WordPress The Plus Addons for Elementor plugin <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member Listing vulnerability

Authenticated Contributor+ Local File Inclusion via Team Member Listing vulnerability discovered by wesley wcraft in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.1...

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Global Badge Module vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Global Badge Module vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

WordPress Run Contests, Raffles, and Giveaways with ContestsWP plugin <= 2.0.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin Run Contests, Raffles, and Giveaways with ContestsWP versions = 2.0.7...

WordPress CMSMasters Content Composer plugin <= 1.4.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin CMSMasters Content Composer versions = 1.4.5...

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Mouse Cursor Module vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Premium Magic Scroll Module vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Premium Magic Scroll Module vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

WordPress Essential Blocks plugin <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Essential Blocks for Gutenberg versions = 4.5.3...

WordPress Squelch Tabs and Accordions Shortcodes plugin <= 0.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via accordions Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via accordions Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Squelch Tabs and Accordions Shortcodes versions = 0.4.3...

WordPress Exclusive Addons for Elementor plugin <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Post Grid vulnerability discovered by wesley wcraft in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.2...

WordPress Essential Addons for Elementor plugin <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Essential Addons for Elementor versions = 5.9.11...

WordPress Font Farsi plugin <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by emad in WordPress Plugin Font Farsi versions = 1.6.6...

WordPress EmbedPress plugin <= 3.9.12 - Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color' vulnerability

Authenticated Contributor+ Stored Cross-site Scripting via 'embedpressdoccustomcolor' vulnerability discovered by WordFence in WordPress Plugin EmbedPress versions = 3.9.12...

WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover Card vulnerability

Authenticated Contibutor+ Stored Cross-Site Scripting via Hover Card vulnerability discovered by Colin Xu in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.5.4...

WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Age Gate vulnerability discovered by Phuoc Pham p3tl0v3r - VNPT Cyber Immunity in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via titletag vulnerability discovered by wesley wcraft in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Title HTML Tag vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Page Title HTML Tag vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Calendy vulnerability discovered by ST in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.971 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Royal Elementor Addons versions = 1.3.971...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via HTML Tags vulnerability discovered by WordFence in WordPress Plugin Royal Elementor Addons versions = 1.3.971...

WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Tags vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Widget Tags vulnerability discovered by João G. Barbosa 4rCanJ0x! in WordPress Plugin themesflat-addons-for-elementor versions = 2.1.2...

WordPress SVS Pricing Tables plugin <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Deletion vulnerability

Cross-Site Request Forgery to Pricing Table Deletion vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin SVS Pricing Tables versions = 1.0.4...

WordPress Elementor Addons by Livemesh plugin <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Various Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Various Widgets vulnerability discovered by wesley wcraft in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.7...

WordPress WPB Elementor Addons plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin WPB Elementor Addons versions = 1.0.9...

WordPress Easy WP SMTP by SendLayer plugin <= 2.3.0 - Exposure of Sensitive Information via the UI vulnerability

Exposure of Sensitive Information via the UI vulnerability discovered by Finsand in WordPress Plugin Easy WP SMTP versions = 2.3.0...

WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...

WordPress Jeg Elementor Kit plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Testimonial vulnerability discovered by wesley wcraft in WordPress Plugin Jeg Elementor Kit versions = 2.6.3...

WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by Tim Coen in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...

WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...

WordPress EmbedPress plugin <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Youtube Block vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin EmbedPress versions = 3.9.14...

WordPress Bold Page Builder plugin <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Widget URL Attribute vulnerability discovered by wesley wcraft in WordPress Plugin Bold Page Builder versions = 4.8.8...

WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Grid Widget vulnerability

WordPress HT Mega - Absolute Addons For Elementor plugin = 2.4.9 - Authenticated Contributor+ Stored Cross-Site Scripting via Image Grid Widget vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin HT Mega versions = 2.4.9...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'auxgmaps' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

WordPress Colibri Page Builder plugin <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'colibribreadcrumbelement' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Colibri Page Builder versions = 1.0.272...

WordPress Colibri Page Builder plugin <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_video_player Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via colibrivideoplayer Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Colibri Page Builder versions = 1.0.276...

WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via URLs vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via URLs vulnerability discovered by Ankit Patel in WordPress Plugin themesflat-addons-for-elementor versions = 2.1.2...

WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Titles vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Widget Titles vulnerability discovered by Vincent Bao in WordPress Plugin themesflat-addons-for-elementor versions = 2.1.2...

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 5.5.2 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin The Plus Addons for Elementor Page Builder Lite...

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 5.5.2 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin The Plus Addons for Elementor Page Builder Lite...

WordPress Elementor Addon Elements plugin <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.13.5...

WordPress Slider Revolution plugin <= 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting via Add Layer class, id, and title Attributes vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Add Layer class, id, and title Attributes vulnerability discovered by wesley wcraft in WordPress Plugin Slider Revolution versions = 6.7.10...

WordPress Slider Revolution plugin <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Elementor wrapperid and zindex vulnerability discovered by stealthcopter in WordPress Plugin Slider Revolution versions = 6.7.10...

WordPress WooCommerce - PDF Vouchers plugin <= 4.9.3 - Authentication Bypass to Voucher Vendor vulnerability

WordPress WooCommerce - PDF Vouchers plugin = 4.9.3 - Authentication Bypass to Voucher Vendor vulnerability discovered by István Márton - Wordfence in WordPress Plugin WooCommerce PDF Vouchers versions = 4.9.3...

WordPress Zephyr Project Manager plugin <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation vulnerability

Authenticated Subscriber+ Limited Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Zephyr Project Manager versions = 3.3.101...

WordPress WooCommerce Social Login plugin <= 2.7.3 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Vu Nguyen maxntv in WordPress Plugin WooCommerce Social Login versions = 2.7.3...

WordPress WooCommerce Social Login plugin <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability

Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by Vu Nguyen maxntv in WordPress Plugin WooCommerce Social Login versions = 2.7.3...

WordPress WooCommerce Social Login plugin <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password vulnerability

Unauthenticated Privilege Escalation via One-Time Password vulnerability discovered by Vu Nguyen maxntv in WordPress Plugin WooCommerce Social Login versions = 2.7.3...

WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via contentblock Shortcode vulnerability discovered by Alex Thomas - Wordfence in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.0...

WordPress OSM plugin <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin OSM versions = 6.0.3...

WordPress Elementor Addons by Livemesh plugin <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Grid vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.7...