AI Engine: ChatGPT Chatbot | Unauthenticated Cross-Site Scripting (XSS) |
Anti-Malware Security and Brute-Force Firewall | Unauthenticated Predictable Nonce BruteForce Leading to Remote Code Execution (RCE) |
ARMember | Unauthenticated PHP Object Injection |
Automatic | Unauthenticated Arbitrary SQL Execution |
Automatic | Unauthenticated Arbitrary File Download and SSRF |
Avada Theme | Unauthenticated Sensitive Information Exposure via Form Upload (BAC) Directory Listing |
Backup and Restore WordPress | Unauthenticated Private Data Exposure |
BetterDocs | Unauthenticated PHP Object Injection |
Bit Form – Contact Form Plugin | Unauthenticated Insecure Direct Object Reference to Form Submission Alteration |
BuddyForms | Missing Authorization (BAC) to Unauthenticated Media Deletion (BAC) |
BuddyForms | Missing Authorization (BAC) to Unauthenticated Media Upload (BAC) |
Calculated Fields Form | Unauthenticated Cross-Site Scripting (XSS) |
Check & Log Email | Unauthenticated Hook Injection |
Contact Forms by Cimatti | Unauthenticated Cross-Site Scripting (XSS) |
Create by Mediavine | Unauthenticated SQL Injection (SQLi) via ‘id’ |
CRM Perks Forms | Unauthenticated SQL Injection (SQLi) |
Database for Contact Form 7 | Unauthenticated Cross-Site Scripting (XSS) |
Enjoy Social Feed plugin for WordPress website | Unauthenticated Arbitrary Instagram Account Unlinking |
EventPrime | Unauthenticated Cross-Site Scripting (XSS) |
Everest Forms | Unauthenticated ServerSide Request Forgery via font_url |
Extensions For CF7 | Unauthenticated Cross-Site Scripting (XSS) |
Finale Lite | Missing Authorization (BAC) to Unauthenticated System Private Information Disclosure |
Giveaways and Contests by RafflePress | Unauthenticated Cross-Site Scripting (XSS) |
HT Easy GA4 ( Google Analytics 4 ) | Missing Authorization (BAC) to Unauthenticated GA Email Update (BAC) |
Malware Scanner | Unauthenticated Privilege Escalation |
Network Summary | Unauthenticated SQL Injection (SQLi) |
Newsmatic Theme | Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content |
NextMove Lite | Missing Authorization (BAC) to Unauthenticated System Private Information Disclosure |
Order Tip for WooCommerce | Missing Authorization (BAC) to Unauthenticated Data Export |
Otter Blocks PRO | Unauthenticated Cross-Site Scripting (XSS) via SVG Upload (BAC) |
Pie Register | Unauthenticated Arbitrary File Upload (BAC) |
Radio Player | Unauthenticated Broken Access Control |
Seriously Simple Podcasting | Unauthenticated Administrator Email Private Information Disclosure |
Simple Ajax Chat | Unauthenticated Cross-Site Scripting (XSS) |
Simple Job Board | Unauthenticated PHP Object Injection via Job Application Fields |
Simple Membership | Unauthenticated Cross-Site Scripting (XSS) |
SportsPress – Sports Club & League Manager | Missing Authorization (BAC) to Unauthenticated Event Permalink Update (BAC) |
Ultimate Gift Cards For WooCommerce | Missing Authorization (BAC) to Unauthenticated Information Exposure |
Ultimate Member | Unauthenticated Cross-Site Scripting (XSS) |
User Registration | Unauthenticated Cross-Site Scripting (XSS) |
Web Application Firewall – website security | Unauthenticated Privilege Escalation |
Website Article Monetization By MageNet | Unauthenticated Cross-Site Scripting (XSS) |
weForms | Unauthenticated Cross-Site Scripting (XSS) via Referer |
Wholesale For WooCommerce | Unauthenticated Private Data Exposure |
WholesaleX | Unauthenticated Privilege Escalation |
WholesaleX | Unauthenticated PHP Object Injection |
WooCommerce Cloak Affiliate Links | Missing Authorization (BAC) to Unauthenticated Permalink Modification |
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | Unauthenticated Cross-Site Scripting (XSS) |
WP Compress – Image Optimizer [All-In-One] | Missing Authorization (BAC) to Unauthenticated CDN Modification |
WP Migrate | Unauthenticated PHP Object Injection |
Wp Social | Missing Authorization (BAC) to Unauthenticated Social Login/Share Status Update (BAC) |
WP Statistics | Unauthenticated Cross-Site Scripting (XSS) |
WP Travel Engine | Unauthenticated SQL Injection (SQLi) |
Youzify Buddypress Moderation | Unauthenticated Cross-Site Scripting (XSS) |