diff --git a/enum.sh b/enum.sh
index b9066f8..b040f2c 100755
--- a/enum.sh
+++ b/enum.sh
@@ -63,9 +63,9 @@ rg(){
 }
 
 ver(){
-	lv=6.7.1
+	lv=6.7.2
 	range=("6.4.3 - 6.6" "6.1.2 - 6.4.2" "5.8.3 - 6.1.1" "5.6.1 - 5.8.2" "5.3.3 - 5.6" "5.0.3 - 5.3.2")
-	releases=("6.7.1 21-11-2024" "6.7 12-11-2024" "6.6.2 10-09-2024" "6.6.1 23-07-2024" "6.6 16-07-2024" "6.5 24-06-2024" "6.5.5 05-06-2024" "6.5.4 07-05-2024" "6.5.3 09-04-2024" "6.5.2 02-04-2024" "6.5 24-06-2024" "6.4.5 09-04-2024" "6.4.4 30-01-2024" "6.4.3 06-12-2023" "6.4.2 09-11-2023" "6.4.1 07-11-2023" "6.4 24-06-2024" "6.3.5 09-04-2024" "6.3.4 30-01-2024" "6.3.3 12-10-2023" "6.3.2 29-08-2023" "6.3.1 08-08-2023" "6.3 24-06-2024" "6.2.6 09-04-2024" "6.2.5 30-01-2024" "6.2.4 12-10-2023" "6.2.3 20-05-2023" "6.2.2 16-05-2023" "6.2.1 29-03-2023" "6.2 24-06-2024" "6.1.7 09-04-2024" "6.1.6 30-01-2024" "6.1.5 12-10-2023" "6.1.4 20-05-2023" "6.1.3 16-05-2023" "6.1.2 15-11-2022" "6.1.1 02-11-2022" "6.1 24-06-2024" "6.0.9 10-04-2024" "6.0.8 30-01-2024" "6.0.7 12-10-2023" "6.0.6 20-05-2023" "6.0.5 16-05-2023" "6.0.4 17-10-2022" "6.0.3 30-08-2022" "6.0.2 12-07-2022" "6.0.1 24-05-2022" "6.0 24-06-2024" "5.9.10 30-01-2024" "5.9.9 12-10-2023" "5.9.8 20-05-2023" "5.9.7 16-05-2023" "5.9.6 17-10-2022" "5.9.5 30-08-2022" "5.9.4 05-04-2022" "5.9.3 11-03-2022" "5.9.2 22-02-2022" "5.9.1 25-01-2022" "5.9 24-06-2024" "5.8.10 30-01-2024" "5.8.9 12-10-2023" "5.8.8 16-05-2023" "5.8.7 17-10-2022" "5.8.6 30-08-2022" "5.8.5 11-03-2022" "5.8.4 06-01-2022" "5.8.3 10-11-2021" "5.8.2 09-09-2021" "5.8.1 20-07-2021" "5.8 24-06-2024" "5.7.12 30-01-2024" "5.7.11 12-10-2023" "5.7.10 16-05-2023" "5.7.9 17-10-2022" "5.7.8 30-08-2022" "5.7.7 11-03-2022" "5.7.6 06-01-2022" "5.7.5 10-11-2021" "5.7.4 09-09-2021" "5.7.3 12-05-2021" "5.7.2 15-04-2021" "5.7.1 09-03-2021" "5.7 24-06-2024" "5.6.14 30-01-2024" "5.6.13 12-10-2023" "5.6.12 16-05-2023" "5.6.11 17-10-2022" "5.6.10 30-08-2022" "5.6.9 11-03-2022" "5.6.8 06-01-2022" "5.6.7 10-11-2021" "5.6.6 09-09-2021" "5.6.5 12-05-2021" "5.6.4 15-04-2021" "5.6.3 22-02-2021" "5.6.2 03-02-2021" "5.6.1 08-12-2020" "5.6 24-06-2024" "5.5.15 30-01-2024" "5.5.14 12-10-2023" "5.5.13 16-05-2023" "5.5.12 17-10-2022" "5.5.11 30-08-2022" "5.5.10 11-03-2022" "5.5.9 06-01-2022" "5.5.8 10-11-2021" "5.5.7 09-09-2021" "5.5.6 12-05-2021" "5.5.5 15-04-2021" "5.5.4 30-10-2020" "5.5.3 29-10-2020" "5.5.2 01-09-2020" "5.5.1 11-08-2020" "5.5 24-06-2024" "5.4.16 30-01-2024" "5.4.15 12-10-2023" "5.4.14 16-05-2023" "5.4.13 17-10-2022" "5.4.12 30-08-2022" "5.4.11 11-03-2022" "5.4.10 06-01-2022" "5.4.9 10-11-2021" "5.4.8 09-09-2021" "5.4.7 12-05-2021" "5.4.6 15-04-2021" "5.4.5 30-10-2020" "5.4.4 29-10-2020" "5.4.3 10-06-2020" "5.4.2 29-04-2020" "5.4.1 31-03-2020" "5.4 24-06-2024" "5.3.18 30-01-2024" "5.3.17 12-10-2023" "5.3.16 16-05-2023" "5.3.15 17-10-2022" "5.3.14 30-08-2022" "5.3.13 11-03-2022" "5.3.12 06-01-2022" "5.3.11 10-11-2021" "5.3.10 11-09-2021" "5.3.9 12-05-2021" "5.3.8 15-04-2021" "5.3.7 30-10-2020" "5.3.6 29-10-2020" "5.3.5 10-06-2020" "5.3.4 29-04-2020" "5.3.3 18-12-2019" "5.3.2 12-12-2019" "5.3.1 12-11-2019" "5.3 24-06-2024" "5.2.21 30-01-2024" "5.2.20 12-10-2023" "5.2.19 16-05-2023" "5.2.18 17-10-2022" "5.2.17 30-08-2022" "5.2.16 11-03-2022" "5.2.15 06-01-2022" "5.2.14 10-11-2021" "5.2.13 09-09-2021" "5.2.12 12-05-2021" "5.2.11 15-04-2021" "5.2.10 30-10-2020" "5.2.9 29-10-2020" "5.2.8 10-06-2020" "5.2.7 29-04-2020" "5.2.6 12-12-2019" "5.2.5 14-10-2019" "5.2.4 05-09-2019" "5.2.3 18-06-2019" "5.2.2 21-05-2019" "5.2.1 07-05-2019" "5.2 24-06-2024" "5.1.19 30-01-2024" "5.1.18 12-10-2023" "5.1.17 16-05-2023" "5.1.16 17-10-2022" "5.1.15 30-08-2022" "5.1.14 11-03-2022" "5.1.13 06-01-2022" "5.1.12 21-09-2021" "5.1.11 13-05-2021" "5.1.10 15-04-2021" "5.1.9 30-10-2020" "5.1.8 29-10-2020" "5.1.7 10-06-2020" "5.1.6 29-04-2020" "5.1.5 29-04-2020" "5.1.4 14-10-2019" "5.1.3 05-09-2019" "5.1.2 13-03-2019" "5.1.1 21-02-2019" "5.1 24-06-2024" "5.0.22 30-01-2024" "5.0.21 12-10-2023" "5.0.20 16-05-2023" "5.0.19 17-10-2022" "5.0.18 30-08-2022" "5.0.17 11-03-2022" "5.0.16 06-01-2022" "5.0.15 21-09-2021" "5.0.14 13-05-2021" "5.0.13 15-04-2021" "5.0.12 29-10-2020" "5.0.11 10-06-2020" "5.0.10 29-04-2020" "5.0.9 12-12-2019" "5.0.8 14-10-2019" "5.0.7 05-09-2019" "5.0.6 13-03-2019" "5.0.4 09-01-2019" "5.0.3 19-12-2018" "5.0.2 13-12-2018" "5.0.1 06-12-2018" "5.0 24-06-2024" "4.9.26 30-01-2024" "4.9.25 12-10-2023" "4.9.24 16-05-2023" "4.9.23 17-10-2022" "4.9.22 30-08-2022" "4.9.21 11-03-2022" "4.9.20 06-01-2022" "4.9.19 13-05-2021" "4.9.18 15-04-2021" "4.9.17 29-10-2020" "4.9.16 10-06-2020" "4.9.15 29-04-2020" "4.9.14 12-12-2019" "4.9.13 14-10-2019" "4.9.12 05-09-2019" "4.9.11 13-03-2019" "4.9.10 13-12-2018" "4.9.9 02-08-2018" "4.9.8 05-07-2018" "4.9.7 17-05-2018" "4.9.6 03-04-2018" "4.9.5 06-02-2018" "4.9.4 05-02-2018" "4.9.3 16-01-2018" "4.9.2 29-11-2017" "4.9.1 16-11-2017" "4.9 24-06-2024" "4.8.25 30-01-2024" "4.8.24 12-10-2023" "4.8.23 16-05-2023" "4.8.22 17-10-2022" "4.8.21 30-08-2022" "4.8.20 11-03-2022" "4.8.19 06-01-2022" "4.8.18 13-05-2021" "4.8.17 15-04-2021" "4.8.16 29-10-2020" "4.8.15 10-06-2020" "4.8.14 29-04-2020" "4.8.13 12-12-2019" "4.8.12 14-10-2019" "4.8.11 05-09-2019" "4.8.10 13-03-2019" "4.8.9 13-12-2018" "4.8.8 05-07-2018" "4.8.7 03-04-2018" "4.8.6 16-01-2018" "4.8.5 29-11-2017" "4.8.4 31-10-2017" "4.8.3 19-09-2017" "4.8.2 02-08-2017" "4.8.1 08-06-2017" "4.8 24-06-2024" "4.7.29 30-01-2024" "4.7.28 12-10-2023" "4.7.27 16-05-2023" "4.7.26 17-10-2022" "4.7.25 30-08-2022" "4.7.24 11-03-2022" "4.7.23 06-01-2022" "4.7.22 13-05-2021" "4.7.21 15-04-2021" "4.7.20 29-10-2020" "4.7.19 10-06-2020" "4.7.18 29-04-2020" "4.7.17 12-12-2019" "4.7.16 14-10-2019" "4.7.15 05-09-2019" "4.7.14 13-03-2019" "4.7.13 13-12-2018" "4.7.12 05-07-2018" "4.7.11 03-04-2018" "4.7.10 16-01-2018" "4.7.9 29-11-2017" "4.7.8 31-10-2017" "4.7.7 19-09-2017" "4.7.6 16-05-2017" "4.7.5 20-04-2017" "4.7.4 06-03-2017" "4.7.3 26-01-2017" "4.7.2 11-01-2017" "4.7.1 06-12-2016" "4.7 24-06-2024" "4.6.29 30-01-2024" "4.6.28 12-10-2023" "4.6.27 16-05-2023" "4.6.26 17-10-2022" "4.6.25 30-08-2022" "4.6.24 11-03-2022" "4.6.23 06-01-2022" "4.6.22 13-05-2021" "4.6.21 29-10-2020" "4.6.20 10-06-2020" "4.6.19 29-04-2020" "4.6.18 12-12-2019" "4.6.17 14-10-2019" "4.6.16 05-09-2019" "4.6.15 13-03-2019" "4.6.14 13-12-2018" "4.6.13 05-07-2018" "4.6.12 03-04-2018" "4.6.11 16-01-2018" "4.6.10 29-11-2017" "4.6.9 31-10-2017" "4.6.8 19-09-2017" "4.6.7 16-05-2017" "4.6.6 20-04-2017" "4.6.5 06-03-2017" "4.6.4 26-01-2017" "4.6.3 11-01-2017" "4.6.2 07-09-2016" "4.6.1 16-08-2016" "4.6 24-06-2024" "4.5.32 30-01-2024" "4.5.31 12-10-2023" "4.5.30 16-05-2023" "4.5.29 17-10-2022" "4.5.28 30-08-2022" "4.5.27 11-03-2022" "4.5.26 06-01-2022" "4.5.25 13-05-2021" "4.5.24 29-10-2020" "4.5.23 10-06-2020" "4.5.22 29-04-2020" "4.5.21 12-12-2019" "4.5.20 14-10-2019" "4.5.19 05-09-2019" "4.5.18 13-03-2019" "4.5.17 13-12-2018" "4.5.16 05-07-2018" "4.5.15 03-04-2018" "4.5.14 16-01-2018" "4.5.13 29-11-2017" "4.5.12 31-10-2017" "4.5.11 19-09-2017" "4.5.10 16-05-2017" "4.5.9 20-04-2017" "4.5.8 06-03-2017" "4.5.7 26-01-2017" "4.5.6 11-01-2017" "4.5.5 07-09-2016" "4.5.4 21-06-2016" "4.5.3 06-05-2016" "4.5.2 26-04-2016" "4.5.1 12-04-2016" "4.5 24-06-2024" "4.4.33 30-01-2024" "4.4.32 12-10-2023" "4.4.31 16-05-2023" "4.4.30 17-10-2022" "4.4.29 30-08-2022" "4.4.28 11-03-2022" "4.4.27 06-01-2022" "4.4.26 13-05-2021" "4.4.25 29-10-2020" "4.4.24 10-06-2020" "4.4.23 29-04-2020" "4.4.22 12-12-2019" "4.4.21 14-10-2019" "4.4.20 05-09-2019" "4.4.19 13-03-2019" "4.4.18 13-12-2018" "4.4.17 05-07-2018" "4.4.16 03-04-2018" "4.4.15 16-01-2018" "4.4.14 29-11-2017" "4.4.13 31-10-2017" "4.4.12 19-09-2017" "4.4.11 16-05-2017" "4.4.10 20-04-2017" "4.4.9 06-03-2017" "4.4.8 26-01-2017" "4.4.7 11-01-2017" "4.4.6 07-09-2016" "4.4.5 21-06-2016" "4.4.4 06-05-2016" "4.4.3 02-02-2016" "4.4.2 06-01-2016" "4.4.1 08-12-2015" "4.4 24-06-2024" "4.3.34 30-01-2024" "4.3.33 12-10-2023" "4.3.32 16-05-2023" "4.3.31 17-10-2022" "4.3.30 30-08-2022" "4.3.29 11-03-2022" "4.3.28 06-01-2022" "4.3.27 13-05-2021" "4.3.26 29-10-2020" "4.3.25 10-06-2020" "4.3.24 29-04-2020" "4.3.23 12-12-2019" "4.3.22 14-10-2019" "4.3.21 05-09-2019" "4.3.20 13-03-2019" "4.3.19 13-12-2018" "4.3.18 05-07-2018" "4.3.17 03-04-2018" "4.3.16 16-01-2018" "4.3.15 29-11-2017" "4.3.14 31-10-2017" "4.3.13 19-09-2017" "4.3.12 16-05-2017" "4.3.11 20-04-2017" "4.3.10 06-03-2017" "4.3.9 26-01-2017" "4.3.8 11-01-2017" "4.3.7 07-09-2016" "4.3.6 21-06-2016" "4.3.5 06-05-2016" "4.3.4 02-02-2016" "4.3.3 06-01-2016" "4.3.2 15-09-2015" "4.3.1 18-08-2015" "4.3 24-06-2024" "4.2.38 30-01-2024" "4.2.37 12-10-2023" "4.2.36 16-05-2023" "4.2.35 17-10-2022" "4.2.34 30-08-2022" "4.2.33 11-03-2022" "4.2.32 06-01-2022" "4.2.31 13-05-2021" "4.2.30 29-10-2020" "4.2.29 10-06-2020" "4.2.28 29-04-2020" "4.2.27 12-12-2019" "4.2.26 14-10-2019" "4.2.25 05-09-2019" "4.2.24 13-03-2019" "4.2.23 13-12-2018" "4.2.22 05-07-2018" "4.2.21 03-04-2018" "4.2.20 16-01-2018" "4.2.19 29-11-2017" "4.2.18 31-10-2017" "4.2.17 19-09-2017" "4.2.16 16-05-2017" "4.2.15 20-04-2017" "4.2.14 06-03-2017" "4.2.13 26-01-2017" "4.2.12 11-01-2017" "4.2.11 07-09-2016" "4.2.10 21-06-2016" "4.2.9 06-05-2016" "4.2.8 02-02-2016" "4.2.7 06-01-2016" "4.2.6 15-09-2015" "4.2.5 04-08-2015" "4.2.4 23-07-2015" "4.2.3 07-05-2015" "4.2.2 27-04-2015" "4.2.1 23-04-2015" "4.2 24-06-2024" "4.1.41 30-01-2024" "4.1.40 12-10-2023" "4.1.39 16-05-2023" "4.1.38 17-10-2022" "4.1.37 30-08-2022" "4.1.36 11-03-2022" "4.1.35 06-01-2022" "4.1.34 13-05-2021" "4.1.33 29-10-2020" "4.1.32 10-06-2020" "4.1.31 