WordPress FluentForm plugin <= 6.1.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin FluentForm versions = 6.1.14...

WordPress Kentha Elementor Widgets plugin < 3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Kentha Elementor Widgets versions 3.1...

WordPress Omnipress plugin <= 1.6.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by theviper17 in WordPress Plugin Omnipress versions = 1.6.7...

WordPress Wired Impact Volunteer Management plugin <= 2.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hhhai in WordPress Plugin Wired Impact Volunteer Management versions = 2.8...

WordPress Protección de datos – RGPD plugin <= 0.68 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Protección de datos RGPD versions = 0.68...

WordPress Integrate Google Drive plugin <= 1.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Integrate Google Drive versions = 1.5.6...

WordPress Download After Email plugin <= 2.1.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Download After Email versions = 2.1.9...

WordPress WP Term Order plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin WP Term Order versions = 2.1.0...

WordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Nabil Irawan in WordPress Plugin WP Job Portal versions = 2.4.3...

WordPress Materialis Companion plugin <= 1.3.52 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Materialis Companion versions = 1.3.52...

WordPress HD Quiz plugin <= 2.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin HD Quiz versions = 2.0.9...

WordPress WPElemento Importer plugin <= 0.6.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WPElemento Importer versions = 0.6.4...

WordPress Moderate Selected Posts plugin <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Moderate Selected Posts versions = 1.4...

WordPress All-in-One Video Gallery plugin 4.1.0-4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited User Meta Update vulnerability discovered by kr0d in WordPress Plugin All-in-One Video Gallery versions 4.1.0-4.6.4...

WordPress CM CSS Columns plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'tag' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin CM CSS Columns versions = 1.2.1...

WordPress AdminQuickbar plugin <= 1.9.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Lior Yeshayahu in WordPress Plugin AdminQuickbar versions = 1.9.3...

WordPress Canto Testimonials plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin Canto Testimonials versions = 1.0...

WordPress GZSEO plugin <= 2.0.11 - Authenticated (Contributor+) Authorization Bypass to Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Authorization Bypass to Stored Cross-Site Scripting vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin GZSEO versions = 2.0.11...

WordPress WP-ClanWars plugin <= 2.0.1 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter vulnerability

Authenticated Administrator+ SQL Injection via 'orderby' Parameter vulnerability discovered by 0x34rth in WordPress Plugin WP-ClanWars versions = 2.0.1...

WordPress Login Page Editor plugin <= 1.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Login Page Editor versions = 1.2...

WordPress ThemeRuby Multi Authors plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' and 'after' Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'before' and 'after' Shortcode Attributes vulnerability discovered by zaim in WordPress Plugin ThemeRuby Multi Authors versions = 1.0.0...

WordPress Wizit Gateway for WooCommerce plugin <= 1.2.9 - Missing Authentication to Unauthenticated Arbitrary Order Cancellation vulnerability

Missing Authentication to Unauthenticated Arbitrary Order Cancellation vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Wizit Gateway for WooCommerce versions = 1.2.9...

WordPress Latest Post Shortcode plugin <= 14.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Latest Post Shortcode versions = 14.2.0...

WordPress Set Bulk Post Categories plugin <= 1.1 - Cross-Site Request Forgery to Bulk Post Category Update vulnerability

Cross-Site Request Forgery to Bulk Post Category Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Set Bulk Post Categories versions = 1.1...

WordPress Alex User Counter plugin <= 6.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Alex User Counter versions = 6.0...

WordPress Alpha Blocks plugin <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alpha_block_css' Post Meta vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'alphablockcss' Post Meta vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Alpha Blocks versions = 1.5.0...

WordPress Star Review Manager plugin <= 1.2.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Star Review Manager versions = 1.2.2...

WordPress Administrative Shortcodes plugin <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes vulnerability discovered by zaim in WordPress Plugin Administrative Shortcodes versions = 0.3.4...

WordPress Administrative Shortcodes plugin <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute vulnerability

Authenticated Contributor+ Local File Inclusion via 'slug' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Administrative Shortcodes versions = 0.3.4...

WordPress ZT Captcha plugin <= 1.0.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin ZT Captcha versions = 1.0.4...

WordPress Cookie consent for developers plugin <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Multiple Settings Fields vulnerability discovered by 0x34rth in WordPress Plugin Cookie consent for developers versions = 1.7.1...

WordPress Wise Analytics plugin <= 1.1.9 - Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter vulnerability discovered by Lior Yeshayahu in WordPress Plugin Wise Analytics versions = 1.1.9...

WordPress AIKTP plugin <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions vulnerability

Missing Authorization to Authenticated Subscriber+ Multiple Administrator Actions vulnerability discovered by Os in WordPress Plugin AIKTP versions = 5.0.04...

WordPress WP Youtube Video Gallery plugin <= 1.0 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin WP Youtube Video Gallery versions = 1.0...

WordPress Alchemist Ajax Upload plugin <= 1.1 - Missing Authorization to Unauthenticated Arbitrary Media File Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Media File Deletion vulnerability discovered by ChamlaVic in WordPress Plugin Alchemist Ajax Upload versions = 1.1...

WordPress Same Category Posts plugin <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Widget Title Placeholder vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Same Category Posts versions = 1.1.19...

WordPress VK Google Job Posting Manager plugin <= 1.2.20 - Authenticated (Author+) Stored Cross-Site Scripting via Job Description Field vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Job Description Field vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin VK Google Job Posting Manager versions = 1.2.20...

WordPress Simple Crypto Shortcodes plugin <= 1.0.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Simple Crypto Shortcodes versions = 1.0.2...

WordPress Happy Addons for Elementor plugin <= 3.20.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by knani alaaeddine iwd in WordPress Plugin Happy Addons for Elementor versions = 3.20.4...

WordPress Sunshine Photo Cart plugin <= 3.5.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Sunshine Photo Cart versions = 3.5.7.2...

WordPress Radio Player plugin <= 2.0.91 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Radio Player versions = 2.0.91...

WordPress GeoDirectory plugin <= 2.8.149 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin GeoDirectory versions = 2.8.149...

WordPress Blockons plugin <= 1.2.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Blockons versions = 1.2.15...

WordPress Monetag Official Plugin plugin <= 1.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Monetag Official Plugin versions = 1.1.3...

WordPress Coven Core plugin <= 1.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Coven Core versions = 1.3...

WordPress PeakShops theme <= 1.5.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PeakShops versions = 1.5.9...

WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Que Thanh Tuan in WordPress Plugin Advanced WooCommerce Product Sales Reporting versions = 4.1.2...

WordPress Melapress Role Editor plugin <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment vulnerability

Improper Authorization to Authenticated Subscriber+ Privilege Escalation via Secondary Role Assignment vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Melapress Role Editor versions = 1.1.1...

WordPress Extensions For CF7 plugin <= 3.4.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Nabil Irawan in WordPress Plugin Extensions For CF7 versions = 3.4.0...

WordPress BuddyPress plugin <= 14.3.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin BuddyPress versions = 14.3.3...