WordPress WP Booking Calendar plugin < 10.6.5 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Booking Calendar versions 10.6.5...

WordPress Favicon Generator plugin < 2.1 - Arbitrary File Deletion via CSRF vulnerability

Arbitrary File Deletion via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Favicon Generator versions 2.1...

WordPress Element Pack Elementor Addons plugin < 5.10.3 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Element Pack Elementor Addons versions 5.10.3...

WordPress CubeWP plugin <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php vulnerability

Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php vulnerability discovered by stealthcopter in WordPress Plugin CubeWP versions = 1.1.27...

WordPress Kadence Blocks plugin <= 3.2.53 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.53...

WordPress Paid Memberships Pro plugin < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure vulnerability

Contributor+ Arbitrary User Custom Field Disclosure vulnerability discovered by Scott Kingsley Clark in WordPress Plugin Paid Memberships Pro versions 2.12.9...

WordPress CubeWP plugin <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via cubewpshortcodetaxonomy Shortcode vulnerability discovered by zaim in WordPress Plugin CubeWP versions = 1.1.26...

WordPress Serious Slider plugin <= 1.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Serious Slider versions = 1.2.7...

WordPress HL Twitter plugin <= 2014.1.18 - Unlink Twitter Account via CSRF vulnerability

Unlink Twitter Account via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin HL Twitter versions = 2014.1.18...

WordPress Newsletter Popup plugin <= 1.2 - Subscriber Deletion via CSRF vulnerability

Subscriber Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Newsletter Popup versions = 1.2...

WordPress Newsletter Popup plugin <= 1.2 - List Deletion via CSRF vulnerability

List Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Newsletter Popup versions = 1.2...

WordPress SendPress Newsletters plugin <= 1.23.11.6 - Admin+ Stored XSS via Settings vulnerability

Admin+ Stored XSS via Settings vulnerability discovered by Manab Jyoti Dowarah in WordPress Plugin SendPress Newsletters versions = 1.23.11.6...

WordPress SendPress Newsletters plugin <= 1.23.11.6 - Admin+ Stored XSS via Form Settings vulnerability

Admin+ Stored XSS via Form Settings vulnerability discovered by Manab Jyoti Dowarah in WordPress Plugin SendPress Newsletters versions = 1.23.11.6...

WordPress Pet Manager plugin <= 1.4 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Pet Manager versions = 1.4...

WordPress WooCommerce Customers Manager plugin < 30.1 - Bulk Action via CSRF vulnerability

Bulk Action via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WooCommerce Customers Manager versions 30.1...

WordPress WP Logs Book plugin <= 1.0.1 - Log Clearing via CSRF vulnerability

Log Clearing via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Logs Book versions = 1.0.1...

WordPress Business Card plugin <= 1.0.0 - Card Edit via CSRF vulnerability

Card Edit via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Business Card versions = 1.0.0...

WordPress Business Card plugin <= 1.0.0 - Card Edit via CSRF vulnerability

Card Edit via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Business Card versions = 1.0.0...

WordPress Business Card plugin <= 1.0.0 - Arbitrary Card Deletion via CSRF vulnerability

Arbitrary Card Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Business Card versions = 1.0.0...

WordPress BuddyBoss Platform plugin < 2.6.0 - Subscriber+ Comment on Private Post via IDOR vulnerability

Subscriber+ Comment on Private Post via IDOR vulnerability discovered by Faris Krivic in WordPress Plugin Buddyboss Platform versions 2.6.0...

WordPress Frontend Checklist plugin <= 2.3.2 - Admin+ Stored XSS via Items vulnerability

Admin+ Stored XSS via Items vulnerability discovered by Bob Matyas in WordPress Plugin Frontend Checklist versions = 2.3.2...

WordPress PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin <= 1.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode versions = 1.7...

WordPress Quiz And Survey Master plugin < 9.0.2 - Contributor+ SQLi vulnerability

Contributor+ SQLi vulnerability discovered by Project Black in WordPress Plugin Quiz And Survey Master versions 9.0.2...

WordPress Master Slider plugin < 3.10.0 - CSRF to slider deletion vulnerability

CSRF to slider deletion vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Master Slider versions 3.10.0...

