WordPress Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin <= 5.7.17 - Missing Authorization vulnerability

WordPress Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin = 5.7.17 - Missing Authorization vulnerability discovered by Thura Moe Myint mgthuramoemyint in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.17...

WordPress Premium Addons for Elementor plugin <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'arrowstyle' vulnerability discovered by stealthcopter in WordPress Plugin Premium Addons for Elementor versions = 4.10.28...

WordPress Advanced Contact form 7 DB plugin <= 2.0.2 - Sensitive Information Exposure vulnerability

Sensitive Information Exposure vulnerability discovered by Tim Coen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.2...

WordPress Enter Addons plugin <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Animation Title widget img tag vulnerability discovered by Sebastião Gavião Sebastgav - Gavsec in WordPress Plugin Enter Addons versions = 2.1.5...

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline vulnerability discovered by stealthcopter in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...

WordPress Testimonial Carousel For Elementor plugin <= 10.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Testimonial Carousel For Elementor versions = 10.1.1...

WordPress Login Logout Register Menu plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Login Logout Register Menu versions = 2.0...

WordPress Essential Addons for Elementor plugin <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle vulnerability discovered by stealthcopter in WordPress Plugin Essential Addons for Elementor versions = 5.9.15...

WordPress Porto Theme - Functionality plugin <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta vulnerability

WordPress Porto Theme - Functionality plugin = 3.0.9 - Authenticated Contributor+ Local File Inclusion via Post Meta vulnerability discovered by István Márton - Wordfence in WordPress Plugin Porto Theme - Functionality versions = 3.0.9...

WordPress Salient Shortcodes plugin <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Shortcodes versions = 1.5.3...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Accordion Title Tags vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Advanced Accordion Title Tags vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Royal Elementor Addons versions = 1.3.971...

WordPress Salient Core plugin <= 2.0.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Core versions = 2.0.7...

WordPress Salient Shortcodes plugin <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Shortcodes versions = 1.5.3...

WordPress WP To Do plugin <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Task Comments vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via Task Comments vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin WP To Do versions = 1.3.0...

WordPress WP To Do plugin <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage() vulnerability

Cross-Site Request Forgery via wptodomanage vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin WP To Do versions = 1.3.0...

WordPress Testimonials Widget plugin <= 4.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via testimonials Shortcode vulnerability

Authenticated Author+ Stored Cross-Site Scripting via testimonials Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Testimonials Widget versions = 4.0.4...

WordPress Exclusive Addons for Elementor plugin <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Call to Action vulnerability discovered by stealthcopter in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.4...

WordPress WP To Do plugin <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings vulnerability

Cross-Site Request Forgery via wptodosettings vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin WP To Do versions = 1.3.0...

WordPress HT Mega plugin <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Gallery Justify vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin HT Mega versions = 2.5.0...

WordPress Prime Slider - Addons For Elementor plugin <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget vulnerability

WordPress Prime Slider - Addons For Elementor plugin = 3.14.1 - Authenticated Contributor+ Stored Cross-Site Scripting via Pagepiling Widget vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Prime Slider – Addons For Elementor versions = 3.14.1...

WordPress Import and export users and customers plugin <= 1.26.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by quanhx in WordPress Plugin Import and export users and customers versions = 1.26.6.1...

WordPress Combo Blocks plugin <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Block Attribute vulnerability discovered by stealthcopter in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.80...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Back to Top Widget vulnerability discovered by wesley wcraft in WordPress Plugin Royal Elementor Addons versions = 1.3.975...

WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Typer Effect vulnerability discovered by Webbernaut in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.37...

WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Timer vulnerability discovered by Webbernaut in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.36...

WordPress Piotnet Addons For Elementor plugin <= 2.4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widget Attributes vulnerability discovered by stealthcopter in WordPress Plugin Piotnet Addons For Elementor versions = 2.4.28...

WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting in Multiple Widgets vulnerability discovered by stealthcopter in WordPress Plugin themesflat-addons-for-elementor versions = 2.1.2...