29-04-2020" "4.1.30 12-12-2019" "4.1.29 14-10-2019" "4.1.28 05-09-2019" "4.1.27 13-03-2019" "4.1.26 13-12-2018" "4.1.25 05-07-2018" "4.1.24 03-04-2018" "4.1.23 16-01-2018" "4.1.22 29-11-2017" "4.1.21 31-10-2017" "4.1.20 19-09-2017" "4.1.19 16-05-2017" "4.1.18 20-04-2017" "4.1.17 06-03-2017" "4.1.16 26-01-2017" "4.1.15 11-01-2017" "4.1.14 07-09-2016" "4.1.13 21-06-2016" "4.1.12 06-05-2016" "4.1.11 02-02-2016" "4.1.10 06-01-2016" "4.1.9 15-09-2015" "4.1.8 04-08-2015" "4.1.7 23-07-2015" "4.1.6 07-05-2015" "4.1.5 27-04-2015" "4.1.4 23-04-2015" "4.1.3 21-04-2015" "4.1.2 18-02-2015" "4.1.1 18-12-2014" "4.1 30-11-2022" "4.0.38 17-10-2022" "4.0.37 30-08-2022" "4.0.36 11-03-2022" "4.0.35 06-01-2022" "4.0.34 13-05-2021" "4.0.33 29-10-2020" "4.0.32 10-06-2020" "4.0.31 29-04-2020" "4.0.30 12-12-2019" "4.0.29 14-10-2019" "4.0.28 05-09-2019" "4.0.27 13-03-2019" "4.0.26 13-12-2018" "4.0.25 05-07-2018" "4.0.24 03-04-2018" "4.0.23 16-01-2018" "4.0.22 29-11-2017" "4.0.21 31-10-2017" "4.0.20 19-09-2017" "4.0.19 16-05-2017" "4.0.18 20-04-2017" "4.0.17 06-03-2017" "4.0.16 26-01-2017" "4.0.15 11-01-2017" "4.0.14 07-09-2016" "4.0.13 21-06-2016" "4.0.12 06-05-2016" "4.0.11 02-02-2016" "4.0.10 06-01-2016" "4.0.9 15-09-2015" "4.0.8 04-08-2015" "4.0.7 23-07-2015" "4.0.6 06-05-2015" "4.0.5 27-04-2015" "4.0.4 23-04-2015" "4.0.3 21-04-2015" "4.0.2 20-11-2014" "4.0.1 04-09-2014" "4.0 30-11-2022" "3.9.40 17-10-2022" "3.9.39 30-08-2022" "3.9.37 11-03-2022" "3.9.36 06-01-2022" "3.9.35 13-05-2021" "3.9.34 29-10-2020" "3.9.33 10-06-2020" "3.9.32 29-04-2020" "3.9.31 12-12-2019" "3.9.30 14-10-2019" "3.9.29 05-09-2019" "3.9.28 13-03-2019" "3.9.27 13-12-2018" "3.9.26 05-07-2018" "3.9.25 03-04-2018" "3.9.24 16-01-2018" "3.9.23 29-11-2017" "3.9.22 31-10-2017" "3.9.21 19-09-2017" "3.9.20 16-05-2017" "3.9.19 20-04-2017" "3.9.18 06-03-2017" "3.9.17 26-01-2017" "3.9.16 11-01-2017" "3.9.15 07-09-2016" "3.9.14 21-06-2016" "3.9.13 06-05-2016" "3.9.12 02-02-2016" "3.9.11 06-01-2016" "3.9.10 15-09-2015" "3.9.9 04-08-2015" "3.9.8 23-07-2015" "3.9.7 07-05-2015" "3.9.6 23-04-2015" "3.9.5 21-04-2015" "3.9.4 20-11-2014" "3.9.3 06-08-2014" "3.9.2 08-05-2014" "3.9.1 16-04-2014" "3.9 30-11-2022" "3.8.41 17-10-2022" "3.8.40 30-08-2022" "3.8.39 11-03-2022" "3.8.38 06-01-2022" "3.8.37 13-05-2021" "3.8.36 29-10-2020" "3.8.35 10-06-2020" "3.8.34 29-04-2020" "3.8.33 12-12-2019" "3.8.32 14-10-2019" "3.8.31 05-09-2019" "3.8.30 21-03-2019" "3.8.29 13-12-2018" "3.8.28 05-07-2018" "3.8.27 03-04-2018" "3.8.26 16-01-2018" "3.8.25 29-11-2017" "3.8.24 31-10-2017" "3.8.23 19-09-2017" "3.8.22 16-05-2017" "3.8.21 20-04-2017" "3.8.20 06-03-2017" "3.8.19 26-01-2017" "3.8.18 11-01-2017" "3.8.17 07-09-2016" "3.8.16 21-06-2016" "3.8.15 06-05-2016" "3.8.14 02-02-2016" "3.8.13 06-01-2016" "3.8.12 15-09-2015" "3.8.11 04-08-2015" "3.8.10 23-07-2015" "3.8.9 07-05-2015" "3.8.8 23-04-2015" "3.8.7 21-04-2015" "3.8.6 20-11-2014" "3.8.5 06-08-2014" "3.8.4 14-04-2014" "3.8.3 08-04-2014" "3.8.2 23-01-2014" "3.8.1 12-12-2013" "3.8 30-11-2022" "3.7.41 17-10-2022" "3.7.40 30-08-2022" "3.7.39 11-03-2022" "3.7.38 06-01-2022" "3.7.37 13-05-2021" "3.7.36 29-10-2020" "3.7.35 10-06-2020" "3.7.34 29-04-2020" "3.7.33 12-12-2019" "3.7.32 14-10-2019" "3.7.31 05-09-2019" "3.7.30 21-03-2019" "3.7.29 13-12-2018" "3.7.28 05-07-2018" "3.7.27 03-04-2018" "3.7.26 16-01-2018" "3.7.25 29-11-2017" "3.7.24 31-10-2017" "3.7.23 19-09-2017" "3.7.22 16-05-2017" "3.7.21 20-04-2017" "3.7.20 06-03-2017" "3.7.19 26-01-2017" "3.7.18 11-01-2017" "3.7.17 07-09-2016" "3.7.16 21-06-2016" "3.7.15 06-05-2016" "3.7.14 02-02-2016" "3.7.13 06-01-2016" "3.7.12 15-09-2015" "3.7.11 04-08-2015" "3.7.10 23-07-2015" "3.7.9 07-05-2015" "3.7.8 23-04-2015" "3.7.7 21-04-2015" "3.7.6 20-11-2014" "3.7.5 06-08-2014" "3.7.4 14-04-2014" "3.7.3 08-04-2014" "3.7.2 29-10-2013" "3.7.1 24-10-2013" "3.7 11-09-2013" "3.6.1 01-08-2013" "3.6 21-06-2013" "3.5.2 24-01-2013" "3.5.1 11-12-2012" "3.5 06-09-2012" "3.4.2 27-06-2012" "3.4.1 13-06-2012" "3.4 27-06-2012" "3.3.3 20-04-2012" "3.3.2 03-01-2012" "3.3.1 12-12-2011" "3.3 12-07-2011" "3.2.1 04-07-2011" "3.2 29-06-2011" "3.1.4 25-05-2011" "3.1.3 26-04-2011" "3.1.2 04-04-2011" "3.1.1 23-02-2011" "3.1 26-04-2011" "3.0.6 07-02-2011" "3.0.5 29-12-2010" "3.0.4 08-12-2010" "3.0.3 30-11-2010" "3.0.2 29-07-2010" "3.0.1 17-06-2010" "3.0 15-02-2010" "2.9.2 04-01-2010" "2.9.1 18-12-2009" "2.9 12-11-2009" "2.8.6 20-10-2009" "2.8.5 12-08-2009" "2.8.4 03-08-2009" "2.8.3 20-07-2009" "2.8.2 09-07-2009" "2.8.1 11-06-2009" "2.8 10-02-2009" "2.7.1 10-12-2008" "2.7 25-11-2008" "2.6.5 23-10-2008" "2.6.3 08-09-2008")
+	releases=("6.7.2 11-02-2025" "6.7.1 21-11-2024" "6.7 12-11-2024" "6.6.2 10-09-2024" "6.6.1 23-07-2024" "6.6 16-07-2024" "0.71 24-06-2024" "6.5.5 05-06-2024" "6.5.4 07-05-2024" "6.5.3 09-04-2024" "6.5.2 02-04-2024" "6.5 24-06-2024" "6.4.5 09-04-2024" "6.4.4 30-01-2024" "6.4.3 06-12-2023" "6.4.2 09-11-2023" "6.4.1 07-11-2023" "6.4 24-06-2024" "6.3.5 09-04-2024" "6.3.4 30-01-2024" "6.3.3 12-10-2023" "6.3.2 29-08-2023" "6.3.1 08-08-2023" "6.3 24-06-2024" "6.2.6 09-04-2024" "6.2.5 30-01-2024" "6.2.4 12-10-2023" "6.2.3 20-05-2023" "6.2.2 16-05-2023" "6.2.1 29-03-2023" "6.2 24-06-2024" "6.1.7 09-04-2024" "6.1.6 30-01-2024" "6.1.5 12-10-2023" "6.1.4 20-05-2023" "6.1.3 16-05-2023" "6.1.2 15-11-2022" "6.1.1 02-11-2022" "6.1 24-06-2024" "6.0.9 10-04-2024" "6.0.8 30-01-2024" "6.0.7 12-10-2023" "6.0.6 20-05-2023" "6.0.5 16-05-2023" "6.0.4 17-10-2022" "6.0.3 30-08-2022" "6.0.2 12-07-2022" "6.0.1 24-05-2022" "6.0 24-06-2024" "5.9.10 30-01-2024" "5.9.9 12-10-2023" "5.9.8 20-05-2023" "5.9.7 16-05-2023" "5.9.6 17-10-2022" "5.9.5 30-08-2022" "5.9.4 05-04-2022" "5.9.3 11-03-2022" "5.9.2 22-02-2022" "5.9.1 25-01-2022" "5.9 24-06-2024" "5.8.10 30-01-2024" "5.8.9 12-10-2023" "5.8.8 16-05-2023" "5.8.7 17-10-2022" "5.8.6 30-08-2022" "5.8.5 11-03-2022" "5.8.4 06-01-2022" "5.8.3 10-11-2021" "5.8.2 09-09-2021" "5.8.1 20-07-2021" "5.8 24-06-2024" "5.7.12 30-01-2024" "5.7.11 12-10-2023" "5.7.10 16-05-2023" "5.7.9 17-10-2022" "5.7.8 30-08-2022" "5.7.7 11-03-2022" "5.7.6 06-01-2022" "5.7.5 10-11-2021" "5.7.4 09-09-2021" "5.7.3 12-05-2021" "5.7.2 15-04-2021" "5.7.1 09-03-2021" "5.7 24-06-2024" "5.6.14 30-01-2024" "5.6.13 12-10-2023" "5.6.12 16-05-2023" "5.6.11 17-10-2022" "5.6.10 30-08-2022" "5.6.9 11-03-2022" "5.6.8 06-01-2022" "5.6.7 10-11-2021" "5.6.6 09-09-2021" "5.6.5 12-05-2021" "5.6.4 15-04-2021" "5.6.3 22-02-2021" "5.6.2 03-02-2021" "5.6.1 08-12-2020" "5.6 24-06-2024" "5.5.15 30-01-2024" "5.5.14 12-10-2023" "5.5.13 16-05-2023" "5.5.12 17-10-2022" "5.5.11 30-08-2022" "5.5.10 11-03-2022" "5.5.9 06-01-2022" "5.5.8 10-11-2021" "5.5.7 09-09-2021" "5.5.6 12-05-2021" "5.5.5 15-04-2021" "5.5.4 30-10-2020" "5.5.3 29-10-2020" "5.5.2 01-09-2020" "5.5.1 11-08-2020" "5.5 24-06-2024" "5.4.16 30-01-2024" "5.4.15 12-10-2023" "5.4.14 16-05-2023" "5.4.13 17-10-2022" "5.4.12 30-08-2022" "5.4.11 11-03-2022" "5.4.10 06-01-2022" "5.4.9 10-11-2021" "5.4.8 09-09-2021" "5.4.7 12-05-2021" "5.4.6 15-04-2021" "5.4.5 30-10-2020" "5.4.4 29-10-2020" "5.4.3 10-06-2020" "5.4.2 29-04-2020" "5.4.1 31-03-2020" "5.4 24-06-2024" "5.3.18 30-01-2024" "5.3.17 12-10-2023" "5.3.16 16-05-2023" "5.3.15 17-10-2022" "5.3.14 30-08-2022" "5.3.13 11-03-2022" "5.3.12 06-01-2022" "5.3.11 10-11-2021" "5.3.10 11-09-2021" "5.3.9 12-05-2021" "5.3.8 15-04-2021" "5.3.7 30-10-2020" "5.3.6 29-10-2020" "5.3.5 10-06-2020" "5.3.4 29-04-2020" "5.3.3 18-12-2019" "5.3.2 12-12-2019" "5.3.1 12-11-2019" "5.3 24-06-2024" "5.2.21 30-01-2024" "5.2.20 12-10-2023" "5.2.19 16-05-2023" "5.2.18 17-10-2022" "5.2.17 30-08-2022" "5.2.16 11-03-2022" "5.2.15 06-01-2022" "5.2.14 10-11-2021" "5.2.13 09-09-2021" "5.2.12 12-05-2021" "5.2.11 15-04-2021" "5.2.10 30-10-2020" "5.2.9 29-10-2020" "5.2.8 10-06-2020" "5.2.7 29-04-2020" "5.2.6 12-12-2019" "5.2.5 14-10-2019" "5.2.4 05-09-2019" "5.2.3 18-06-2019" "5.2.2 21-05-2019" "5.2.1 07-05-2019" "5.2 24-06-2024" "5.1.19 30-01-2024" "5.1.18 12-10-2023" "5.1.17 16-05-2023" "5.1.16 17-10-2022" "5.1.15 30-08-2022" "5.1.14 11-03-2022" "5.1.13 06-01-2022" "5.1.12 21-09-2021" "5.1.11 13-05-2021" "5.1.10 15-04-2021" "5.1.9 30-10-2020" "5.1.8 29-10-2020" "5.1.7 10-06-2020" "5.1.6 29-04-2020" "5.1.5 29-04-2020" "5.1.4 14-10-2019" "5.1.3 05-09-2019" "5.1.2 13-03-2019" "5.1.1 21-02-2019" "5.1 24-06-2024" "5.0.22 30-01-2024" "5.0.21 12-10-2023" "5.0.20 16-05-2023" "5.0.19 17-10-2022" "5.0.18 30-08-2022" "5.0.17 11-03-2022" "5.0.16 06-01-2022" "5.0.15 21-09-2021" "5.0.14 13-05-2021" "5.0.13 15-04-2021" "5.0.12 29-10-2020" "5.0.11 10-06-2020" "5.0.10 29-04-2020" "5.0.9 12-12-2019" "5.0.8 14-10-2019" "5.0.7 05-09-2019" "5.0.6 13-03-2019" "5.0.4 09-01-2019" "5.0.3 19-12-2018" "5.0.2 13-12-2018" "5.0.1 06-12-2018" "5.0 24-06-2024" "4.9.26 30-01-2024" "4.9.25 12-10-2023" "4.9.24 16-05-2023" "4.9.23 17-10-2022" "4.9.22 30-08-2022" "4.9.21 11-03-2022" "4.9.20 06-01-2022" "4.9.19 13-05-2021" "4.9.18 15-04-2021" "4.9.17 29-10-2020" "4.9.16 10-06-2020" "4.9.15 29-04-2020" "4.9.14 12-12-2019" "4.9.13 14-10-2019" "4.9.12 05-09-2019" "4.9.11 13-03-2019" "4.9.10 13-12-2018" "4.9.9 02-08-2018" "4.9.8 05-07-2018" "4.9.7 17-05-2018" "4.9.6 03-04-2018" "4.9.5 06-02-2018" "4.9.4 05-02-2018" "4.9.3 16-01-2018" "4.9.2 29-11-2017" "4.9.1 16-11-2017" "4.9 24-06-2024" "4.8.25 30-01-2024" "4.8.24 12-10-2023" "4.8.23 16-05-2023" "4.8.22 17-10-2022" "4.8.21 30-08-2022" "4.8.20 11-03-2022" "4.8.19 06-01-2022" "4.8.18 13-05-2021" "4.8.17 15-04-2021" "4.8.16 29-10-2020" "4.8.15 10-06-2020" "4.8.14 29-04-2020" "4.8.13 12-12-2019" "4.8.12 14-10-2019" "4.8.11 05-09-2019" "4.8.10 13-03-2019" "4.8.9 