WordPress Endless Scroll plugin <= 1.0.0 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability discovered by MAJidox in WordPress Plugin Endless Scroll versions = 1.0.0...

WordPress GBI To Print plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin GBI To Print versions = 1.0...

WordPress GNTT Post Title Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin GNTT Post Title Ticker versions = 1.0...

WordPress Cryptocurrency Prijsvergelijking Widget plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Cryptocurrency Prijsvergelijking Widget versions = 1.0...

WordPress Genzel breadcrumbs plugin <= 1.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin Genzel breadcrumbs versions = 1.2...

WordPress Old Posts Highlighter plugin <= 1.0.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Old Posts Highlighter versions = 1.0.3...

WordPress My Email Shortcode plugin <= 0.91 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability discovered by zakaria in WordPress Plugin My Email Shortcode versions = 0.91...

WordPress faq shortocde plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin faq shortocde versions = 1.0...

WordPress ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin plugin <= 3.3.8 - WooCommerce Builder for Elementor & Gutenberg <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

All-in-One WooCommerce Growth & Store Enhancement Plugin plugin = 3.3.8 - WooCommerce Builder for Elementor & Gutenberg = 3.3.8 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ammonia - UC SANTA BARBARA in WordPress Plugin ShopLentor versions = 3.3.8...

WordPress CM Ad Changer – A simple tool to control and optimize your site's banners plugin <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion vulnerability

Cross-Site Request Forgery to Campaign Deletion vulnerability discovered by jamaal in WordPress Plugin CM Ad Changer versions = 2.0.7...

WordPress Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by NumeX in WordPress Plugin Yoast SEO versions = 26.5...

WordPress Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Animation Addons for Elementor versions = 2.6.3...

WordPress Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Animation Addons for Elementor versions = 2.6.3...

WordPress Splide Carousel Block plugin <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Splide Carousel Block versions = 1.7.1...

WordPress Geo Mashup plugin <= 1.13.19 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by she11f in WordPress Plugin Geo Mashup versions = 1.13.19...

WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.11.5 - Unauthenticated Denial of Service vulnerability

Unauthenticated Denial of Service vulnerability discovered by luckybuddy in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.5...

WordPress Style Kits for Elementor plugin <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Style Kits versions = 2.5.0...

WordPress Modula Image Gallery plugin <= 2.14.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Modula Image Gallery versions = 2.14.23...

WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ChuongVN in WordPress Plugin Paid Videochat Turnkey Site versions = 7.3.23...

WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ChuongVN in WordPress Plugin Paid Videochat Turnkey Site versions = 7.3.23...

WordPress RepairBuddy plugin <= 4.1121 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin RepairBuddy versions = 4.1121...

WordPress Geo Mashup plugin <= 1.13.18 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Geo Mashup versions = 1.13.18...

WordPress Medeus theme <= 1.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Medeus versions = 1.14...

WordPress Top Dog theme <= 1.0.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Top Dog versions = 1.0.5...

WordPress Quirky theme <= 1.23 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Quirky versions = 1.23...

WordPress Putter theme <= 1.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Putter versions = 1.17...

WordPress Dom theme <= 1.24 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Dom versions = 1.24...

WordPress Gat theme <= 1.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gat versions = 1.16...

WordPress Preservation theme <= 1.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Preservation versions = 1.10...

WordPress Mission theme <= 1.22 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Mission versions = 1.22...

WordPress Abelle theme <= 1.22 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Abelle versions = 1.22...

WordPress Kelly Young theme <= 1.1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Kelly Young versions = 1.1.0...

WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SweetDate Core versions 1.1.5...

WordPress Car Zone theme <= 3.7 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Car Zone versions = 3.7...

WordPress Wanium theme <= 1.9.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wanium versions = 1.9.8...

WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme <= 3.1.3 - PHP Object Injection vulnerability

WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme = 3.1.3 - PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Theme Entrepreneur - Booking for Small Businesses WordPress Theme versions = 3.1.3...

WordPress JobCareer theme <= 7.3 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Denver Jackson in WordPress Theme JobCareer versions = 7.3...

WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Plumbing versions = 1.6...

WordPress SeaFood Company theme <= 1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme SeaFood Company versions = 1.4...

WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Reisen versions = 1.4.1...

WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Hot Coffee versions = 1.7...

WordPress Qreatix theme <= 1.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Qreatix versions = 1.9.4...

WordPress Felan Framework plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Felan Framework versions = 1.1.3...

WordPress Nyla theme <= 1.7 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nyla versions = 1.7...

WordPress WpEvently plugin <= 5.3.3 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by dodoh4t in WordPress Plugin WpEvently versions = 5.3.3...

WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin Realtyna Organic IDX plugin versions = 5.1.0...

WordPress SW Core plugin <= 1.7.18 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SW Core versions = 1.7.18...

WordPress Mayosis Core plugin <= 5.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Mayosis Core versions = 5.4.7...

WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability

WordPress Events Schedule - WordPress Events Calendar Plugin plugin = 2.7.2 - SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Events Schedule - WordPress Events Calendar Plugin versions = 2.7.2...

WordPress Genemy theme <= 1.6.6 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Genemy versions = 1.6.6...