WordPress All-in-One Video Gallery plugin <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion vulnerability

Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion vulnerability discovered by andrea bocchetti in WordPress Plugin All-in-One Video Gallery versions = 4.6.4...

WordPress weDocs plugin <= 2.1.16 - Missing Authorization to Authenticated (Subscriber+) Documentation Post Update vulnerability

Missing Authorization to Authenticated Subscriber+ Documentation Post Update vulnerability discovered by blue0x1 in WordPress Plugin weDocs versions = 2.1.16...

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'lwcontentblock' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.36...

WordPress Schema & Structured Data for WP & AMP plugin <= 1.54 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via User Custom Schema vulnerability discovered by type5afe in WordPress Plugin Schema & Structured Data for WP & AMP versions = 1.54...

WordPress KiviCare - Clinic & Patient Management System (EHR) plugin <= 3.6.15 - Missing Authorization to Unauthenticated Limited Arbitrary File Upload vulnerability

WordPress KiviCare - Clinic & Patient Management System EHR plugin = 3.6.15 - Missing Authorization to Unauthenticated Limited Arbitrary File Upload vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin KiviCare versions = 3.6.15...

WordPress RSS Aggregator plugin <= 5.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wp-rss-aggregator Shortcode vulnerability discovered by zaim in WordPress Plugin WP RSS Aggregator versions = 5.0.10...

WordPress Uncanny Automator plugin <= 6.10.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin Uncanny Automator versions = 6.10.0.2...

WordPress amr cron manager plugin <= 2.3 - Reflecte dCross Site Scripting (XSS) vulnerability

Reflecte dCross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin amr cron manager versions = 2.3...

WordPress PeakShops theme < 1.5.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PeakShops versions 1.5.9...

WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin UPI QR Code Payment Gateway for WooCommerce versions = 1.5.1...

WordPress LeadConnector plugin <= 3.0.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by YOUSEF MISHAAL ALI in WordPress Plugin LeadConnector versions = 3.0.21...

WordPress Fraud Prevention For Woocommerce plugin <= 2.3.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Fraud Prevention For Woocommerce versions = 2.3.2...

WordPress Traveler theme < 3.2.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Traveler versions 3.2.8...

WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by w41bu1 in WordPress Plugin Eventin versions = 4.1.3...

WordPress Final User plugin <= 1.2.5 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Final User versions = 1.2.5...

WordPress WP Membership plugin <= 1.6.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Membership versions = 1.6.4...

WordPress Grand Spa theme <= 3.5.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Spa versions = 3.5.5...

WordPress Grand Magazine theme <= 3.5.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Magazine versions = 3.5.7...

WordPress WP Membership plugin <= 1.6.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Membership versions = 1.6.4...

WordPress AppExperts plugin <= 1.4.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin AppExperts versions = 1.4.5...

WordPress Real Estate Pro plugin <= 2.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Real Estate Pro versions = 2.1.5...

WordPress ListingHub plugin <= 1.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ListingHub versions = 1.2.7...

WordPress Listihub theme <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Listihub versions = 1.0.6...

WordPress JobBank plugin <= 1.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin JobBank versions = 1.2.3...

WordPress ArtPlacer Widget plugin <= 2.23.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin ArtPlacer Widget versions = 2.23.1...

WordPress Easy Property Listings plugin <= 3.5.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Easy Property Listings versions = 3.5.19...

WordPress fitness-trainer plugin <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin fitness-trainer versions = 1.7.1...

WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Final User versions = 1.2.5...

WordPress Hospital Doctor Directory plugin <= 1.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Hospital Doctor Directory versions = 1.3.9...

WordPress Institutions Directory plugin <= 1.3..4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Institutions Directory versions = 1.3..4...

WordPress Hotel Listing plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Hotel Listing versions = 1.4.2...

WordPress Hospital Doctor Directory plugin <= 1.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Hospital Doctor Directory versions = 1.3.9...

WordPress Hotel Listing plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Hotel Listing versions = 1.4.2...

WordPress Institutions Directory plugin <= 1.3.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Institutions Directory versions = 1.3.4...

WordPress Hospital Doctor Directory plugin <= 1.3.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Hospital Doctor Directory versions = 1.3.9...

WordPress Institutions Directory plugin <= 1.3.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Institutions Directory versions = 1.3.4...

WordPress ElementCamp plugin <= 2.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin ElementCamp versions = 2.3.2...

WordPress LazyTasks plugin <= 1.4.10 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by 0xd4rk5id3 in WordPress Plugin LazyTasks versions = 1.4.10...

WordPress Contact Form 7 GetResponse Extension plugin <= 1.0.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Contact Form 7 GetResponse Extension versions = 1.0.8...

WordPress Lawyer Directory plugin <= 1.3.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Lawyer Directory versions = 1.3.4...

WordPress Lawyer Directory plugin <= 1.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Lawyer Directory versions = 1.3.3...

WordPress Homey Core plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Homey Core versions = 2.4.3...

WordPress ABG Rich Pins plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin ABG Rich Pins versions = 1.1...

WordPress Integration for Contact Form 7 HubSpot plugin <= 1.4.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Integration for Contact Form 7 HubSpot versions = 1.4.3...

WordPress Autoshare for Twitter plugin <= 2.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Autoshare for Twitter versions = 2.3.1...

WordPress Cloudinary plugin <= 3.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Cloudinary versions = 3.3.2...

WordPress FluentBoards plugin <= 1.91.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin FluentBoards versions = 1.91.1...

WordPress Ryviu – Product Reviews for WooCommerce plugin <= 3.1.26 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Ryviu Product Reviews for WooCommerce versions = 3.1.26...

WordPress LifePress plugin <= 2.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin LifePress versions = 2.2.1...

WordPress Textmetrics plugin <= 3.6.4 - Content Injection vulnerability

Content Injection vulnerability discovered by theviper17 in WordPress Plugin Textmetrics versions = 3.6.4...