos to the events calendar plugin <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Add infos to the events calendar versions = 1.4.1...

WordPress Integrate Google Drive plugin <= 1.3.8 - Missing Authorization to Unauthenticated Settings Modification and Export vulnerability

Missing Authorization to Unauthenticated Settings Modification and Export vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Integrate Google Drive versions = 1.3.8...

WordPress FAQ And Answers - Create Frequently Asked Questions Area on WP Sites plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress FAQ And Answers - Create Frequently Asked Questions Area on WP Sites plugin = 1.1.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin FAQ And Answers – Create Frequently Asked Questions Area on WP Sites versions = 1....

WordPress My IDX Home Search plugin <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin My IDX Home Search versions = 2.1.1...

WordPress PowerBI Embed Reports plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin PowerBI Embed Reports versions = 1.1.7...

WordPress Classic Addons - WPBakery Page Builder plugin <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion vulnerability

WordPress Classic Addons - WPBakery Page Builder plugin = 3.0 - Authenticated Contributor+ Limited Local PHP File Inclusion vulnerability discovered by Nishiv - Developer in WordPress Plugin Classic Addons – WPBakery Page Builder versions = 3.0...

WordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation vulnerability

Missing Authorization to Authenticated Subscriber+ New Filter Creation vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Message Filter for Contact Form 7 versions = 1.6.3...

WordPress Snippet Shortcodes plugin <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion vulnerability

Authenticated Subscriber+ Shortcode Deletion vulnerability discovered by theviper17y in WordPress Plugin Snippet Shortcodes versions = 4.1.6...

WordPress ElementInvader Addons for Elementor plugin <= 1.3.1 - Missing Authorization to Arbitrary Options Read vulnerability

Missing Authorization to Arbitrary Options Read vulnerability discovered by Francesco Carlucci in WordPress Plugin ElementInvader Addons for Elementor versions = 1.3.1...

WordPress User Profile Builder plugin < 3.15.2 - Unauthenticated Arbitrary Password Reset vulnerability

Unauthenticated Arbitrary Password Reset vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Profile Builder versions 3.15.2...

WordPress Payment Button for PayPal plugin <= 1.2.3.41 - Missing Authorization to Unauthenticated Arbitrary Order Creation vulnerability

Missing Authorization to Unauthenticated Arbitrary Order Creation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Payment Button for PayPal versions = 1.2.3.41...

WordPress Accept Stripe Payments Using Contact Form 7 plugin <= 2.5 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Joshua Chan in WordPress Plugin Accept Stripe Payments Using Contact Form 7 versions = 2.5...

WordPress Child Theme Creator by Orbisius plugin <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete vulnerability

Missing Authorization to Authenticated Subscriber+ Cloud Snippet Update/Delete vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Child Theme Creator versions = 1.5.5...

WordPress Web3 Cryptocurrency Payments by DePay for WooCommerce plugin <= 2.12.17 - Missing Authorization to Information Exposure vulnerability

Missing Authorization to Information Exposure vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Web3 Cryptocurrency Payments by DePay for WooCommerce versions = 2.12.17...

WordPress Post to Pdf plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Post to Pdf versions = 1.0...

WordPress Smart PopUp Blaster plugin <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Smart PopUp Blaster versions = 1.4.3...

WordPress WP-Revive Adserver plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WP-Revive Adserver versions = 2.2.1...

WordPress Ganohrs Toggle Shortcode plugin <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ganohrs Toggle Shortcode versions = 0.2.4...

WordPress GeoDataSource Country Region DropDown plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin GeoDataSource Country Region DropDown versions = 1.0.1...

WordPress Simple Locator plugin <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Locator versions = 2.0.3...

WordPress Tickera plugin <= 3.5.4.8 - Unauthenticated Customer Data Exposure vulnerability

Unauthenticated Customer Data Exposure vulnerability discovered by WordFence in WordPress Plugin Tickera versions = 3.5.4.8...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Staff Widget vulnerability discovered by zer0gh0st in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.2...

WordPress bodi0’s Easy Cache plugin <= 0.8 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Lokesh Dachepalli in WordPress Plugin bodi0’s Easy Cache versions = 0.8...

WordPress Brizy plugin <= 2.4.40 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nikolas - mdr in WordPress Plugin Brizy versions = 2.4.40...

WordPress EventPrime plugin <= 3.4.2 - Unauthenticated Booking Payment Bypass vulnerability

Unauthenticated Booking Payment Bypass vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.2...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom JS vulnerability discovered by Webbernaut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_timeline' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'auxtimeline' Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

WordPress Tutor LMS plugin <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action vulnerability

Authenticated Subscriber+ Information Disclosure in Coupon Details via 'tutorcoupondetails' AJAX Action vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.5...