WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Timetable and Event Schedule versions = 2.4.16...

WordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.9.6...

WordPress WP Meta and Date Remover plugin <= 2.3.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Meta and Date Remover versions = 2.3.6...

WordPress DearFlip plugin <= 2.4.29 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin DearFlip versions = 2.4.29...

WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass vulnerability

Authenticated Subscriber+ Authorization Bypass vulnerability discovered by Long Lagon in WordPress Plugin FOX versions = 1.4.6...

WordPress Duplicate Page and Post plugin <= 2.9.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by timomangcut in WordPress Plugin Duplicate Page and Post versions = 2.9.5...

WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Advanced Custom Fields: Font Awesome Field versions = 5.0.2...

WordPress Adminimize plugin <= 1.11.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin Adminimize versions = 1.11.11...

WordPress Facebook for WooCommerce plugin <= 3.7.0 - Open Redirection vulnerability

Open Redirection vulnerability discovered by timomangcut in WordPress Plugin Facebook for WooCommerce versions = 3.7.0...

WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian in WordPress Plugin SVG Support versions = 2.5.14...

WordPress Truemag theme <= 4.3.14.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Truemag versions = 4.3.14.2...

WordPress Roneous theme <= 2.1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Roneous versions = 2.1.5...

WordPress ITactics theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme ITactics versions = 1.0...

WordPress Line Agency theme <= 1.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Line Agency versions = 1.3.1...

WordPress Etude theme <= 1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Etude versions = 1.6...

WordPress Tipsy theme <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Tipsy versions = 1.1...

WordPress Resurs theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Resurs versions = 1.3...

WordPress Orpheus theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Orpheus versions = 1.3...

WordPress Eventicity theme <= 1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Eventicity versions = 1.5...

WordPress Spike theme <= 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Spike versions = 1.2...

WordPress Eros theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Eros versions = 1.3...

WordPress Gunslinger theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gunslinger versions = 1.7...

WordPress Choreo theme <= 1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Choreo versions = 1.6...

WordPress Skyward theme <= 1.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Skyward versions = 1.10...

WordPress WineShop theme <= 3.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme WineShop versions = 3.17...

WordPress Grecko theme <= 5.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Grecko versions = 5.17...

WordPress Snowy theme <= 1.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Snowy versions = 1.13...

WordPress Gita theme <= 1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gita versions = 1.11...

WordPress Printo theme <= 1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Printo versions = 1.11...

WordPress Granola theme <= 1.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Granola versions = 1.13...

WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gamic versions = 1.15...

WordPress SeedProd Pro plugin < 6.19.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SeedProd Pro versions 6.19.5...

WordPress Product Import Export for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Product Import Export for WooCommerce versions = 2.5.6...

WordPress Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending vulnerability

Missing Authorization to Authenticated Subscriber+ Email Sending vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Everest Forms versions = 3.4.7...

WordPress Advanced Custom Fields (ACF®) plugin <= 6.8.1 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Advanced Custom Fields versions = 6.8.1...

WordPress affiliate-toolkit plugin <= 3.8.7 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by Nguyen Quang Truong in WordPress Plugin affiliate-toolkit versions = 3.8.7...

WordPress Booking Calendar – Event Calendar plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by bashu - VN in WordPress Plugin Booking Calendar – Event Calendar versions = 2.1.6...

WordPress Query Shortcode plugin <= 0.2.1 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Query Shortcode versions = 0.2.1...

WordPress NS Product icon badge plugin <= 1.2.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin NS Product icon badge versions = 1.2.4...

WordPress Livemesh SiteOrigin Widgets plugin <= 3.9.2 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh SiteOrigin Widgets versions = 3.9.2...

WordPress WPBakery Page Builder Addons by Livemesh plugin <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

WordPress Livemesh Addons for Beaver Builder plugin <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for Beaver Builder versions = 3.9.2...

WordPress Enable jQuery Migrate Helper plugin <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade vulnerability

Missing Authorization to Authenticated Subscriber+ jQuery Version Downgrade vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Enable jQuery Migrate Helper versions = 1.4.1...

WordPress WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager plugin <= 2.3.5 - Authenticated (Author+) Remote Code Execution vulnerability

Authenticated Author+ Remote Code Execution vulnerability discovered by Win3 in WordPress Plugin WPCode versions = 2.3.5...

WordPress Firebase Support & Chat Management plugin <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Farrukh Ziyaev in WordPress Plugin Firebase Support & Chat Management versions = 3.1.1...

WordPress Login with NEAR plugin <= 0.3.3 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by g0wthr in WordPress Plugin Login with NEAR versions = 0.3.3...

WordPress Boost plugin <= 2.0.3 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Boost versions = 2.0.3...

WordPress Master Slider plugin <= 3.10.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Master Slider versions = 3.10.8...

WordPress GenerateBlocks plugin <= 2.1.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abu Hurayra in WordPress Plugin GenerateBlocks versions = 2.1.0...

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.10 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by dodoh4t in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.10...