13-12-2018" "4.8.8 05-07-2018" "4.8.7 03-04-2018" "4.8.6 16-01-2018" "4.8.5 29-11-2017" "4.8.4 31-10-2017" "4.8.3 19-09-2017" "4.8.2 02-08-2017" "4.8.1 08-06-2017" "4.8 24-06-2024" "4.7.29 30-01-2024" "4.7.28 12-10-2023" "4.7.27 16-05-2023" "4.7.26 17-10-2022" "4.7.25 30-08-2022" "4.7.24 11-03-2022" "4.7.23 06-01-2022" "4.7.22 13-05-2021" "4.7.21 15-04-2021" "4.7.20 29-10-2020" "4.7.19 10-06-2020" "4.7.18 29-04-2020" "4.7.17 12-12-2019" "4.7.16 14-10-2019" "4.7.15 05-09-2019" "4.7.14 13-03-2019" "4.7.13 13-12-2018" "4.7.12 05-07-2018" "4.7.11 03-04-2018" "4.7.10 16-01-2018" "4.7.9 29-11-2017" "4.7.8 31-10-2017" "4.7.7 19-09-2017" "4.7.6 16-05-2017" "4.7.5 20-04-2017" "4.7.4 06-03-2017" "4.7.3 26-01-2017" "4.7.2 11-01-2017" "4.7.1 06-12-2016" "4.7 24-06-2024" "4.6.29 30-01-2024" "4.6.28 12-10-2023" "4.6.27 16-05-2023" "4.6.26 17-10-2022" "4.6.25 30-08-2022" "4.6.24 11-03-2022" "4.6.23 06-01-2022" "4.6.22 13-05-2021" "4.6.21 29-10-2020" "4.6.20 10-06-2020" "4.6.19 29-04-2020" "4.6.18 12-12-2019" "4.6.17 14-10-2019" "4.6.16 05-09-2019" "4.6.15 13-03-2019" "4.6.14 13-12-2018" "4.6.13 05-07-2018" "4.6.12 03-04-2018" "4.6.11 16-01-2018" "4.6.10 29-11-2017" "4.6.9 31-10-2017" "4.6.8 19-09-2017" "4.6.7 16-05-2017" "4.6.6 20-04-2017" "4.6.5 06-03-2017" "4.6.4 26-01-2017" "4.6.3 11-01-2017" "4.6.2 07-09-2016" "4.6.1 16-08-2016" "4.6 24-06-2024" "4.5.32 30-01-2024" "4.5.31 12-10-2023" "4.5.30 16-05-2023" "4.5.29 17-10-2022" "4.5.28 30-08-2022" "4.5.27 11-03-2022" "4.5.26 06-01-2022" "4.5.25 13-05-2021" "4.5.24 29-10-2020" "4.5.23 10-06-2020" "4.5.22 29-04-2020" "4.5.21 12-12-2019" "4.5.20 14-10-2019" "4.5.19 05-09-2019" "4.5.18 13-03-2019" "4.5.17 13-12-2018" "4.5.16 05-07-2018" "4.5.15 03-04-2018" "4.5.14 16-01-2018" "4.5.13 29-11-2017" "4.5.12 31-10-2017" "4.5.11 19-09-2017" "4.5.10 16-05-2017" "4.5.9 20-04-2017" "4.5.8 06-03-2017" "4.5.7 26-01-2017" "4.5.6 11-01-2017" "4.5.5 07-09-2016" "4.5.4 21-06-2016" "4.5.3 06-05-2016" "4.5.2 26-04-2016" "4.5.1 12-04-2016" "4.5 24-06-2024" "4.4.33 30-01-2024" "4.4.32 12-10-2023" "4.4.31 16-05-2023" "4.4.30 17-10-2022" "4.4.29 30-08-2022" "4.4.28 11-03-2022" "4.4.27 06-01-2022" "4.4.26 13-05-2021" "4.4.25 29-10-2020" "4.4.24 10-06-2020" "4.4.23 29-04-2020" "4.4.22 12-12-2019" "4.4.21 14-10-2019" "4.4.20 05-09-2019" "4.4.19 13-03-2019" "4.4.18 13-12-2018" "4.4.17 05-07-2018" "4.4.16 03-04-2018" "4.4.15 16-01-2018" "4.4.14 29-11-2017" "4.4.13 31-10-2017" "4.4.12 19-09-2017" "4.4.11 16-05-2017" "4.4.10 20-04-2017" "4.4.9 06-03-2017" "4.4.8 26-01-2017" "4.4.7 11-01-2017" "4.4.6 07-09-2016" "4.4.5 21-06-2016" "4.4.4 06-05-2016" "4.4.3 02-02-2016" "4.4.2 06-01-2016" "4.4.1 08-12-2015" "4.4 24-06-2024" "4.3.34 30-01-2024" "4.3.33 12-10-2023" "4.3.32 16-05-2023" "4.3.31 17-10-2022" "4.3.30 30-08-2022" "4.3.29 11-03-2022" "4.3.28 06-01-2022" "4.3.27 13-05-2021" "4.3.26 29-10-2020" "4.3.25 10-06-2020" "4.3.24 29-04-2020" "4.3.23 12-12-2019" "4.3.22 14-10-2019" "4.3.21 05-09-2019" "4.3.20 13-03-2019" "4.3.19 13-12-2018" "4.3.18 05-07-2018" "4.3.17 03-04-2018" "4.3.16 16-01-2018" "4.3.15 29-11-2017" "4.3.14 31-10-2017" "4.3.13 19-09-2017" "4.3.12 16-05-2017" "4.3.11 20-04-2017" "4.3.10 06-03-2017" "4.3.9 26-01-2017" "4.3.8 11-01-2017" "4.3.7 07-09-2016" "4.3.6 21-06-2016" "4.3.5 06-05-2016" "4.3.4 02-02-2016" "4.3.3 06-01-2016" "4.3.2 15-09-2015" "4.3.1 18-08-2015" "4.3 24-06-2024" "4.2.38 30-01-2024" "4.2.37 12-10-2023" "4.2.36 16-05-2023" "4.2.35 17-10-2022" "4.2.34 30-08-2022" "4.2.33 11-03-2022" "4.2.32 06-01-2022" "4.2.31 13-05-2021" "4.2.30 29-10-2020" "4.2.29 10-06-2020" "4.2.28 29-04-2020" "4.2.27 12-12-2019" "4.2.26 14-10-2019" "4.2.25 05-09-2019" "4.2.24 13-03-2019" "4.2.23 13-12-2018" "4.2.22 05-07-2018" "4.2.21 03-04-2018" "4.2.20 16-01-2018" "4.2.19 29-11-2017" "4.2.18 31-10-2017" "4.2.17 19-09-2017" "4.2.16 16-05-2017" "4.2.15 20-04-2017" "4.2.14 06-03-2017" "4.2.13 26-01-2017" "4.2.12 11-01-2017" "4.2.11 07-09-2016" "4.2.10 21-06-2016" "4.2.9 06-05-2016" "4.2.8 02-02-2016" "4.2.7 06-01-2016" "4.2.6 15-09-2015" "4.2.5 04-08-2015" "4.2.4 23-07-2015" "4.2.3 07-05-2015" "4.2.2 27-04-2015" "4.2.1 23-04-2015" "4.2 24-06-2024" "4.1.41 30-01-2024" "4.1.40 12-10-2023" "4.1.39 16-05-2023" "4.1.38 17-10-2022" "4.1.37 30-08-2022" "4.1.36 11-03-2022" "4.1.35 06-01-2022" "4.1.34 13-05-2021" "4.1.33 29-10-2020" "4.1.32 10-06-2020" "4.1.31 29-04-2020" "4.1.30 12-12-2019" "4.1.29 14-10-2019" "4.1.28 05-09-2019" "4.1.27 13-03-2019" "4.1.26 13-12-2018" "4.1.25 05-07-2018" "4.1.24 03-04-2018" "4.1.23 16-01-2018" "4.1.22 29-11-2017" "4.1.21 31-10-2017" "4.1.20 19-09-2017" "4.1.19 16-05-2017" "4.1.18 20-04-2017" "4.1.17 06-03-2017" "4.1.16 26-01-2017" "4.1.15 11-01-2017" "4.1.14 07-09-2016" "4.1.13 21-06-2016" "4.1.12 06-05-2016" "4.1.11 02-02-2016" "4.1.10 06-01-2016" "4.1.9 15-09-2015" "4.1.8 04-08-2015" "4.1.7 23-07-2015" "4.1.6 07-05-2015" "4.1.5 27-04-2015" "4.1.4 23-04-2015" "4.1.3 21-04-2015" "4.1.2 18-02-2015" "4.1.1 18-12-2014" "4.1 30-11-2022" "4.0.38 17-10-2022" "4.0.37 30-08-2022" "4.0.36 11-03-2022" "4.0.35 06-01-2022" "4.0.34 13-05-2021" "4.0.33 29-10-2020" "4.0.32 10-06-2020" "4.0.31 29-04-2020" "4.0.30 12-12-2019" "4.0.29 14-10-2019" "4.0.28 05-09-2019" "4.0.27 13-03-2019" "4.0.26 13-12-2018" "4.0.25 05-07-2018" "4.0.24 03-04-2018" "4.0.23 16-01-2018" "4.0.22 29-11-2017" "4.0.21 31-10-2017" "4.0.20 19-09-2017" "4.0.19 16-05-2017" "4.0.18 20-04-2017" "4.0.17 06-03-2017" "4.0.16 26-01-2017" "4.0.15 11-01-2017" "4.0.14 07-09-2016" "4.0.13 21-06-2016" "4.0.12 06-05-2016" "4.0.11 02-02-2016" "4.0.10 06-01-2016" "4.0.9 15-09-2015" "4.0.8 04-08-2015" "4.0.7 23-07-2015" "4.0.6 06-05-2015" "4.0.5 27-04-2015" "4.0.4 23-04-2015" "4.0.3 21-04-2015" "4.0.2 20-11-2014" "4.0.1 04-09-2014" "4.0 30-11-2022" "3.9.40 17-10-2022" "3.9.39 30-08-2022" "3.9.37 11-03-2022" "3.9.36 06-01-2022" "3.9.35 13-05-2021" "3.9.34 29-10-2020" "3.9.33 10-06-2020" "3.9.32 29-04-2020" "3.9.31 12-12-2019" "3.9.30 14-10-2019" "3.9.29 05-09-2019" "3.9.28 13-03-2019" "3.9.27 13-12-2018" "3.9.26 05-07-2018" "3.9.25 03-04-2018" "3.9.24 16-01-2018" "3.9.23 29-11-2017" "3.9.22 31-10-2017" "3.9.21 19-09-2017" "3.9.20 16-05-2017" "3.9.19 20-04-2017" "3.9.18 06-03-2017" "3.9.17 26-01-2017" "3.9.16 11-01-2017" "3.9.15 07-09-2016" "3.9.14 21-06-2016" "3.9.13 06-05-2016" "3.9.12 02-02-2016" "3.9.11 06-01-2016" "3.9.10 15-09-2015" "3.9.9 04-08-2015" "3.9.8 23-07-2015" "3.9.7 07-05-2015" "3.9.6 23-04-2015" "3.9.5 21-04-2015" "3.9.4 20-11-2014" "3.9.3 06-08-2014" "3.9.2 08-05-2014" "3.9.1 16-04-2014" "3.9 30-11-2022" "3.8.41 17-10-2022" "3.8.40 30-08-2022" "3.8.39 11-03-2022" "3.8.38 06-01-2022" "3.8.37 13-05-2021" "3.8.36 29-10-2020" "3.8.35 10-06-2020" "3.8.34 29-04-2020" "3.8.33 12-12-2019" "3.8.32 14-10-2019" "3.8.31 05-09-2019" "3.8.30 21-03-2019" "3.8.29 13-12-2018" "3.8.28 05-07-2018" "3.8.27 03-04-2018" "3.8.26 16-01-2018" "3.8.25 29-11-2017" "3.8.24 31-10-2017" "3.8.23 19-09-2017" "3.8.22 16-05-2017" "3.8.21 20-04-2017" "3.8.20 06-03-2017" "3.8.19 26-01-2017" "3.8.18 11-01-2017" "3.8.17 07-09-2016" "3.8.16 21-06-2016" "3.8.15 06-05-2016" "3.8.14 02-02-2016" "3.8.13 06-01-2016" "3.8.12 15-09-2015" "3.8.11 04-08-2015" "3.8.10 23-07-2015" "3.8.9 07-05-2015" "3.8.8 23-04-2015" "3.8.7 21-04-2015" "3.8.6 20-11-2014" "3.8.5 06-08-2014" "3.8.4 14-04-2014" "3.8.3 08-04-2014" "3.8.2 23-01-2014" "3.8.1 12-12-2013" "3.8 30-11-2022" "3.7.41 17-10-2022" "3.7.40 30-08-2022" "3.7.39 11-03-2022" "3.7.38 06-01-2022" "3.7.37 13-05-2021" "3.7.36 29-10-2020" "3.7.35 10-06-2020" "3.7.34 29-04-2020" "3.7.33 12-12-2019" "3.7.32 14-10-2019" "3.7.31 05-09-2019" "3.7.30 21-03-2019" "3.7.29 13-12-2018" "3.7.28 05-07-2018" "3.7.27 03-04-2018" "3.7.26 16-01-2018" "3.7.25 29-11-2017" "3.7.24 31-10-2017" "3.7.23 19-09-2017" "3.7.22 16-05-2017" "3.7.21 20-04-2017" "3.7.20 06-03-2017" "3.7.19 26-01-2017" "3.7.18 11-01-2017" "3.7.17 07-09-2016" "3.7.16 21-06-2016" "3.7.15 06-05-2016" "3.7.14 02-02-2016" "3.7.13 06-01-2016" "3.7.12 15-09-2015" "3.7.11 04-08-2015" "3.7.10 23-07-2015" "3.7.9 07-05-2015" "3.7.8 23-04-2015" "3.7.7 21-04-2015" "3.7.6 20-11-2014" "3.7.5 06-08-2014" "3.7.4 14-04-2014" "3.7.3 08-04-2014" "3.7.2 29-10-2013" "3.7.1 24-10-2013" "3.7 11-09-2013" "3.6.1 01-08-2013" "3.6 21-06-2013" "3.5.2 24-01-2013" "3.5.1 11-12-2012" "3.5 06-09-2012" "3.4.2 27-06-2012" "3.4.1 13-06-2012" "3.4 27-06-2012" "3.3.3 20-04-2012" "3.3.2 03-01-2012" "3.3.1 12-12-2011" "3.3 12-07-2011" "3.2.1 04-07-2011" "3.2 29-06-2011" "3.1.4 25-05-2011" "3.1.3 26-04-2011" "3.1.2 04-04-2011" "3.1.1 23-02-2011" "3.1 26-04-2011" "3.0.6 07-02-2011" "3.0.5 29-12-2010" "3.0.4 08-12-2010" "3.0.3 30-11-2010" "3.0.2 29-07-2010" "3.0.1 17-06-2010" "3.0 15-02-2010" "2.9.2 04-01-2010" "2.9.1 18-12-2009" "2.9 12-11-2009" "2.8.6 20-10-2009" "2.8.5 12-08-2009" "2.8.4 03-08-2009" "2.8.3 20-07-2009" "2.8.2 09-07-2009" "2.8.1 11-06-2009" "2.8 10-02-2009" "2.7.1 10-12-2008" "2.7 25-11-2008" "2.6.5 23-10-2008")
 	pp "Version information"
 	wp_version=(`grep -oP "WordPress \K[\d.]+" $file || curl -k -L -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" -s $url/wp-links-opml.php | grep -oP "WordPress/\K[\d.]+"`)
 	[[ $wp_version && ${#wp_version} -le 7 ]] && cwv
@@ -74,8 +74,8 @@ ver(){
 
 plugins(){
 	flagz=()
