WordPress Frontend File Manager plugin plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary File Sharing via 'fileid' Parameter vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Frontend File Manager versions = 23.5...

WordPress Bitcoin Donate Button plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Bitcoin Donate Button versions = 1.0...

WordPress Recooty plugin <= 1.0.6 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by omer yeshayahu in WordPress Plugin Recooty versions 1.0.1-1.0.6...

WordPress Change WP URL plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Change WP URL versions = 1.0...

WordPress imwptip plugin <= 1.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin imwptip versions = 1.1...

WordPress WP Google Ad Manager Plugin plugin <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Admin Settings vulnerability discovered by Abdualrhman Muzamil - 0bytes in WordPress Plugin WP Google Ad Manager versions = 1.1.0...

WordPress Rupantorpay plugin <= 2.0.0 - Missing Authorization to Unauthenticated Order Status Modification vulnerability

Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Rupantorpay versions = 2.0.0...

WordPress BlockArt Blocks plugin <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin BlockArt Blocks versions = 2.2.14...

WordPress Order Minimum/Maximum Amount Limits for WooCommerce plugin <= 4.6.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Hide Add to Cart Content Fields vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting via Hide Add to Cart Content Fields vulnerability discovered by whizzu in WordPress Plugin Order Minimum/Maximum Amount Limits for WooCommerce versions = 4.6.8...

WordPress Ivory Search plugin <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'menugcse' and 'nothingfoundtext' Parameters vulnerability discovered by JongHwan Shin zzzsleep in WordPress Plugin Ivory Search versions = 5.5.13...

WordPress Document Embedder plugin <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary Document Library Entry Deletion vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Document Embedder versions = 2.0.4...

WordPress Simple calendar for Elementor plugin <= 1.6.6 - Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Simple calendar for Elementor versions = 1.6.6...

WordPress RegistrationMagic plugin <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Settings Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin RegistrationMagic versions = 6.0.7.4...

WordPress Interactions plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Interactions versions = 1.3.1...

WordPress Buy Now Plus plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Buy Now Plus versions = 1.0.2...

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export vulnerability

Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export vulnerability discovered by Teerachai Somprasong in WordPress Plugin Contact Form Entries versions = 1.4.5...

WordPress WPBITS Addons For Elementor plugin <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin WPBITS Addons For Elementor Page Builder versions = 1.8...

WordPress Forms Bridge plugin <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Forms Bridge versions = 4.2.5...

WordPress Simple Folio plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simple Folio versions = 1.1.1...

WordPress TableMaster for Elementor plugin <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter vulnerability

Authenticated Author+ Server-Side Request Forgery via 'csvurl' Parameter vulnerability discovered by WordFence in WordPress Plugin TableMaster for Elementor versions = 1.3.6...

WordPress Target Video Easy Publish plugin <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder_img Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via placeholderimg Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Target Video Easy Publish versions = 3.8.8...

WordPress Appointment Hour Booking plugin <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration vulnerability discovered by ALockWooD in WordPress Plugin Appointment Hour Booking versions = 1.5.60...

WordPress Easy Replace Image plugin <= 3.5.2 - Missing Authorization to Authenticated (Contributor+) Arbitrary Attachment Replacement vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Attachment Replacement vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Easy Replace Image versions = 3.5.2...

WordPress Crete Core plugin <= 1.4.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Crete Core versions = 1.4.3...

WordPress HAPPY plugin <= 1.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin HAPPY versions = 1.0.8...

WordPress DesignThemes Core Features plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Core Features versions = 2.3...

WordPress Simple Archive Generator plugin <= 5.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xVenus in WordPress Plugin Simple Archive Generator versions = 5.2...

WordPress Widget Logic Visual plugin <= 1.52 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Widget Logic Visual versions = 1.52...

WordPress Allmart plugin <= 1.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Allmart versions = 1.1...

WordPress Leadpages plugin <= 1.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Leadpages versions = 1.1.3...

WordPress JobBoard Job listing plugin <= 1.2.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by MyungJu Kim in WordPress Plugin JobBoard Job listing versions = 1.2.8...

WordPress FeedWordPress Advanced Filters plugin <= 0.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin FeedWordPress Advanced Filters versions = 0.6.2...

WordPress PhotoMe theme <= 5.6.11 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PhotoMe versions = 5.6.11...

WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ModelTheme Addons for WPBakery and Elementor versions 1.5.6...

WordPress Oxygen theme <= 6.0.8 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Oxygen versions = 6.0.8...

WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Theme WPJobster versions = 6.3.5...

WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Theme WPJobster versions = 6.3.5...

WordPress Membee Login plugin <= 2.3.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Membee Login versions = 2.3.6...

WordPress ConveyThis plugin <= 269.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin ConveyThis versions = 269.6...

WordPress aDirectory plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin aDirectory versions = 3.0.3...

WordPress WPLegalPages plugin <= 3.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin WPLegalPages versions = 3.5.4...

WordPress AhaChat Messenger Marketing plugin <= 1.1 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Rapid0nion in WordPress Plugin AhaChat Messenger Marketing versions = 1.1...

WordPress Sunshine Photo Cart plugin <= 3.5.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Sunshine Photo Cart versions = 3.5.6.2...

WordPress eDS Responsive Menu plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin eDS Responsive Menu versions = 1.2...

WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Asynchronous Javascript versions = 1.3.5...

WordPress Mopinion Feedback Form plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Mopinion Feedback Form versions = 1.1.1...

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.5...

WordPress Gauge theme <= 6.56.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Gauge versions = 6.56.4...

WordPress Slimstat Analytics plugin <= 5.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by mcdruid in WordPress Plugin Slimstat Analytics versions = 5.3.2...

WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Prague versions = 2.2.8...