BackWPup | Unauthenticated Backup Download (BAC) |
Barcode Scanner with Inventory & Order Manager | Unauthenticated Broken Access Control (BAC) |
Barcode Scanner with Inventory & Order Manager | Unauthenticated Privilege Escalation (BAC) |
Bricksforge | Unauthenticated Arbitrary Email Sending |
Bricksforge | Unauthenticated Arbitrary WordPress Setting Deletion (BAC) |
Bricksforge | Unauthenticated Arbitrary WordPress Settings Change |
Citadela Listing | Unauthenticated Private Data Exposure |
Contact Form Entries | Unauthenticated Cross-Site Scripting (XSS) |
Customily Product Personalizer | Unauthenticated Cross-Site Scripting (XSS) |
Demo My WordPress | Unauthenticated Privilege Escalation (BAC) |
EleForms | Unauthenticated Cross-Site Scripting (XSS) |
Email Subscribers & Newsletters | Unauthenticated SQL Injection (SQLi) |
Essential Addons for Elementor | Unauthenticated Private Private Information Exposure |
Essential Grid | Unauthenticated Private Post Disclosure |
Forminator | Unauthenticated Cross-Site Scripting (XSS) via File Upload (BAC) |
InstaWP Connect | Unauthenticated Arbitrary File Upload (BAC)Patch priority: high Fixed |
Language Translate Widget for WordPress – ConveyThis | Unauthenticated Cross-Site Scripting (XSS) via api_key |
LayerSlider | Unauthenticated SQL Injection (SQLi) |
LoginPress Pro | Unauthenticated License Activation/Deactivation (BAC) |
Mailster | Unauthenticated Local File Inclusion (LFi) |
MasterStudy LMS | Unauthenticated Local File Inclusion (LFi) via modal |
MasterStudy LMS | Unauthenticated Privilege Escalation (BAC) via stm_lms_register AJAX Action |
MasterStudy LMS | Unauthenticated Local File Inclusion (LFi) via template |
Max Addons Pro for Bricks | Unauthenticated Plugin Settings Reset |
NextGEN Gallery | Missing Authorization (BAC) to Unauthenticated Information Disclosure |
OrderConvo | Unauthenticated API Access (BAC) to Arbitrary File Upload (BAC) |
Piotnet Addons For Elementor Pro | Unauthenticated Arbitrary Post/Page Deletion (BAC) |
Piotnet Addons For Elementor Pro | Unauthenticated Server-Side Request Forgery (SSRF) |
Poll Maker | Missing Authorization (BAC) to Unauthenticated Private Email Enumeration |
Poll Maker | Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS) |
Post Grid | Unauthenticated Password Protected Posts Access (BAC) |
PPOM for WooCommerce | Unauthenticated Arbitrary File Upload (BAC) via ppom_Upload (BAC)_file |
Realtyna Organic IDX plugin | Unauthenticated SQL Injection (SQLi) |
Rehub Theme | Unauthenticated Local File Inclusion (LFi) |
Relevanssi | Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC) |
Relevanssi | Unauthenticated Second Order CSV Injection |
Relevanssi Premium | Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC) |
Relevanssi Premium | Unauthenticated Second Order CSV Injection |
Royal Elementor Addons | Unauthenticated Limited File Upload (BAC) |
Salon booking system | Unauthenticated Cross-Site Scripting (XSS) |
Sharkdropship for AliExpress Dropship and Affiliate | Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC) |
Simple Buttons Creator | Unauthenticated Cross-Site Scripting (XSS) |
Simple Registration for WooCommerce | Unauthenticated Privilege Escalation (BAC) |
Social Pug | Unauthenticated Password Protected Posts Access (BAC) |
Soledad Theme | Unauthenticated Broken Access Control (BAC) |
User Registration | Missing Authorization (BAC) to Unauthenticated Media Deletion (BAC) |
Wholesale For WooCommerce | Unauthenticated Arbitrary Post/Page |
WooCommerce PDF Invoices & Packing Slips | Unauthenticated Server Side Request Forgery |
WooCommerce PDF Invoices & Packing Slips | Unauthenticated Cross-Site Scripting (XSS) |
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | Missing Authorization (BAC) to Unauthenticated Settings Reset |
WOOCS – WooCommerce Currency Switcher | Unauthenticated Arbitrary Shortcode Execution |
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent | Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC) |
WP ERP | Unauthenticated Cross-Site Scripting (XSS) |
WP Members | Unauthenticated Cross-Site Scripting (XSS) |
WP Meta SEO | Unauthenticated Cross-Site Scripting (XSS) via Referer header |
WZone | Unauthenticated Broken Access Control (BAC) |
WZone | Unauthenticated SQL Injection (SQLi) |
XStore Core | Unauthenticated PHP Object Injection |
XStore Core | Unauthenticated Privilege Escalation (BAC) |
XStore Core | Unauthenticated SQL Injection (SQLi) |
XStore Theme | Unauthenticated Broken Access Control (BAC) |
XStore Theme | Unauthenticated Local File Inclusion (LFi) |
XStore Theme | Unauthenticated SQL Injection (SQLi) |
Z Y N I T H | Unauthenticated Cross-Site Scripting (XSS) |