-	releases_plugins=("2kb-amazon-affiliates-store 2.1.5" "3d-cover-carousel 1.0" "1player 1.4" "123-chat-videochat 1.3.2" "360-product-rotation 1.5.8" "5-stars-rating-funnel 1.4.01" "8-degree-notification-bar 1.1.8" "10to8-online-booking 1.1.0" "404-error-monitor 1.1" "aesop-story-engine 2.3.3" "amtythumb 4.2.0" "bws-latest-posts 0.4" "bulk-change 1.0" "cookie-bar 2.1" "contact-form-with-captcha 1.6.8" "caret-country-access-limit 1.0.4" "church-admin 5.0.13" "duplicate-variations-for-woocommerce 1.0.1" "dofollow-case-by-case 3.5.1" "easy-fancybox 2.3.11" "exclusive-content-password-protect 1.1.0" "fusion-slider 1.6.5" "fast-checkout-for-woocommerce 1.1.18" "go-viral 1.8.2" "gamipress-vimeo-integration 1.0.9" "hipaatizer 1.3.6" "hide-admin-bar-based-on-user-roles 4.1.0" "icestats 1.3" "js-support-ticket 2.8.9" "keymaster-chord-notation-free 1.0.2" "kopa-nictitate-toolkit 1.0.2" "listamester 2.3.5" "login-with-cognito 1.5.2" "mejorcluster 1.1.16" "marketing-optimizer 20200925" "newsletter-by-supsystic 1.5.6" "ni-woocommerce-sales-report 3.8.0" "our-team-enhanced 4.4.2" "omnipress 1.5.4" "png-to-jpg 4.4" "product-recommendation-quiz-for-ecommerce 2.2.10" "qr-twitter-widget 0.2.3" "quotes-collection 2.5.2" "rvg-optimize-database 5.2.2" "reset-course-progress-for-learndash 1.3" "sniplets 1.4.5" "sticky-popup 1.2" "split-test-for-elementor 1.8.2" "spideranalyse 0.0.1" "tagmaker 0.2.2" "updraft 0.6.1" "ultraaddons-elementor-lite 1.1.9" "virtual-hdm-for-taxservice-am 1.1.2" "wp-nssuser-register 1.0.0" "wp-lightbox-2 3.0.6.7" "woo-myghpay-payment-gateway 3.2" "wangguard 1.7.3" "woocommerce-add-to-cart-custom-redirect 1.2.14" "wp-finance 1.3.6" "your-text-manager 0.3.0" "yeemail 2.1.6" "zajax-ajax-navigation 0.4" "zooom 1.1.0")
-	vulns_plugins=("3d-cover-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.2.63 Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel 1.2.53 Unauthenticated.SQLi HIGH" "5-stars-rating-funnel 1.2.54 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "10to8-online-booking 1.1.0 Contributor+.Stored.XSS MEDIUM" "99fy-core 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "99fy-core 1.2.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "5280-bootstrap-modal-contact-form No.known.fix Cross-Site.Request.Forgery.to.Bulk.Delete.Messages MEDIUM" "5centscdn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.9 Logs.Deletion.via.CSRF MEDIUM" "404-to-301 3.0.8 Broken.Access.Control MEDIUM" "404-to-301 3.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "404-to-301 2.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "3com-asesor-de-cookies No.known.fix Admin+.Stored.XSS LOW" "12-step-meeting-list 3.16.6 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion MEDIUM" "12-step-meeting-list 3.16.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "12-step-meeting-list 3.14.34 Reflected.Cross-Site.Scripting MEDIUM" "12-step-meeting-list 3.14.29 Subscriber+.CSV.Download MEDIUM" "12-step-meeting-list 3.14.25 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "8-degree-notification-bar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "404-to-start No.known.fix Admin+.Stored.XSS LOW" "404-solution 2.35.20 Reflected.Cross-Site.Scripting MEDIUM" "404-solution 2.35.18 Missing.Authentication.to.Sensitive.Information.Exposure MEDIUM" "404-solution 2.35.8 Admin+.SQL.Injection MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "404-solution 2.35.0 Admin+.SQLi MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure MEDIUM" "360-product-rotation 1.4.8 Reflected.XSS MEDIUM" "123-chat-videochat No.known.fix Video.Chat.<=.1.3.1.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "123-chat-videochat 1.3.1 Admin+.Stored.XSS LOW" "99robots-header-footer-code-manager-pro 1.0.17 Reflected.Cross-Site.Scripting.via.message MEDIUM" "3d-presentation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "2kb-amazon-affiliates-store No.known.fix Reflected.XSS MEDIUM" "2kb-amazon-affiliates-store 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting.via.'post' MEDIUM" "2j-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3xsocializer No.known.fix Subscriber+.SQLi MEDIUM" "3dvieweronline-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "3dady-real-time-web-stats No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "3d-avatar-user-profile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "404-redirection-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "404-redirection-manager No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "1app-business-forms No.known.fix Author+.Stored.XSS MEDIUM" "012-ps-multi-languages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "1-click-close-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "4k-icon-fonts-for-visual-composer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "2mb-autocode 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "5-anker-connect 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "10centmail-subscription-management-and-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "4ecps-webforms No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "4ecps-webforms No.known.fix Admin+.Stored.XSS LOW" "404-error-monitor No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update.via.updatePluginSettings.Function MEDIUM" "123contactform-for-wordpress No.known.fix Validation.Bypass.via.Plugin.Verification MEDIUM" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.Post.Creation HIGH" "3d-flipbook-dflip-lite 2.3.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.3.42 Reflected.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 1.7.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "1003-mortgage-application No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "2d-tag-cloud-widget-by-sujin No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "404s 3.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "360deg-javascript-viewer 1.7.30 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "360deg-javascript-viewer 1.7.13 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "360deg-javascript-viewer 1.7.12 Unauthenticated.Settings.Update MEDIUM" "360deg-javascript-viewer 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "0mk-shortener No.known.fix Stored.XSS.via.CSRF HIGH" "0mk-shortener No.known.fix Admin+.Stored.XSS LOW" "404page 11.4.8 Reflected.Cross-Site.Scripting MEDIUM" "3dprint 3.5.6.9 Arbitrary.File.and.Directory.Deletion.via.CSRF HIGH" "3dprint 3.5.6.9 CSRF.to.arbitrary.file.downlad HIGH" "3-word-address-validation-field 4.0.0 Admin+.Sensitive.Information.Disclosure LOW" "3d-viewer 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "3d-viewer 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "59sec-lite-contact-form-7-push-notifications-on-ios-and-android No.known.fix Unauthenticated.Settings.Update MEDIUM" "3dprint-lite 2.1 Settings.Update.via.CSRF MEDIUM" "3dprint-lite 1.9.1.6 Reflected.Cross-Site.Scripting HIGH" "3dprint-lite 1.9.1.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "accesspress-pinterest 3.3.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-woo-labels 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-labels 1.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "allow-php-in-posts-and-pages No.known.fix Authenticated.Remote.Code.Execution.(RCE) CRITICAL" "all-404-redirect-to-homepage 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "all-404-redirect-to-homepage 1.21 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "alma-gateway-for-woocommerce 5.2.1 Contributor+.Stored.XSS MEDIUM" "alley-business-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alley-business-toolkit 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-widget-after-content 2.5 Admin+.Stored.XSS LOW" "add-link-to-facebook No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Authenticated.(Admin+).SQL.Injection HIGH" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Bookmark.Status.Alteration MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Read.Status.Update MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Unauthenticated.Reflected.XSS HIGH" "achilles-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "alfred-click-collect No.known.fix Admin+.Stored.XSS LOW" "admin-custom-login 3.2.8 CSRF.to.Stored.XSS HIGH" "addify-gift-registry-for-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "ab-rankings-testing-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "alipay No.known.fix Authenticated.SQL.Injection MEDIUM" "ad-buttons 2.3.2 CSRF.&.XSS MEDIUM" "antispam-bee 2.11.4 IP.Address.Spoofing.via.get_client_ip MEDIUM" "ajax-extend No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "age-verification-screen-for-woocommerce 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "age-verification-screen-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adsensei-b30 3.1.3 Reflected.Cross-Site.Scripting HIGH" "announcer 6.0.1 Missing.Authorization MEDIUM" "aio-time-clock-lite 1.3.321 Admin+.Stored.XSS LOW" "accesspress-twitter-auto-post 1.4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "appexperts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appexperts 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-invite-codes 1.0.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "artplacer-widget 2.21.2 Stored.XSS.via.CSRF HIGH" "artplacer-widget 2.21.2 Subscriber+.Arbitrary.Widget.Deletion MEDIUM" "artplacer-widget 2.20.7 Editor+.SQLi MEDIUM" "activecampaign-for-woocommerce 1.9.8 Subscriber+.Error.Log.Cleanup MEDIUM" "alley-elementor-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "avectra-netforum-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "avectra-netforum-single-sign-on 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.5.7 Information.Exposure.via.AJAX.Search.Form MEDIUM" "add-search-to-menu 5.5.6 Subscriber+.Index.Creation MEDIUM" "add-search-to-menu 5.5.2 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.7 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.4.