affiliate-toolkit | Unauthenticated Full Path Dislcosure (BAC) |
Amelia | Unauthenticated Full Path Disclosure (BAC) |
App Builder | Unauthenticated SQL Injection (SQLi) via app-builder-search |
Backup and Restore WordPress | Unauthenticated Broken Access Control (BAC) |
BerqWP | Unauthenticated File Upload (BAC) |
Bit Form Pro | Unauthenticated File Deletion (BAC) |
Contest Gallery | Unauthenticated Comment UserID And IP address Disclosure (BAC) |
Docket (WooCommerce Collections / Wishlist / Watchlist) | Unauthenticated Post/Page Deletion (BAC) |
Docket (WooCommerce Collections / Wishlist / Watchlist) | Unauthenticated SQL Injection (SQLi) |
Droip | Unauthenticated File Download/Deletion (BAC) |
Ebook Store | Unauthenticated Full Path Disclosure (BAC) |
Funnelforms Free | Missing Authorization (BAC) to Unauthenticated Media Upload (BAC) and Deletion (BAC) |
GEO my WordPress | Unauthenticated Local File Inclusion (LFi) |
GiveWP | Missing Authorization (BAC) to Unauthenticated Event Settings Update (BAC) |
GiveWP | Unauthenticated PHP Object Injection to Remote Code Execution (RCE) (RCE) |
GiveWP | Unauthenticated Full Path Disclosure (BAC) |
Grow by Tradedoubler | Unauthenticated Local File Inclusion (LFi) |
Hide My Site | Unauthenticated Private Information Exposure |
Icegram | Unauthenticated Private Unpublished Campaign Viewer |
InPost for WooCommerce | Unauthenticated File Read (BAC)/Delete (BAC) |
InPost PL | Unauthenticated File Read (BAC)/Delete (BAC) |
JobSearch | Unauthenticated Account Takeover (BAC) |
JS Help Desk – Best Help Desk & Support Plugin | Unauthenticated Remote Code Execution (RCE) |
Justified Image Grid | Unauthenticated Server Side Request Forgery (SSRF) |
Linkify Text | Unauthenticated Full Path Disclosure (BAC) |
LiquidPoll – Advanced Polls for Creators and Brands | Unauthenticated Cross-Site Scripting (XSS) |
LiteSpeed Cache | Unauthenticated Privilege Escalation (BAC) |
Metform Elementor Contact Form Builder | Unauthenticated Double-Extension File Upload (BAC) |
Mollie Payments for WooCommerce | Unauthenticated Full Path Disclosure (BAC) |
Music Request Manager | Unauthenticated Cross-Site Scripting (XSS) |
My Custom CSS PHP & ADS | Unauthenticated Full Path Disclosure (BAC) |
News Element Elementor Blog Magazine | Unauthenticated Local File Inclusion (LFi) |
Newsletters | Unauthenticated Full Path Disclosure (BAC) |
NitroPack | Unauthenticated Shortcode Execution |
No Update Nag | Unauthenticated Full Path Disclosure (BAC) |
Obfuscate Email | Unauthenticated Full Path Disclosure (BAC) |
Opal Membership | Unauthenticated Cross-Site Scripting (XSS) |
Opti Marketing | Unauthenticated SQL Injection (SQLi) |
PDF Builder for WPForms | Unauthenticated Full Path Disclosure (BAC) |
Permalink Manager Lite | Missing Authorization (BAC) to Unauthenticated Private Information Exposure |
Premium SEO Pack | Unauthenticated Private Information Exposure |
Propovoice Pro | Unauthenticated SQL Injection (SQLi) |
Relevanssi | Unauthenticated Private Information Exposure |
Relevanssi Live Ajax Search | Unauthenticated WP_Query Argument Injection |
Reveal Template | Unauthenticated Full Path Disclosure (BAC) |
Skitter Slideshow | Unauthenticated Server-Side Request Forgery |
SmartSearch WP | Unauthenticated SQL Injection (SQLi) |
SmartSearch WP | Unauthenticated Cross-Site Scripting (XSS) |
Traffic Manager | Unauthenticated Cross-Site Scripting (XSS) |
TrueBooker | Multiple Unauthenticated SQL Injection (SQLi) |
Ultimate Membership Pro | Unauthenticated PHP Object Injection |
Ultimate Membership Pro | Unauthenticated Privilege Escalation (BAC) |
WBW Product Table PRO | Unauthenticated SQL Query Execution |
Web Directory Free | Unauthenticated Local File Inclusion (LFi) |
Woffice Theme | Unauthenticated Privilege Escalation (BAC) |
WooCommerce PDF Vouchers | Unauthenticated File Deletion (BAC) |
WooCommerce PDF Vouchers | Unauthenticated Multiple Vulnerabilities |
Woo Inquiry | Unauthenticated SQL Injection (SQLi) |
WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) |
wpDiscuz | Unauthenticated HTML Injection |
wpForo Forum | Unauthenticated Private Data Exposure |
YayExtra | Unauthenticated File Upload (BAC) via handle_Upload (BAC)_file Function |
Z Y N I T H | Unauthenticated Option Deletion (BAC) |
Z Y N I T H | Unauthenticated Plugin Settings Change (BAC) |