WordPress Ultimate Blocks plugin <= 3.1.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Multiple Blocks vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Multiple Blocks vulnerability discovered by Webbernaut in WordPress Plugin Ultimate Blocks versions = 3.1.9...

WordPress Sina Extension for Elementor plugin <= 3.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Sina Extension for Elementor versions = 3.5.3...

WordPress Premium Addons for Elementor plugin <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Fancy Text Widget vulnerability discovered by Webbernaut in WordPress Plugin Premium Addons for Elementor versions = 4.10.31...

WordPress Premium Addons for Elementor plugin <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Global Tooltip vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons for Elementor versions = 4.10.31...

WordPress Happy Addons for Elementor plugin <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Event Calendar Widget vulnerability discovered by stealthcopter in WordPress Plugin Happy Addons for Elementor versions = 3.10.7...

WordPress Elementor Addon Elements plugin <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id and eaeslideranimation Parameters vulnerability discovered by stealthcopter in WordPress Plugin Elementor Addon Elements versions = 1.13.5...

WordPress Essential Addons for Elementor plugin <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Several Widgets vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 5.9.19...

WordPress Essential Addons for Elementor plugin <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' vulnerability discovered by stealthcopter in WordPress Plugin Essential Addons for Elementor versions = 5.9.19...

WordPress FileOrganizer plugin <= 1.0.7 - Sensitive Information Exposure via Directory Listing vulnerability

Sensitive Information Exposure via Directory Listing vulnerability discovered by emad in WordPress Plugin FileOrganizer versions = 1.0.7...

WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin <= 1.6.4 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 1.6.4...

WordPress Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id, oxi_addons_f_title_tag, and content_description_tag Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id, oxiaddonsftitletag, and contentdescriptiontag Parameters vulnerability discovered by stealthcopter in WordPress Plugin Image Hover Effects - Caption Hover with Carousel versions = 3.0.2...

WordPress Happy Addons for Elementor plugin <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Accordion vulnerability discovered by Thanh Nam Tran in WordPress Plugin Happy Addons for Elementor versions = 3.10.9...

WordPress Getwid plugin <= 2.0.10 - Missing Authorization to Google API key update vulnerability

Missing Authorization to Google API key update vulnerability discovered by Peter Thaleikis in WordPress Plugin Getwid versions = 2.0.10...

WordPress SEO Plugin by Squirrly SEO plugin <= 12.3.19 - Authenticated (Contributor+) SQL Injection via url Parameter vulnerability

Authenticated Contributor+ SQL Injection via url Parameter vulnerability discovered by bart in WordPress Plugin SEO Plugin by Squirrly SEO versions = 12.3.19...

WordPress Happy Addons for Elementor plugin <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Thanh Nam Tran in WordPress Plugin Happy Addons for Elementor versions = 3.10.8...

WordPress FluentForm plugin <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Joel Indra - Monarch Digital Indonesia in WordPress Plugin FluentForm versions = 5.1.19...

WordPress FluentForm plugin <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Joel Indra - Monarch Digital Indonesia in WordPress Plugin FluentForm versions = 5.1.19...

WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TP Page Scroll Widget vulnerability discovered by stealthcopter in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.6.2...

WordPress Flamix: Bitrix24 and Contact Form 7 integrations plugin <= 3.1.0 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Flamix: Bitrix24 and Contact Form 7 integrations versions = 3.1.0...

WordPress Elegant Addons for elementor plugin <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets vulnerability discovered by stealthcopter in WordPress Plugin Elegant Addons for elementor versions = 1.0.8...

WordPress Easy Digital Downloads plugin <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via Currency Settings vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Easy Digital Downloads versions = 3.3.2...

WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings vulnerability

WordPress HT Mega - Absolute Addons For Elementor plugin = 2.5.5 - Authenticated Contributor+ Stored Cross-Site Scripting via Video Player Widget Settings vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin HT Mega versions = 2.5.5...

WordPress Post and Page Builder by BoldGrid plugin <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Post and Page Builder by BoldGrid versions = 1.26.6...