WordPress Markup Markdown plugin < 3.20.10 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Markup Markdown versions 3.20.10...

WordPress Ebook Store plugin < 5.8015 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Ebook Store versions 5.8015...

WordPress The Wound theme <= 0.0.1 - Unauthenticated LFI vulnerability

Unauthenticated LFI vulnerability discovered by Aly Khaled in WordPress Theme The Wound versions = 0.0.1...

WordPress Pagelayer plugin < 1.8.8 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Jeewan Kumar Bhatta in WordPress Plugin PageLayer versions 1.8.8...

WordPress Ninja Forms plugin < 3.10.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ninja Forms versions 3.10.1...

WordPress Qi Blocks plugin < 1.4 - Contributor+ Stored XSS vi Countdown Block vulnerability

Contributor+ Stored XSS vi Countdown Block vulnerability discovered by Krugov Artyom in WordPress Plugin Qi Blocks versions 1.4...

WordPress GDPR Cookie Compliance plugin < 4.15.9 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.9...

WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...

WordPress Qi Blocks plugin < 1.4 - Contributor+ Stored XSS via ToC Block vulnerability

Contributor+ Stored XSS via ToC Block vulnerability discovered by Krugov Artyom in WordPress Plugin Qi Blocks versions 1.4...

WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...

WordPress Ninja Forms plugin < 3.10.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Ninja Forms versions 3.10.1...

WordPress WP Maps plugin < 4.7.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Maps versions 4.7.2...

WordPress WP Maps plugin < 4.7.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Maps versions 4.7.2...

WordPress SureForms plugin < 1.4.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SureForms versions 1.4.4...

WordPress Jetpack Boost plugin < 3.4.7 - Admin+ SSRF vulnerability

Admin+ SSRF vulnerability discovered by Miguel Xavier Penha Neto in WordPress Plugin Jetpack Boost versions 3.4.7...

WordPress WP MultiTasking plugin <= 0.1.12 - Header/Footer/Body Script Update via CSRF vulnerability

Header/Footer/Body Script Update via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...

WordPress WP MultiTasking plugin <= 0.1.12 - Permalink Suffix Update via CSRF vulnerability

Permalink Suffix Update via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...

WordPress Joy Of Text Lite - SMS messaging for WordPress plugin <= 2.3.1 - Settings Update via CSRF vulnerability

WordPress Joy Of Text Lite - SMS messaging for WordPress plugin = 2.3.1 - Settings Update via CSRF vulnerability discovered by Guru Raghav Saravanan in WordPress Plugin Joy Of Text Lite versions = 2.3.1...

WordPress Polls CP plugin <= 1.0.75 - Admin+ Stored XSS via Custom Styles vulnerability

Admin+ Stored XSS via Custom Styles vulnerability discovered by Bob Matyas in WordPress Plugin CP Polls versions = 1.0.75...

WordPress WordPress Auction plugin <= 3.7 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WordPress Auction Plugin versions = 3.7...

WordPress AVIF & SVG Uploader plugin <= 1.1.0 - Author+ Stored XSS via SVG Uplaod vulnerability

Author+ Stored XSS via SVG Uplaod vulnerability discovered by Bob Matyas in WordPress Plugin AVIF & SVG Uploader versions = 1.1.0...

WordPress EKC Tournament Manager plugin < 2.2.2 - Delete Tournaments via CSRF vulnerability

Delete Tournaments via CSRF vulnerability discovered by Vuln Seeker Cybersecurity Team in WordPress Plugin EKC Tournament Manager versions 2.2.2...

WordPress Bookit plugin < 2.5.1 - Unauthenticated Settings Update vulnerability

Unauthenticated Settings Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin BookIt versions 2.5.1...

WordPress CYAN Backup plugin < 2.5.3 - Admin+ Stored XSS via Remote Storage Settings vulnerability

Admin+ Stored XSS via Remote Storage Settings vulnerability discovered by Bob Matyas in WordPress Plugin CYAN Backup versions 2.5.3...

WordPress Ultimate Dashboard plugin < 3.8.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Ultimate Dashboard versions 3.8.6...

WordPress Ultimate Dashboard plugin < 3.8.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Ultimate Dashboard versions 3.8.6...

WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...

WordPress Crelly Slider plugin < 1.4.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Crelly Slider versions 1.4.7...

WordPress WP Google Map plugin < 1.9.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP Google Map versions 1.9.4...

WordPress Paid Membership Plugin plugin < 4.15.20 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin ProfilePress versions 4.15.20...

WordPress ProfilePress plugin < 4.15.20 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin ProfilePress versions 4.15.20...

WordPress Top Comments plugin <= 1.0 - Admin+ Stored Cross-Site Scripting vulnerability

Admin+ Stored Cross-Site Scripting vulnerability discovered by Steven Pereira aka Cursed, Anjali Kumari aka HexJello & Muktanand Kale aka Muktimantras in WordPress Plugin Top Comments versions = 1.0...

WordPress Icegram Engage plugin < 3.1.32 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Icegram versions 3.1.32...

WordPress Calculated Fields Form plugin < 5.2.62 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Calculated Fields Form versions 5.2.62...

WordPress Spexo Addons for Elementor plugin <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin Sastra Essential Addons for Elementor versions = 1.0.23...

WordPress SlingBlocks plugin <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin SlingBlocks versions = 1.6.0...

WordPress WP Easy FAQs plugin <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode vulnerability

Authenticated Author+ Stored Cross-Site Scripting via WPEASYFAQ Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Easy FAQs versions = 1.0.5...

WordPress Generic Elements plugin <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Generic Elements versions = 1.2.8...

WordPress Translate This plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via base_lang Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via baselang Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Translate This gTranslate Shortcode versions = 1.0...

WordPress CBX Map for Google Map & OpenStreetMap plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin CBX Map for Google Map & OpenStreetMap versions = 2.0.1...

WordPress Fintelligence Calculator plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Fintelligence Calculator versions = 1.0.3...

WordPress Welcart e-Commerce plugin <= 2.11.20 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Miguel Santareno in WordPress Plugin Welcart e-Commerce versions = 2.11.20...

WordPress Ultimate Classified Listings plugin <= 1.6 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by Gilang - DJ in WordPress Plugin Ultimate Classified Listings versions = 1.6...

WordPress Genesis Blocks plugin < 3.1.4 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Genesis Blocks versions 3.1.4...

WordPress B1.lt for WooCommerce plugin <= 2.2.56 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin B1.lt for WooCommerce versions = 2.2.56...

WordPress IDonate plugin 2.0.0 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via admin_donor_profile_view Function vulnerability

WordPress IDonate plugin 2.0.0 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Sensitive Information Disclosure via admindonorprofileview Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.0.0-2.1.9...

WordPress WP Ghost plugin <= 5.4.01 - Unauthenticated Limited File Read vulnerability

Unauthenticated Limited File Read vulnerability discovered by mikemyers in WordPress Plugin Hide My WP Ghost versions = 5.4.01...

WordPress WPGYM plugin < 67.8.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WPGYM versions 67.8.0...

WordPress Simple User Registration plugin <= 6.3 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Chuck - None in WordPress Plugin Simple User Registration versions = 6.3...

WordPress Redirection for Contact Form 7 plugin <= 3.2.7 - Unauthenticated Arbitrary File Copy via move_file_to_upload vulnerability

Unauthenticated Arbitrary File Copy via movefiletoupload vulnerability discovered by LionTree in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.7...