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "add-search-to-menu 4.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "add-search-to-menu 4.7 Reflected.Cross-Site.Scripting HIGH" "add-search-to-menu 4.6.1 Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "add-search-to-menu 4.5.11 .Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-menu-widget No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "arconix-shortcodes 2.1.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "arconix-shortcodes 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "arconix-shortcodes 2.1.12 Missing.Authorization MEDIUM" "arconix-shortcodes 2.1.11 Missing.Authorization.to.Notice.Dismissal MEDIUM" "arconix-shortcodes 2.1.8 Contributor+.Stored.XSS MEDIUM" "ai-twitter-feeds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-wp-columns No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "auto-poster No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "advanced-custom-fields-pro 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields-pro 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields-pro 6.3.6 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-custom-fields-pro 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Code.Injection CRITICAL" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-custom-fields-pro 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields-pro 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields-pro 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields-pro 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields-pro 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields-pro 5.9.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "accesspress-social-icons 1.8.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-social-icons 1.8.1 Authenticated.SQL.Injection HIGH" "accesspress-social-icons 1.6.8 Authenticated.SQL.Injections MEDIUM" "addify-abandoned-cart-recovery 1.2.5 Multiple.CSRF MEDIUM" "amr-personalise No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.25.0b3 Reflected.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.24.0 AJAX.Search.for.WooCommerce.<.1.24.0.-.Admin+.Stored.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.18.0 Admin+.Stored.Cross-Site.Scripting LOW" "ajax-search-for-woocommerce 1.17.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "announcekit No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "auto-login-when-resister No.known.fix Settings.Update.via.CSRF MEDIUM" "accept-stripe-payments-using-contact-form-7 2.6 Unauthenticated.Information.Exposure MEDIUM" "advanced-classifieds-and-directory-pro 3.2.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-classifieds-and-directory-pro 3.1.2 Missing.Authorization.to.Arbitrary.Attachment.Deletion MEDIUM" "advanced-classifieds-and-directory-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "advanced-classifieds-and-directory-pro 1.8.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-classifieds-and-directory-pro 1.6.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "awesomepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-menu-organizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-favicon 4.7 Multiple.Stored.Authenticated.XSS MEDIUM" "automatic-youtube-gallery 2.3.5 Missing.Authorization.via.AJAX.actions MEDIUM" "automatic-youtube-gallery 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "automatic-youtube-gallery 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admission-appmanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amen No.known.fix Admin+.Stored.XSS LOW" "artificial-intelligence-auto-content-generator 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "add-to-calendar-button 1.5.1 Contributor+.Stored.XSS MEDIUM" "audio-and-video-player 1.2.0 Player.Deletion.and.Duplication.via.CSRF MEDIUM" "animated-number-counters No.known.fix Authenticated.(Editor+).Local.File.Inclusion HIGH" "animated-number-counters 1.7 Editor+.Stored.XSS MEDIUM" "ap-pricing-tables-lite No.known.fix Admin+.SQLi MEDIUM" "ap-pricing-tables-lite 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "ap-pricing-tables-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ajar-productions-in5-embed 3.1.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ampedsense-adsense-split-tester 4.69 Reflected.XSS HIGH" "akismet 3.1.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Cross-Site.Request.Forgery MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Missing.Authorization MEDIUM" "another-wordpress-classifieds-plugin 4.3.1 Categories.Mgt.via.CSRF MEDIUM" "another-wordpress-classifieds-plugin 4.3 Unauthenticated.SQLi MEDIUM" "ajax-random-post No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "alkubot 3.0.0 Unauthorised.AJAX.call.via.CSRF MEDIUM" "apollo13-framework-extensions 1.9.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.2 Cross-Site.Request.Forgery MEDIUM" "apollo13-framework-extensions 1.9.1 Contributor+.Stored.XSS MEDIUM" "apollo13-framework-extensions 1.9.0 Missing.Authorization MEDIUM" "acf-options-importexport No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automate-hub-free-by-sperse-io No.known.fix Cross-Site.Request.Forgery.to.Activation.Status.Update MEDIUM" "automate-hub-free-by-sperse-io No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ays-slider 2.5.0 Responsive.Slider.and.Carousel.<.2.5.0.-.Authenticated.Blind.SQL.Injection HIGH" "ays-slider 2.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "affieasy 1.1.7 Cross-Site.Request.Forgery.to.Various.Actions MEDIUM" "affieasy 1.1.6 Cross-Site.Request.Forgery MEDIUM" "affieasy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "affieasy 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-listings 2.6.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "add-user-role No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "art-direction No.known.fix Contributor+.Stored.XSS MEDIUM" "anycomment 0.0.99 Reflected.Cross-Site.Scripting MEDIUM" "anycomment 0.2.18 Comment.Rating.Increase/Decrease.via.Race.Condition LOW" "anycomment 0.2.18 Arbitrary.HyperComments.Import/Revert.via.CSRF MEDIUM" "anycomment 0.3.5 Open.Redirect MEDIUM" "anycomment 0.0.33 XSS MEDIUM" "ashe-extra 1.3 Missing.Authorization MEDIUM" "ashe-extra 1.2.92 Subscriber+.Companion.Plugin.Activation.&.Content.Import MEDIUM" "add-ribbon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Settings.Update MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio 1.9 Authenticated.Blind.SQL.Injection HIGH" "admin-cleanup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "amazon-auto-links 5.4.3 Reflected.Cross-Site.Scripting MEDIUM" "amazon-auto-links 5.1.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 5.3.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 4.6.20 Reflected.Cross-Site.Scripting HIGH" "addonify-quick-view 1.2.17 Unauthenticated.Full.Path.Dislcosure MEDIUM" "amp-img-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accommodation-system No.known.fix Subscriber+.Unauthorised.Actions MEDIUM" "all-users-messenger No.known.fix Subscriber+.Message.Deletion.via.IDOR MEDIUM" "a2-optimized-wp 3.0.5 Data.Collection.Toggle.via.CSRF MEDIUM" "advanced-event-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "activitypub 1.0.6 Unauthenticated.REST.API.Access MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Title.Disclosure MEDIUM" "activitypub 1.0.0 Contributor+.Stored.XSS MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "activitypub 1.0.1 Contributor+.Stored.XSS MEDIUM" "automail No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automail 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "arcadeready No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attire-blocks 1.9.7 Cross-Site.Request.Forgery MEDIUM" "attire-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attire-blocks 1.9.3 Missing.Authorization MEDIUM" "amazing-neo-icon-font-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-image-generator 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "accesspress-custom-css 2.0.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "assistant 1.4.9.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "assistant 1.4.4 Editor+.SSRF MEDIUM" "apa-banner-slider No.known.fix Cross-Site.Request.Forgery.to.SLQ.Injection HIGH" "awesome-tool-tip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aesop-story-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-wp-migration-gdrive-extension 2.80 Unauthenticated.Access.Token.Update MEDIUM" "algori-pdf-viewer 1.0.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "axeptio-sdk-integration 2.5.5 Unauthenticated.Local.File.Inclusion CRITICAL" "art-decoration-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "ancient-world-linked-data-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-custom-post-type 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-schedule-posts No.known.fix Reflected.XSS HIGH" "ads-invalid-click-protection No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "auto-rename-media-on-upload 1.1.0 Admin+.Stored.XSS LOW" "administrator-z No.known.fix Subscriber+.SQL.Injection HIGH" "animated-counters No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "animated-counters 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "addify-product-dynamic-pricing-and-discounts No.known.fix Multiple.CSRF MEDIUM" "ajax-domain-checker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "agile-store-locator 1.4.15 Admin+.Arbitrary.File.Deletion MEDIUM" "agile-store-locator 1.4.13 Reflected.XSS HIGH" "agile-store-locator 1.4.10 Editor+.Stored.XSS LOW" "agile-store-locator 1.4.