WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Doan Dinh Van in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.7.8...

WordPress Quiz And Survey Master plugin <= 10.3.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by johska in WordPress Plugin Quiz And Survey Master versions = 10.3.4...

WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin <= 3.4.4 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin = 3.4.4 - Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Theklis - Sentrium Security Ltd in WordPress Plugin SupportCandy versions = 3.4.4...

WordPress Ajax Load More - Infinite Scroll, Lazy Load & Load More plugin <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure vulnerability

WordPress Ajax Load More - Infinite Scroll, Lazy Load & Load More plugin = 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure vulnerability discovered by shark3y in WordPress Plugin Ajax Load More versions = 7.8.1...

WordPress Booking Calendar plugin <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure vulnerability

Missing Authorization to Unauthenticated Booking Details Exposure vulnerability discovered by type5afe in WordPress Plugin Booking Calendar versions = 10.14.13...

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Deadbee - NA in WordPress Plugin NEX-Forms versions = 9.1.8...

WordPress Mizan Demo Importer plugin <= 0.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Mizan Demo Importer versions = 0.1.3...

WordPress WP Sync for Notion plugin <= 1.7.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Sync for Notion versions = 1.7.0...

WordPress Atarim plugin <= 4.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Atarim versions = 4.3.1...

WordPress WP Wand plugin <= 1.3.07 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Wand versions = 1.3.07...

WordPress Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress plugin <= 1.4.0 - Open Redirection vulnerability

Open Redirection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Update URLs Quick and Easy way to search old links and replace them with new links in WordPress versions = 1.4.1...

WordPress Hello FSE theme <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Theme Hello FSE versions = 1.0.6...

WordPress Fitness FSE theme <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Theme Fitness FSE versions = 1.0.6...

WordPress Business Roy theme <= 1.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Theme Business Roy versions = 1.1.4...

WordPress Himer theme < 2.1.3 - CSRF While Sending the Invites

CSRF While Sending the Invites vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.3...

WordPress EventON Lite < 2.2.8 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

WordPress EventON < 4.5.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.5...

WordPress Custom Login Page Customizer plugin < 2.5.4 - Unauthenticated Arbitrary Password Reset vulnerability

Unauthenticated Arbitrary Password Reset vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Custom Login Page Customizer versions 2.5.4...

WordPress Himer theme < 2.1.1 - Bypass Poll Voting Restrictions via CSRF vulnerability

Bypass Poll Voting Restrictions via CSRF vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.1...

WordPress The Ultimate Video Player For WordPress plugin < 2.2.3 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Presto Player versions 2.2.3...

WordPress VikBooking plugin < 1.6.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by cyc707 in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions 1.6.8...

WordPress Genesis Blocks plugin < 3.1.3 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Genesis Blocks versions 3.1.3...

WordPress Tutor LMS plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Course Completion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.2...

WordPress PostX plugin < 4.0.2 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin PostX versions 4.0.2...

WordPress All in One SEO plugin < 4.6.1.1 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmtirii Ignatyev in WordPress Plugin All In One SEO Pack versions 4.6.1.1...

WordPress WP Prayer plugin <= 2.0.9 - Email Settings Update via CSRF vulnerability

Email Settings Update via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Prayer versions = 2.0.9...

WordPress WP Prayer plugin <= 2.0.9 - Arbitrary Prayer Deletion via CSRF vulnerability

Arbitrary Prayer Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Prayer versions = 2.0.9...

WordPress Community by PeepSo plugin < 6.3.1.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Community by PeepSo versions 6.3.1.2...

WordPress EventON < 2.2.8 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

WordPress EventON < 4.5.5 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.5...

WordPress EventON plugin < 4.5.9 - Unauthenticated Virtual Event Settings Update vulnerability

Unauthenticated Virtual Event Settings Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.9...

WordPress EventON Lite< 2.2.9 - Unauthenticated Virtual Event Settings Update vulnerability

Unauthenticated Virtual Event Settings Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.9...

WordPress EventON < 2.2.8 - Unauthenticated Virtual Event Password Disclosure vulnerability

Unauthenticated Virtual Event Password Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

WordPress EventON < 4.5.5 - Unauthenticated Virtual Event Password Disclosure vulnerability

Unauthenticated Virtual Event Password Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.5...

WordPress Hunk Companion plugin < 1.9.0 - Unauthenticated Plugin Installation vulnerability

Unauthenticated Plugin Installation vulnerability discovered by Daniel Rodriguez in WordPress Plugin Hunk Companion versions 1.9.0...

WordPress EventON plugin < 4.5.6 - Unauthenticated Arbitrary Post Metadata Update vulnerability

Unauthenticated Arbitrary Post Metadata Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.6...

WordPress EventON < 2.2.8 - Unauthenticated Arbitrary Post Metadata Update vulnerability

Unauthenticated Arbitrary Post Metadata Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

WordPress ConvertForce Popup Builder plugin <= 0.0.7 - Stored Cross-Site Scripting via entrance_animation vulnerability

Stored Cross-Site Scripting via entranceanimation vulnerability discovered by WordFence in WordPress Plugin ConvertForce Popup Builder versions = 0.0.7...

WordPress EventPrime plugin <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API vulnerability

Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by Deadbee - NA in WordPress Plugin EventPrime versions = 4.2.7.0...

WordPress CAS <= 1.0.0 - Unauthenticated SSRF vulnerability

Unauthenticated SSRF vulnerability discovered by Aly Khaled Aly Abd Al-aal in WordPress Theme Cas versions = 1.0.0...

WordPress MediaPress plugin <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Plugin's Shortcode vulnerability discovered by zaim in WordPress Plugin MediaPress versions = 1.6.1...

WordPress Widget Countdown plugin <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Widget Countdown versions = 2.7.7...

WordPress Internal Link Builder plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin's Settings vulnerability discovered by 0x34rth in WordPress Plugin Internal Link Builder versions = 1.0...

WordPress Amelia plugin <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions vulnerability

Missing Authorization to Unauthenticated Multiple AJAX Actions vulnerability discovered by type5afe in WordPress Plugin Amelia versions = 1.2.38...

WordPress Buttons Shortcode and Widget plugin <= 1.16 - Stored XSS via shortcode vulnerability

Stored XSS via shortcode vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Buttons Shortcode and Widget versions = 1.16...

WordPress coreActivity plugin < 2.1 - Unauthenticated IP Spoofing vulnerability

Unauthenticated IP Spoofing vulnerability discovered by Erwan LR WPScan in WordPress Plugin coreActivity: Activity Logging plugin for WordPress versions 2.1...

WordPress ProfilePress plugin < 4.15.15 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin ProfilePress versions 4.15.15...

WordPress CAS <= 1.0.0 - Unauthenticated Arbitrary File Access vulnerability

Unauthenticated Arbitrary File Access vulnerability discovered by Aly Khaled Aly Abd Al-aal in WordPress Theme Cas versions = 1.0.0...

WordPress Photo Gallery by 10Web plugin < 1.8.31 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Photo Gallery by 10Web versions 1.8.31...

WordPress profile-builder plugin < 3.11.9 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by John Castro in WordPress Plugin Profile Builder versions 3.11.9...