WordPress WP Popups plugin <= 2.2.0.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin WP Popups versions = 2.2.0.5...

WordPress Penci Filter Everything plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Filter Everything versions = 1.7...

WordPress Penci Podcast plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Podcast versions = 1.7...

WordPress Penci Recipe plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Recipe versions = 4.1...

WordPress Easy Modal plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Doan Dinh Van in WordPress Plugin Easy Modal versions = 2.1.0...

WordPress Live sales notification for WooCommerce plugin <= 2.3.46 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Live sales notification for WooCommerce versions = 2.3.46...

WordPress PopCash.Net Code Integration Tool plugin <= 1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin PopCash.Net Code Integration Tool versions = 1.8...

WordPress HurryTimer plugin <= 2.14.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by benzdeus in WordPress Plugin HurryTimer versions = 2.14.2...

WordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Post Expirator versions = 4.9.3...

WordPress Amelia plugin <= 1.2.38 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Amelia versions = 1.2.38...

WordPress Penci Shortcodes & Performance plugin <= 6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Shortcodes & Performance versions = 6.1...

WordPress Soledad theme <= 8.7.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Soledad versions = 8.7.2...

WordPress RegistrationMagic plugin <= 6.0.6.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by 0xd4rk5id3 in WordPress Plugin RegistrationMagic versions = 6.0.6.9...

WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for WPBakery versions = 5.11.0...

WordPress Landing Page Builder plugin <= 1.5.3.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by savphill in WordPress Plugin Landing Page Builder versions = 1.5.3.4...

WordPress Creator LMS plugin <= 1.1.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Creator LMS versions = 1.1.12...

WordPress Terms descriptions plugin <= 3.4.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mrreee in WordPress Plugin Terms descriptions versions = 3.4.9...

WordPress Suggestion Toolkit plugin <= 5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mrreee in WordPress Plugin Suggestion Toolkit versions = 5.0...

WordPress Neoforum plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mrreee in WordPress Plugin Neoforum versions = 1.0...

WordPress Neoforum plugin <= 1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Mrreee in WordPress Plugin Neoforum versions = 1.0...

WordPress Merge + Minify + Refresh plugin <= 2.14 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mrreee in WordPress Plugin Merge + Minify + Refresh versions = 2.14...

WordPress File Uploads Addon for WooCommerce plugin <= 1.7.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Arif Shaikh in WordPress Plugin File Uploads Addon for WooCommerce versions = 1.7.3...

WordPress Logo Slider plugin <= 4.9.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Logo Slider versions = 4.9.0...

WordPress Trusona for WordPress plugin <= 2.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Trusona for WordPress versions = 2.0.0...

WordPress Copyscape Premium plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mrreee in WordPress Plugin Copyscape Premium versions = 1.4.1...

WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for Elementor versions = 5.11.0...

WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for Elementor versions = 5.11.0...

WordPress User Registration & Membership plugin <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability discovered by theviper17y in WordPress Plugin User Registration versions = 4.4.8...

WordPress Templately plugin <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write vulnerability

Unauthenticated Limited Arbitrary JSON File Write vulnerability discovered by type5afe in WordPress Plugin Templately versions = 3.4.8...

WordPress miniOrange OTP Verification and SMS Notification for WooCommerce plugin <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification vulnerability

Missing Authorization to Unauthenticated Notification Settings Modification vulnerability discovered by Abdualrhman Muzamil - 0bytes in WordPress Plugin miniOrange OTP Verification and SMS Notification for WooCommerce versions = 4.3.8...

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Incorrect Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by theviper17y in WordPress Plugin Blog2Social versions = 8.7.2...

WordPress Autogen Headers Menu plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'headclass' Shortcode Parameter vulnerability discovered by theviper17y in WordPress Plugin Autogen Headers Menu versions = 1.0.1...

WordPress Woodpecker for WordPress plugin <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'formname' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Woodpecker for WordPress versions = 3.0.4...

WordPress PullQuote plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin PullQuote versions = 1.0...

WordPress Contest Gallery plugin <= 28.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by lilmingwa13 in WordPress Plugin Contest Gallery versions = 28.1.1...

WordPress Shortcoder plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thifx in WordPress Plugin Shortcoder versions = 6.5.1...

WordPress YITH WooCommerce Request A Quote plugin <= 2.46.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin YITH WooCommerce Request A Quote versions = 2.46.0...

WordPress Web Accessibility with Max Access plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Akshat Parikh in WordPress Plugin Web Accessibility with Max Access versions = 2.1.0...

WordPress Stylish Cost Calculator plugin <= 8.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Stylish Cost Calculator versions = 8.1.9...

WordPress Rosebud theme <= 1.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rosebud versions = 1.4...

WordPress Stock Manager for WooCommerce plugin < 3.6.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Arif Shaikh in WordPress Plugin Stock Manager for WooCommerce versions 3.6.0...

WordPress Tickera plugin <= 3.5.6.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Tickera versions = 3.5.6.4...

WordPress Delay Redirects plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin Delay Redirects versions = 1.0.0...

WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Better Business Reviews versions = 0.1.1...

WordPress Add Expires Headers & Optimized Minify plugin <= 3.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Add Expires Headers & Optimized Minify versions = 3.1.0...

WordPress Lesson Plan Book plugin <= 1.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Lesson Plan Book versions = 1.3...

WordPress MG AdvancedOptions plugin <= 1.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin MG AdvancedOptions versions = 1.2...

WordPress Top Position Google Finance plugin <= 0.1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Top Position Google Finance versions = 0.1.0...

WordPress Eventin plugin <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' vulnerability

Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'postsettings' vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Eventin versions = 4.0.51...

WordPress Frontend Admin by DynamiApps plugin <= 3.28.23 - Unauthenticated Stored Cross-Site Scripting via 'update_field' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'updatefield' vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.23...