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "agile-store-locator 1.4.6 Stored.XSS.via.CSRF MEDIUM" "adirectory 1.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ays-facebook-popup-likebox 3.7.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.5.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-facebook-popup-likebox 3.5.3 Page.Plugin.<.3.5.3.-.Authenticated.Blind.SQL.Injections HIGH" "affiliate-links 2.7 Contributor+.Stored.XSS MEDIUM" "advanced-form-integration 1.97.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.92.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.89.6 Cross-Site.Request.Forgery MEDIUM" "advanced-form-integration 1.82.6 SQL.Injection.to.Reflected.Cross-Site.Scripting.via.integration_id MEDIUM" "advanced-form-integration 1.76.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "advanced-form-integration 1.69.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.63.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.49.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "access-category-password No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awsm-team 1.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "admin-user-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor 2.9.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "all-contact-form-integration-for-elementor 2.9.9.8 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "audio-comparison-lite 3.5 Contributor+.Stored.XSS MEDIUM" "am-hili-affiliate-manager-for-publishers No.known.fix Admin+.Stored.XSS LOW" "auxin-portfolio 2.3.5 Contributor+.Stored.XSS MEDIUM" "auxin-portfolio 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'.Grid.Portfolios' MEDIUM" "auxin-portfolio 2.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "antihacker 4.53 Missing.Authorization.to.Authenticated.(Subscriber+).Table.Truncation MEDIUM" "antihacker 4.52 Missing.Authorization.to.Unauthenticated.IP.Address.Whitelist MEDIUM" "antihacker 4.35 Cross-Site.Request.Forgery.via.antihacker_ajax_scan MEDIUM" "antihacker 4.20 Subscriber+.Arbitrary.Plugin.Installation HIGH" "auto-date-year-month 2.0.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "auto-date-year-month 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "autolinks No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "article-directory-redux No.known.fix Admin+.Stored.XSS LOW" "advanced-control-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-control-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-content 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-quiz No.known.fix Admin+.Stored.XSS.in.Quiz.Overview LOW" "advanced-quiz 1.0.3 Admin+.Stored.XSS LOW" "agendapress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "agendapress 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "agendapress 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ark-wysiwyg-comment-editor No.known.fix Iframe.Injection.via.Comment LOW" "affiliateimportereb No.known.fix Reflected.XSS HIGH" "affiliateimportereb No.known.fix Reflected.XSS.via.Search HIGH" "apexchat 1.3.2 Admin+.Stored.XSS LOW" "auto-featured-image-from-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "aryo-activity-log 2.11.2 Unauthenticated.Stored.XSS.via.Event.Context HIGH" "aryo-activity-log 2.8.8 IP.Spoofing MEDIUM" "aryo-activity-log 2.8.4 CSV.Injection LOW" "aryo-activity-log 2.7.0 Authenticated.SQL.Injection MEDIUM" "aryo-activity-log 2.4.1 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS) MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS).in.'page' MEDIUM" "admin-menu No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "accesspress-instagram-feed 4.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "acf-on-the-go No.known.fix .Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "armember 6.7.1 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "armember 5.6 Unauthenticated.Privilege.Escalation CRITICAL" "appsplate No.known.fix Unauthenticated.SQL.Injection HIGH" "amadiscount No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "aforms-form-builder-for-price-calculator-cost-estimation 2.2.7 Unauthenticated.Full.Path.Disclosure MEDIUM" "amazing-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addify-order-tracking-for-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "add-svg-support-for-media-uploader-inventivo No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "addon-sweetalert-contact-form-7 1.0.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "admin-bar-dashboard-control 1.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "apptivo-business-site 3.0.14 Admin+.Stored.XSS LOW" "ai-engine 2.6.5 Admin+.SQLi MEDIUM" "ai-engine 2.4.8 Admin+.SQLi MEDIUM" "ai-engine 2.5.1 Admin+.RCE MEDIUM" "ai-engine 2.4.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.70 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "ai-engine 2.1.5 Authenticated.(Editor+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ai-engine 2.1.5 Editor+.Arbitrary.File.Upload.via.add_image_from_url MEDIUM" "ai-engine 1.9.99 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ai-engine 1.6.83 Admin+.Stored.XSS LOW" "appointment-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment-calendar No.known.fix CSRF MEDIUM" "ajax-login-and-registration-modal-popup 2.25 Reflected.XSS MEDIUM" "ajax-login-and-registration-modal-popup 2.24 Author+.Stored.XSS MEDIUM" "a-staff No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "a-staff No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a-staff No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "auto-featured-image No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "ai-site-builder No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation CRITICAL" "akismet-htaccess-writer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.22 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.19 Contributor+.Stored.XSS MEDIUM" "amr-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accesspress-twitter-feed No.known.fix Delete.cache.via.CSRF MEDIUM" "accesspress-twitter-feed 1.6.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "audio-player-with-playlist-ultimate 1.3 Contributor+.Stored.XSS MEDIUM" "azan No.known.fix Stored.XSS.via.CSRF HIGH" "asgard No.known.fix Reflected.XSS HIGH" "azz-anonim-posting No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "arena-liveblog-and-chat-tool No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "arena-liveblog-and-chat-tool No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arena_embed_amp.Shortcode MEDIUM" "arena-liveblog-and-chat-tool 0.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-tabs-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "advanced-database-replacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-replacer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-block-country No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "aicomments 1.4.2 Cross-Site.Request.Forgery MEDIUM" "aparat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addendio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addendio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "admin-notices-manager 1.5.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "amberlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "authentication-via-otp-using-firebase No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "admin-page-framework 3.9.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "admin-bar 1.0.23 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "awesome-contact-form7-for-elementor 3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-contact-form7-for-elementor 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AEP.Contact.Form.7.Widget MEDIUM" "announce-from-the-dashboard 1.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "announce-from-the-dashboard 1.5.2 Admin+.Stored.XSS LOW" "amin-chat-button 1.4.2 Stored.XSS.via.CSRF HIGH" "annasta-woocommerce-product-filters 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "annasta-woocommerce-product-filters 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "abcbiz-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-sms-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "ajax-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-font-editor No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "arforms-form-builder 1.7.2 HTML.Injection MEDIUM" "arforms-form-builder 1.7.1 Unauthenticated.Stored.XSS MEDIUM" "arforms-form-builder 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "arforms-form-builder 1.6.5 Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Option.Deletion HIGH" "arforms-form-builder 1.6.2 Missing.Authorization MEDIUM" "arforms-form-builder 1.6.2 Cross-Site.Request.Forgery MEDIUM" "arforms-form-builder 1.5.9 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5.7 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5 Admin+.Stored.Cross.Site.Scripting LOW" "activedemand 0.2.44 Cross-Site.Request.Forgery MEDIUM" "activedemand 0.2.42 Unauthenticated.Arbitrary.File.Upload CRITICAL" "activedemand 0.2.28 Unauthenticated.Post.Creation/Update/Deletion HIGH" "api2cart-bridge-connector 1.2.0 Unauthenticated.RCE CRITICAL" "api2cart-bridge-connector 1.