WordPress Ultimate Blocks plugin < 3.2.0 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ultimate Blocks versions 3.2.0...

WordPress Light Poll plugin <= 1.0.0 - Polls Deletion via CSRF vulnerability

Polls Deletion via CSRF vulnerability discovered by Vuln Seeker Cybersecurity Team in WordPress Plugin Light Poll versions = 1.0.0...

WordPress NinjaTeam Header Footer Custom Code plugin <= 1.2 - Admin+ Stored XSS via CSS Styles vulnerability

Admin+ Stored XSS via CSS Styles vulnerability discovered by Bob Matyas in WordPress Plugin NinjaTeam Header Footer Custom Code versions = 1.2...

WordPress Ditty plugin 3.1.39-3.1.45 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Ditty versions 3.1.39-3.1.45...

WordPress SmartSearchWP plugin <= 2.4.4 - Unauthenticated Log Purge vulnerability

Unauthenticated Log Purge vulnerability discovered by Bob Matyas in WordPress Plugin SmartSearch WP versions = 2.4.4...

WordPress WP MultiTasking plugin <= 0.1.12 - Settings Update via CSRF vulnerability

Settings Update via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...

WordPress WP MultiTasking plugin <= 0.1.12 - Welcome Popup Update via CSRF vulnerability

Welcome Popup Update via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...

WordPress WP MultiTasking plugin <= 0.1.12 - Exit Popup Update via CSRF vulnerability

Exit Popup Update via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...

WordPress Secure Copy Content Protection and Content Locking plugin < 4.1.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Secure Copy Content Protection and Content Locking versions 4.1.7...

WordPress TS Poll - Survey, Versus Poll, Image Poll, Video Poll plugin < 2.4.0 - Admin+ SQL Injection vulnerability

WordPress TS Poll - Survey, Versus Poll, Image Poll, Video Poll plugin 2.4.0 - Admin+ SQL Injection vulnerability discovered by Chu Quoc Khanh in WordPress Plugin TS Poll versions 2.4.0...

WordPress MaxButtons plugin < 9.8.1 - Admin+ Stored XSS via Text Color vulnerability

Admin+ Stored XSS via Text Color vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin MaxButtons versions 9.8.1...

WordPress RSS Feed Widget plugin < 3.0.0 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin RSS Feed Widget versions 3.0.0...

WordPress LearnPress plugin < 4.2.7.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin LearnPress versions 4.2.7.2...

WordPress Relevanssi Premium plugin < 2.29.0 - Contributor+ SQLi vulnerability

Contributor+ SQLi vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Relevanssi Premium versions 2.29.0...

WordPress OSM plugin <= 6.1.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin OSM versions = 6.1.12...

WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 16.011.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Knowledge Base for Documentation, FAQs with AI Assistance versions = 16.011.0...

WordPress PublishPress Revisions plugin <= 3.7.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by lilmingwa13 in WordPress Plugin PublishPress Revisions versions = 3.7.22...

WordPress YITH WooCommerce Ajax Search plugin < 2.7.1 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by John Castro in WordPress Plugin YITH WooCommerce Ajax Search versions 2.7.1...

WordPress Relevanssi plugin < 4.26.0 - Contributor+ SQLi vulnerability

Contributor+ SQLi vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Relevanssi versions 4.26.0...

WordPress Frontend File Manager plugin < 23.5 - Subscriber+ Arbitrary File Deletion vulnerability

Subscriber+ Arbitrary File Deletion vulnerability discovered by Gregory Allegoet & Bakir Tuči in WordPress Plugin Frontend File Manager versions 23.5...

WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin The Grid versions 2.8.0...

WordPress KindlyCare theme <= 1.6.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme KindlyCare versions = 1.6.1...

WordPress WP Job Manager plugin <= 2.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tristan Jay Neale in WordPress Plugin WP Job Manager versions = 2.4.0...

WordPress Booked plugin <= 3.0.0 - Account Takeover vulnerability

Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Booked versions = 3.0.0...

WordPress Capella theme <= 2.5.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Capella versions = 2.5.5...

WordPress Easy Hotel Booking plugin <= 1.8.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Easy Hotel Booking versions = 1.8.8...