WordPress Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto plugin <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting vulnerability

WordPress Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto plugin = 1.3.65 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by shark3y in WordPress Plugin Omnichannel for WooCommerce versions = 1.3.65...

WordPress MediaView plugin <= 1.1.2 - Reflected Cross-Site Scripting via id Parameter vulnerability

Reflected Cross-Site Scripting via id Parameter vulnerability discovered by johska in WordPress Plugin MediaView versions = 1.1.2...

WordPress Easy Digital Downloads plugin <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect vulnerability

Unvalidated Redirect in Password Reset Flow via eddredirect vulnerability discovered by shark3y in WordPress Plugin Easy Digital Downloads versions = 3.6.2...

WordPress WP-CalDav2ICS plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin WP-CalDav2ICS versions = 1.3.4...

WordPress MAS Videos plugin <= 1.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin MAS Videos versions = 1.3.4...

WordPress Email Verification for WooCommerce plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Email Verification for WooCommerce versions = 3.0.2...

WordPress Appointify plugin <= 1.0.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xVenus in WordPress Plugin Appointify versions = 1.0.8...

WordPress WING WordPress Migrator plugin <= 1.1.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Tran Tuan Dung domiee13 in WordPress Plugin WING WordPress Migrator versions = 1.1.9...

WordPress WPCal.io plugin <= 0.9.5.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin WPCal.io versions = 0.9.5.9...

WordPress SiteLock Security plugin <= 5.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin SiteLock Security – WP Hardening, Login Security & Malware Scans versions = 5.0.1...

WordPress Import into Easy Property Listings plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Import into Easy Property Listings versions = 2.2.1...

WordPress Yada Wiki plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Yada Wiki versions = 3.5...

WordPress Featured Video for WordPress – VideographyWP plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Video for WordPress VideographyWP versions = 1.0.18...

WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.0.3...

WordPress WBC907 Core plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WBC907 Core versions = 3.4.1...

WordPress XStore Core plugin < 5.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin XStore Core versions 5.6...

WordPress Ultimate Store Kit Elementor Addons plugin <= 2.9.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 2.9.4...

WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability

WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme = 1.3 - Cross Site Request Forgery CSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PawFriends - Pet Shop and Veterinary WordPress Theme versions = 1.3...

WordPress SearchAzon plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin SearchAzon versions = 1.4...

WordPress Wordpress Movies Bulk Importer plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Wordpress Movies Bulk Importer versions = 1.0...

WordPress Registration & Login with Mobile Phone Number for WooCommerce plugin <= 1.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Registration & Login with Mobile Phone Number for WooCommerce versions = 1.3.1...

WordPress Electrician - Electrical Service WordPress theme <= 5.6 - Server Side Request Forgery (SSRF) vulnerability

WordPress Electrician - Electrical Service WordPress theme = 5.6 - Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Theme Electrician - Electrical Service WordPress versions = 5.6...

WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Universal Video Player versions = 3.8.4...

WordPress Overworld theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Overworld versions = 1.3...

WordPress Töbel theme <= 1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Töbel versions = 1.6...

WordPress MaxShop theme <= 3.6.20 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme MaxShop versions = 3.6.20...

WordPress iRecco Core plugin <= 1.3.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin iRecco Core versions = 1.3.6...

WordPress FooEvents for WooCommerce plugin <= 1.20.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin FooEvents for WooCommerce versions = 1.20.4...

WordPress Vango theme <= 1.3.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Vango versions = 1.3.3...

WordPress Rashy theme <= 1.1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Rashy versions = 1.1.3...

WordPress Lindo theme <= 1.2.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Lindo versions = 1.2.5...

WordPress Dekoro theme <= 1.0.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Dekoro versions = 1.0.7...

WordPress Bfres theme <= 1.2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Bfres versions = 1.2.1...

WordPress Bailly theme <= 1.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Bailly versions = 1.3.4...

WordPress Hyori theme <= 1.3.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Hyori versions = 1.3.6...

WordPress Pippo theme <= 1.2.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Pippo versions = 1.2.3...

WordPress Tech Life CPT plugin <= 16.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Tech Life CPT versions = 16.4...

WordPress Sunshine Photo Cart plugin <= 3.5.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Sunshine Photo Cart versions = 3.5.7.1...

WordPress Dental Care CPT plugin <= 20.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Dental Care CPT versions = 20.2...

WordPress Lekker theme <= 1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Lekker versions = 1.8...

WordPress Team Showcase plugin <= 2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Team Showcase versions = 2.9...

WordPress Simple XML Sitemap plugin <= 1.3 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Skalucy in WordPress Plugin Simple XML Sitemap versions = 1.3...

WordPress Advance WP Query Search Filter plugin <= 1.0.10 - Reflected XSS via taxo_ajax vulnerability

Reflected XSS via taxoajax vulnerability discovered by Yevgen Goncharuk in WordPress Plugin Advance WP Query Search Filter versions = 1.0.10...

WordPress Advance WP Query Search Filter plugin <= 1.0.10 - Reflected XSS via counter vulnerability

Reflected XSS via counter vulnerability discovered by Yevgen Goncharuk in WordPress Plugin Advance WP Query Search Filter versions = 1.0.10...

WordPress Free Shipping Bar: Amount Left for Free Shipping for WooCommerce plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Free Shipping Bar: Amount Left for Free Shipping for WooCommerce versions = 2.4.9...

WordPress AweBooking plugin <= 3.2.26 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by NumeX in WordPress Plugin AweBooking versions = 3.2.26...

WordPress Sell Downloads plugin <= 1.1.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Sell Downloads versions = 1.1.12...

WordPress Payment Gateway Authorize.Net CIM for WooCommerce plugin <= 2.1.2 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Payment Gateway Authorize.Net CIM for WooCommerce versions = 2.1.2...

WordPress CodeColorer plugin <= 0.10.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin CodeColorer versions = 0.10.1...

WordPress WP-BusinessDirectory plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP-BusinessDirectory versions = 4.0.0...