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Admin+.Stored.XSS LOW" "all-in-one-seo-pack 4.2.4 Multiple.CSRF MEDIUM" "all-in-one-seo-pack 4.1.5.3 Authenticated.Privilege.Escalation CRITICAL" "all-in-one-seo-pack 4.1.5.3 Authenticated.SQL.Injection HIGH" "all-in-one-seo-pack 4.1.0.2 Admin.RCE.via.unserialize MEDIUM" "all-in-one-seo-pack 3.6.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-seo-pack 3.2.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-seo-pack 2.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-category-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-category-template No.known.fix Reflected.XSS HIGH" "ad-swapper No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "arscode-ninja-popups No.known.fix Unauthenticated.Open.Redirect MEDIUM" "ar-for-wordpress 7.4 Missing.Authorization.to.Unauthenticated.Limited.File.Upload LOW" "ar-for-wordpress 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "add-image-to-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-post-list No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "activity-log-mainwp 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "activity-log-mainwp 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-youtube-importer 1.0.4 Settings.Update.via.CSRF MEDIUM" "atomchat 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atomchat.Shortcode MEDIUM" "atomchat 1.1.5 Unauthenticated.Credits.Update MEDIUM" "alert-me No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "about-me No.known.fix Subscriber+.Arbitrary.Network.Creation/Deletion MEDIUM" "admin-page-spider 3.32 Admin+.Stored.XSS LOW" "advanced-cf7-database No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "apperr 0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-grid-image-listing No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "add2fav No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "armember-membership-premium No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ai-contact-us No.known.fix Admin+.Stored.XSS LOW" "ahime-image-printer No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "aawp 3.12.3 Unsafe.URL.Handling MEDIUM" "aawp 3.17.1 Reflected.Cross-Site.Scripting MEDIUM" "animated-svg 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "animated-typed-js-shortcode 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.2 Reflected.Cross-Site.Scripting.via.s MEDIUM" "advanced-sermons 3.3 Reflected.Cross-Site.Scripting MEDIUM" "auto-post-thumbnail 4.1.3 Missing.Authorization MEDIUM" "auto-post-thumbnail No.known.fix Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "auto-post-thumbnail 4.1.4 Author+.SSRF MEDIUM" "auto-post-thumbnail 3.9.16 Author+.Arbitrary.File.Upload CRITICAL" "auto-post-thumbnail 3.9.3 Reflected.Cross-Site.Scripting HIGH" "acf-frontend-display No.known.fix Arbitrary.File.Upload CRITICAL" "abc-notation No.known.fix Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-hierarchy-parent-to-post 3.13 Reflected.Cross-Site.Scripting MEDIUM" "auto-translate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.Font MEDIUM" "addressbook No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "acymailing 9.8.0 Authenticated.(Subscriber+).Arbitrary.File.Upload.via.acym_extractArchive.Function HIGH" "acymailing 8.6.3 Reflected.XSS HIGH" "acymailing 7.5.0 Open.Redirect MEDIUM" "avartan-slider-lite No.known.fix Reflected.XSS HIGH" "adsense-click-fraud-monitoring No.known.fix XSS MEDIUM" "ait-csv-import-export No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "all-in-one-video-downloader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-downloader No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "astra-sites 4.4.10 Cross-Site.Request.Forgery MEDIUM" "astra-sites 4.4.1 Author+.Stored.XSS MEDIUM" "astra-sites 4.2.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "astra-sites 4.1.7 Contributor+.Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-sites 3.1.21 Settings.Update.via.CSRF MEDIUM" "astra-sites 2.7.1 Contributor+.Block.Import.to.Stored.XSS HIGH" "accordion-image-menu No.known.fix Stored.XSS.via.CSRF HIGH" "author-discussion No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "all-404-pages-redirect-to-homepage 2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "amr-users 4.59.4 Admin+.Stored.Cross-Site.Scripting LOW" "add-multiple-marker No.known.fix Settings.Update.via.CSRF MEDIUM" "add-multiple-marker No.known.fix Unauthenticated.Settings.Update MEDIUM" "advanced-image-sitemap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "anonymize-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "alt-report No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsplacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "absolute-privacy No.known.fix User.Email/Password.Change.via.Cross-Site.Request.Forgery HIGH" "article2pdf No.known.fix Multiple.Vulnerabilities CRITICAL" "alpine-photo-tile-for-instagram No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ajax-search-pro 4.26.2 Multiple.Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.26.2 Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.19 Stored.XSS.via.CSRF HIGH" "ajax-search-pro 4.19 Subscriber+.SQL.Injection HIGH" "ai-moderator-for-buddypress-and-buddyboss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amazonjs No.known.fix Contributor+.Stored.XSS MEDIUM" "affiliatebooster-blocks 3.0.6 Blocks.Enabling/Disabling.via.CSRF MEDIUM" "advanced-google-recaptcha 1.26 Brute.Force.Protection.IP.Unblock LOW" "adminpad 2.2 Note.Update.via.CSRF MEDIUM" "anchor-episodes-index 2.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.anchor_episodes.Shortcode MEDIUM" "anchor-episodes-index 2.1.8 Admin+.Stored.XSS LOW" "appmaker-woocommerce-mobile-app-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-form 1.9.1 Cross-Site.Request.Forgery MEDIUM" "admin-form 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "ajax-content-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adicons No.known.fix Admin+.SQL.Injection MEDIUM" "appizy-app-embed 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arkhe-blocks 2.27.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block.attributes MEDIUM" "arkhe-blocks 2.27.0 Contributor+.Stored.XSS MEDIUM" "arkhe-blocks 2.23.0 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 8.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.piechart_settings.Parameter MEDIUM" "addons-for-elementor 8.4.1 Authenticated.(Contributor+).Limited.Local.File.Inclusion.via.Widgets HIGH" "addons-for-elementor 8.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Marquee.Text.Widget,.Testimonials.Widget,.and.Testimonial.Slider.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Various.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Grid MEDIUM" "addons-for-elementor 8.3.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget._id.attribute MEDIUM" "addons-for-elementor 8.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Multislider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Carousel.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Slider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "addons-for-elementor 8.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.animated_text_class MEDIUM" "addons-for-elementor 8.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-elementor 8.3.2 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 7.9 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-elementor 7.2.4 Admin+.Stored.XSS LOW" "addons-for-elementor 7.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addons-for-elementor 6.8 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "apply-online 2.6.7.2 Missing.Authorization MEDIUM" "apply-online 2.6.3 Unauthenticated.Application.File.Access MEDIUM" "apply-online 2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "apply-online 2.5.4 Missing.Authorization LOW" "apply-online 2.5.3 Reflected.XSS HIGH" "apply-online 2.5.6 Admin+.Stored.XSS LOW" "azindex No.known.fix Stored.XSS.via.CSRF HIGH" "azindex No.known.fix Index.Deletion.via.CSRF MEDIUM" "auto-advance-for-gravity-forms 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "auto-advance-for-gravity-forms 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "album-and-image-gallery-plus-lightbox 2.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "advanced-access-manager 6.9.21 Reflected.XSS HIGH" "advanced-access-manager 6.9.21 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-access-manager 6.9.19 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.9.19 Open.Redirect MEDIUM" "advanced-access-manager 6.9.16 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.8.0 Admin+.Stored.Cross-Site.Scripting LOW" "advanced-access-manager 6.6.2 Authenticated.Information.Disclosure MEDIUM" "advanced-access-manager 6.6.2 Authenticated.Authorization.Bypass.and.Privilege.Escalation HIGH" "advanced-access-manager 5.9.9 Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-access-manager 3.2.2 Privilege.Escalation HIGH" "aiomatic-automatic-ai-content-writer 2.0.6 Automatic.AI.Content.Writer.<.2.0.6.-.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "aiomatic-automatic-ai-content-writer 1.9.4 Missing.Authorization MEDIUM" "addons-for-beaver-builder 3.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 2.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accessibility-help-button 1.1 Admin+.Stored.Cross.Site.Scripting LOW" "accessibility-help-button 1.1 Admin+.Stored.XSS LOW" "accessibility-help-button 1.2 Admin+.Stored.XSS LOW" "advanced-forms 1.9.3.3 Missing.Authorization.to.Unauthenticated.Form.Settings.Export MEDIUM" "advanced-forms 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "awsom-news-announcement No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "artibot No.known.fix Authenticated.