WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 2.0.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.8...

WordPress Sunshine Photo Cart plugin <= 3.6.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Sunshine Photo Cart versions = 3.6.7...

WordPress SePay Gateway plugin <= 1.1.20 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by ParkHyunWoo in WordPress Plugin SePay Gateway versions = 1.1.20...

WordPress LiteSpeed Cache plugin <= 7.7 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin LiteSpeed Cache versions = 7.7...

WordPress WP Travel Pro plugin <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators vulnerability

Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators vulnerability discovered by Ren Voza in WordPress Plugin WP Travel Pro versions = 10.6.0...

WordPress WooCommerce Infinite Scroll and Ajax Pagination plugin <= 1.8 - Authenticated (Subscriber+) PHP Object Injection vulnerability

Authenticated Subscriber+ PHP Object Injection vulnerability discovered by cuokon in WordPress Plugin WooCommerce Infinite Scroll versions = 1.8...

WordPress Link Whisper Free plugin <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin Link Whisper Free versions = 0.9.0...

WordPress StatCounter – Free Real Time Visitor Stats plugin <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin StatCounter versions = 2.1.1...

WordPress OTP Login With Phone Number, OTP Verification plugin 1.8.50-1.8.60 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by luckybuddy in WordPress Plugin Login with phone number versions 1.8.50-1.8.60...

WordPress WP Maps Pro plugin <= 6.0.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by David Brown in WordPress Plugin Advanced Google Maps versions = 6.0.4...

WordPress Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification vulnerability

Missing Authorization to Unauthenticated Homepage Settings Modification vulnerability discovered by ? in WordPress Plugin Rank Math SEO versions = 1.0.271...

WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.4.9 - Unauthenticated Payment Bypass vulnerability

Unauthenticated Payment Bypass vulnerability discovered by Stranger825 in WordPress Plugin Contact Form 7 – PayPal & Stripe Add-on versions = 2.4.9...

WordPress Frontend Admin by DynamiApps plugin <= 3.28.8 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by ? in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.8...

WordPress Media Library Assistant plugin <= 3.35 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Media LIbrary Assistant versions = 3.35...

WordPress The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.15...

WordPress Automotive Car Dealership Business WordPress Theme theme <= 13.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Mateusz Gierblinski in WordPress Theme Automotive Car Dealership Business versions = 13.4.1...

WordPress Simple Divi Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Divi Shortcode versions = 1.2...

WordPress Breeze Cache plugin <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Breeze versions = 2.5.2...

WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by she11f in WordPress Plugin Smart Online Order for Clover versions = 1.6.0...

WordPress Post Snippets – Custom WordPress Code Snippets Customizer plugin <= 4.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by a1batr0ss in WordPress Plugin Post Snippets versions = 4.0.19...

WordPress Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls plugin <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action vulnerability

Authenticated Subscriber+ Sensitive Information Exposure in 'ayspollgetuserinformation' AJAX Action vulnerability discovered by Satoo Nakano in WordPress Plugin Poll Maker versions = 6.3.7...

WordPress Ads by WPQuads plugin <= 3.0.2 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by Bas Albers in WordPress Plugin Ads by WPQuads versions = 3.0.2...

WordPress SlimStat Analytics plugin <= 5.4.11 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Slimstat Analytics versions = 5.4.11...

WordPress Easy Updates Manager plugin <= 9.0.20 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Easy Updates Manager versions = 9.0.20...

WordPress Login No Captcha reCAPTCHA plugin <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ISMAILSHADOW in WordPress Plugin Login No Captcha reCAPTCHA versions = 1.8.0...

WordPress Independent Analytics – WordPress Analytics Plugin plugin <= 2.14.9 - Unauthenticated Server-Side Request Forgery vulnerability

Unauthenticated Server-Side Request Forgery vulnerability discovered by Kirasec in WordPress Plugin Independent Analytics - Google Analytics Alternative for WordPress versions = 2.14.9...

WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...

WordPress Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin <= 3.4.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Gutenverse versions = 3.4.6...

WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin User Registration versions = 5.1.2...

WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin Broadcast Live Video versions 7.1.3...

WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO in WordPress Plugin AI Engine versions = 3.4.9...

WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by 0xzenko in WordPress Plugin CloudSecure WP Security versions = 1.4.7...

WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Cyrille COQUARD in WordPress Plugin Contact Form by WPForms versions = 1.10.0.4...

WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by devploit in WordPress Plugin Simply Schedule Appointments versions = 1.6.10.6...

WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO in WordPress Plugin Paid Videochat Turnkey Site versions = 7.3.23...

WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by mcdruid in WordPress Plugin Post SMTP versions = 3.6.2...

WordPress Support Ticket Management System plugin <= 1.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO in WordPress Plugin Support Ticket Management System versions = 1.9...

WordPress Grand Car Rental theme <= 3.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Car Rental versions = 3.7...

WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

WordPress Masteriyo - LMS plugin = 2.1.8 - Broken Authentication vulnerability discovered by HieuPenguin in WordPress Plugin Masteriyo - LMS versions = 2.1.8...

WordPress GEO my WP plugin <= 4.5.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by ? in WordPress Plugin GEO my WordPress versions = 4.5.4...

WordPress Views for WPForms plugin <= 3.4.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Views for WPForms versions = 3.4.6...

WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend versions = 3.3.2...

WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin Tainacan versions = 1.0.3...

WordPress Frontend Admin by DynamiApps plugin <= 3.29.2 - Missing Authorization to Authenticated (Subscriber+) Account Takeover vulnerability

Missing Authorization to Authenticated Subscriber+ Account Takeover vulnerability discovered by Tiago Ventura perses in WordPress Plugin Frontend Admin by DynamiApps versions = 3.29.2...

WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.11.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by daroo in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.8...

WordPress Frontend Admin by DynamiApps plugin <= 3.29.2 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Frontend Admin by DynamiApps versions = 3.29.2...

WordPress Advanced IP Blocker plugin <= 8.10.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peng Zhou in WordPress Plugin Advanced IP Blocker versions = 8.10.7...

WordPress Shariff Wrapper plugin <= 4.6.20 - Authenticated (Contributor+) Cross-Site Scripting vulnerability

Authenticated Contributor+ Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Shariff Wrapper versions = 4.6.20...

WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbitrary Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Modification vulnerability discovered by winrace in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.8...

WordPress Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin <= 1.8.40 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Or Benit - MadSec in WordPress Plugin Photo Gallery by 10Web versions = 1.8.40...