WordPress Happy Addons for Elementor plugin <= 3.20.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_elementor_data' Meta Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'elementordata' Meta Field vulnerability discovered by knani alaaeddine iwd in WordPress Plugin Happy Addons for Elementor versions = 3.20.7...

WordPress Unlimited Elements for Elementor plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Border Hero Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Border Hero Widget vulnerability discovered by zer0gh0st in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.1...

WordPress Spectra Gutenberg Blocks plugin <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive Data vulnerability

Unauthenticated Information Disclosure in Sensitive Data vulnerability discovered by johska in WordPress Plugin Spectra versions = 2.19.17...

WordPress WP ULike plugin <= 4.8.3.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Log Deletion via 'id' Parameter vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Log Deletion via 'id' Parameter vulnerability discovered by Pouria Shahba p0or1ya in WordPress Plugin WP ULike versions = 4.8.3.1...

WordPress Popup Box plugin <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change vulnerability

Cross-Site Request Forgery to Popup Status Change vulnerability discovered by w41bu1 - VNPT Cyber Immunity in WordPress Plugin Popup box versions = 6.1.1...

WordPress Relevanssi Premium plugin <= 2.25.0 - Missing Authorization to Unauthenticated Query Log Export vulnerability

Missing Authorization to Unauthenticated Query Log Export vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Relevanssi Premium versions = 2.25.0...

WordPress Relevanssi plugin <= 4.22.0 - Missing Authorization to Unauthenticated Query Log Export vulnerability

Missing Authorization to Unauthenticated Query Log Export vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Relevanssi versions = 4.22.0...

WordPress Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return vulnerability

WordPress Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin = 2.11.1 - Missing Authorization via pmsstripeconnecthandleauthorizationreturn vulnerability discovered by Lucio Sá in WordPress Plugin Paid Member Subscriptions versions = 2.11.1...

WordPress Elementor Addon Elements plugin <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Thumbnail Slider Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Thumbnail Slider Widget vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.12.12...

WordPress Elementor Addon Elements plugin <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Dual Button Widget vulnerability discovered by RandomRoot in WordPress Plugin Elementor Addon Elements versions = 1.12.12...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'titletag' vulnerability discovered by WordFence in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Price List Widget vulnerability discovered by wesley wcraft in WordPress Plugin Element Pack Elementor Addons versions = 5.6.0...

WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Panel Slider Widget vulnerability discovered by RandomRoot in WordPress Plugin Element Pack Elementor Addons versions = 5.6.0...

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Animated Text Widget vulnerability discovered by wesley wcraft in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Team Members Widget vulnerability discovered by Nikolas - mdr in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Slider Widget vulnerability discovered by 0liveira in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Multislider Widget vulnerability discovered by Drian - Pato Academy in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Carousel Widget vulnerability discovered by RandomRoot in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

WordPress Orbit Fox by ThemeIsle plugin <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via form widget addr2width attribute vulnerability discovered by wesley wcraft in WordPress Plugin Orbit Fox by ThemeIsle versions = 2.10.30...

WordPress Happy Addons for Elementor plugin <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Photo Stack Widget vulnerability discovered by RandomRoot in WordPress Plugin Happy Addons for Elementor versions = 3.10.3...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

WordPress EmbedPress plugin <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via PDF Widget URL vulnerability discovered by RandomRoot in WordPress Plugin EmbedPress versions = 3.9.10...

WordPress Categorify plugin <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategory vulnerability

Missing Authorization in categorifyAjaxRenameCategory vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...

WordPress Categorify plugin <= 1.0.7.4 - Missing Authorization in categorifyAjaxClearCategory vulnerability

Missing Authorization in categorifyAjaxClearCategory vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...

WordPress Categorify plugin <= 1.0.7.4 - Missing Authorization in categorifyAjaxUpdateFolderPosition vulnerability

Missing Authorization in categorifyAjaxUpdateFolderPosition vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...

WordPress Tutor LMS - Migration Tool plugin <= 2.2.0 - Missing Authorization in tutor_import_from_xml vulnerability

WordPress Tutor LMS - Migration Tool plugin = 2.2.0 - Missing Authorization in tutorimportfromxml vulnerability discovered by Francesco Carlucci in WordPress Plugin Tutor LMS – Migration Tool versions = 2.2.0...

WordPress Spectra - WordPress Gutenberg Blocks plugin <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block vulnerability

WordPress Spectra - WordPress Gutenberg Blocks plugin = 2.12.8 - Authenticated Contributor+ Stored Cross-Site Scripting via Image Gallery Block vulnerability discovered by wesley wcraft in WordPress Plugin Spectra versions = 2.12.8...

WordPress WPBakery Visual Composer plugin <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Title tag attribute vulnerability discovered by Nikolas - mdr in WordPress Plugin WPBakery Page Builder versions = 7.5...

WordPress WPBakery Visual Composer plugin <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Heading tag attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Heading tag attribute vulnerability discovered by Nikolas - mdr in WordPress Plugin WPBakery Page Builder versions = 7.5...

WordPress Categorify plugin <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxDeleteCategory vulnerability

Cross-Site Request Forgery via categorifyAjaxDeleteCategory vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...

WordPress Categorify plugin <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxClearCategory vulnerability

Cross-Site Request Forgery via categorifyAjaxClearCategory vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...

WordPress Categorify plugin <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxRenameCategory vulnerability

Cross-Site Request Forgery via categorifyAjaxRenameCategory vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...

WordPress Categorify plugin <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition vulnerability

Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...

WordPress Brizy - Page Builder plugin <= 2.4.41 - Authenticated(Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Brizy - Page Builder plugin = 2.4.41 - AuthenticatedContributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Brizy versions = 2.4.41...

WordPress Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks plugin <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks plugin = 2.2.80 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.80...

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Messenger Chat Widget vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multi Scroll Widget vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

WordPress ThirstyAffiliates plugin <= 3.11.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin ThirstyAffiliates versions = 3.11.9...

WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget vulnerability

WordPress HT Mega - Absolute Addons For Elementor plugin = 2.4.6 - Authenticated Contributor+ Stored Cross-Site Scripting via Lightbox Widget vulnerability discovered by wesley wcraft in WordPress Plugin HT Mega versions = 2.4.6...

WordPress FooGallery plugin <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Robert Kruczek ProXy - Safety-Online.pl in WordPress Plugin FooGallery versions = 2.4.14...

WordPress Elementor Addon Elements plugin <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.13.2...

WordPress Elementor Addon Elements plugin <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Twitter Widget vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.13.3...

WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin WPBITS Addons For Elementor Page Builder versions = 1.4...

WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget vulnerability

WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Info Table Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...

WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget vulnerability

WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Advanced Icons Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...

WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget vulnerability

WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Heading Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...

WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget vulnerability

WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Image Separator Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...

WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...

WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Box Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...

WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Testimonials Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...