(Admin+).Cross-Site.Scripting MEDIUM" "artibot No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "admin-site-enhancements-pro 7.6.3 Missing.Authorization MEDIUM" "advance-search No.known.fix Admin+.SQL.Injection MEDIUM" "advance-search No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "advance-search 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "arca-payment-gateway 1.3.4 Stored.XSS.via.CSRF HIGH" "ari-cf7-connector 1.2.3 Cross-Site.Request.Forgery MEDIUM" "ari-cf7-connector 1.2.3 Reflected.XSS HIGH" "ajax-search-lite 4.12.5 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.4 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.3 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.1 Admin+.Stored.XSS LOW" "ajax-search-lite 4.11.5 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Subscriber+.Sensitive.Data.Disclosure MEDIUM" "awesome-social-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alt-manager 1.6.2 Missing.Authorization MEDIUM" "alt-manager 1.5.7 Reflected.Cross-Site.Scripting MEDIUM" "alt-manager 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-custom-google-tag-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "as-create-pinterest-pinboard-pages No.known.fix Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "advanced-wp-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-wp-table 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anspress-question-answer 4.3.2 Editor+.Stored.XSS MEDIUM" "about-author-box 1.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "automatic-post-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-post-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "all-embed-addons-for-elementor 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Cross-Site.Request.Forgery MEDIUM" "adfoxly No.known.fix Reflected.XSS HIGH" "adfoxly 1.7.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "asmember No.known.fix Admin+.Stored.XSS LOW" "addify-order-approval-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "avchat-3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "accesspress-anonymous-post-pro 3.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "amtythumb No.known.fix Subscriber+.SQLi HIGH" "ach-invoice-app No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "adamrob-parallax-scroll 2.1 Cross-Site.Scripting.(XSS) MEDIUM" "awesome-studio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Settings.Modifcation.and.Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.3 Ajax.Load.More.<.7.1.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 7.1.2 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "ajax-load-more 7.0.2 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.0 Authenticated.(Admin+).Directory.Traversal.to.Arbitrary.File.Read MEDIUM" "ajax-load-more 6.2 Ajax.Load.More.<.6.2.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.6.0.3 Ajax.Load.More.<.5.6.0.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.5.4.1 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.5.4 PHAR.Deserialization.via.CSRF HIGH" "ajax-load-more 5.5.4 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.3.2 Authenticated.SQL.Injection CRITICAL" "add-facebook No.known.fix Author+.Stored.XSS MEDIUM" "add-facebook No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting] MEDIUM" "amp-plus No.known.fix Reflected.Cross.Site.Scripting HIGH" "access-code-feeder No.known.fix CSRF MEDIUM" "attribute-stock-for-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "arconix-faq 1.9.5 Missing.Authorization MEDIUM" "arconix-faq 1.9.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "aws-cdn-by-wpadmin 3.0.0 Cross-Site.Request.Forgery MEDIUM" "accordion-slider 1.9.13 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "accordion-slider 1.9.12 Authenticted.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Attribute MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "add-from-server No.known.fix Authenticated.Path.Traversal.to.Arbitrary.File.Access HIGH" "add-from-server 3.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "anti-spam 7.3.8 Missing.Authorization MEDIUM" "anti-spam 7.3.1 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "appointment-hour-booking 1.4.57 Captcha.Bypass MEDIUM" "appointment-hour-booking 1.3.73 Unauthenticated.iFrame.Injection HIGH" "appointment-hour-booking 1.3.73 CSV.Injection MEDIUM" "appointment-hour-booking 1.3.73 CAPTCHA.Bypass MEDIUM" "appointment-hour-booking 1.3.72 Feedback.Submission.via.CSRF MEDIUM" "appointment-hour-booking 1.3.56 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.3.17 Authenticated.Stored.XSS LOW" "appointment-hour-booking 1.3.16 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.1.46 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-expires-headers 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "add-expires-headers 2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a4-barcode-generator 3.4.11 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.10 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.7 Subscriber+.Stored.XSS HIGH" "a4-barcode-generator 3.4.7 Subscriber+.Settings/Profiles.Update,.Templates/Barcodes.Access/Creation/Edition/Deletion MEDIUM" "affiliate-toolkit-starter 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atkp_product.Shortcode MEDIUM" "affiliate-toolkit-starter 3.6 Unauthenticated.Full.Path.Dislcosure MEDIUM" "affiliate-toolkit-starter 3.4.5 Unauthenticated.Sensitive.Information.Exposure.via.Logs MEDIUM" "affiliate-toolkit-starter 3.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.ratings MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_create_list MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_import_product MEDIUM" "affiliate-toolkit-starter 3.4.3 Unauthenticated.SSRF HIGH" "affiliate-toolkit-starter 3.4.4 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "affiliate-toolkit-starter 3.4.0 Open.Redirect.via.atkpout.php LOW" "affiliate-toolkit-starter 3.3.4 Editor+.Stored.XSS LOW" "add-pinterest-conversion-tags 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-pinterest-conversion-tags 1.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "admin-dashboard-rss-feed No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Shortcode MEDIUM" "all-in-one-video-gallery 3.7.0 Authenticated.(Contributor+).Local.File.Inclusion.via.aiovg_search_form.Shortcode HIGH" "all-in-one-video-gallery 3.6.5 Contributor+.Arbitrary.File.Upload.via.featured.image HIGH" "all-in-one-video-gallery 3.6.0 Missing.Authorization MEDIUM" "all-in-one-video-gallery 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 2.6.1 2.6.0.-.Unauthenticated.Arbitrary.File.Download.&.SSRF HIGH" "all-in-one-video-gallery 2.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-video-gallery 2.5.0 Admin+.Local.File.Inclusion LOW" "admin-renamer-extended No.known.fix CSRF MEDIUM" "add-twitter-pixel 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "af-companion 1.2.0 1.1.2.-.Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "abcapp-creator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ab-categories-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-responsive-photo-gallery 2.1 Reflected.Cross-Site.Scripting MEDIUM" "amazonify No.known.fix Cross-Site.Request.Forgery.to.Amazon.Tracking.ID.Update MEDIUM" "amazonify No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "academy 2.0.5 Missing.Authorization LOW" "academy 2.0.11 Open.Redirect MEDIUM" "academy 1.9.26 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.20 .Authenticated.(Subscriber+).Privilege.Escalation HIGH" "addify-image-watermark-for-woocommerce 1.0.1 Multiple.CSRF MEDIUM" "animate-it 2.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "animate-it 2.3.6 XSS HIGH" "attributes-for-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.attributesForBlocks.Parameter MEDIUM" "anywhere-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-wp-migration 7.87 Authenticated.(Administrator+).Arbitrary.PHP.Code.Injection HIGH" "all-in-one-wp-migration 7.87 Unauthenticated.Information.Disclosure.via.Error.Logs MEDIUM" "all-in-one-wp-migration 7.63 Unauthenticated.Reflected.XSS MEDIUM" "all-in-one-wp-migration 7.59 Admin+.File.Deletion.on.Windows.Hosts.via.Path.Traversal MEDIUM" "all-in-one-wp-migration 7.41 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "all-in-one-wp-migration 7.15 Arbitrary.Backup.Download HIGH" "all-in-one-wp-migration 7.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-migration 6.46 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-migration 2.0.5 Unauthenticated.Database.Export HIGH" "auto-login-new-user-after-registration No.known.fix Stored.XSS.via.CSRF HIGH" "auto-login-new-user-after-registration No.known.fix CSRF MEDIUM" "auto-iframe 2.0 Contributor+.XSS.via.Shortcode MEDIUM" "auto-iframe 1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.tag.Parameter MEDIUM" "animated-fullscreen-menu 2.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-menu-restriction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-wp-reset 1.6 Reflected.Cross-Site.Scripting MEDIUM" "aprils-call-posts No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "acf-blocks 2.6.10 Reflected.Cross-Site.Scripting MEDIUM" "acf-blocks 2.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "acnoo-flutter-api No.known.fix Authentication.Bypass CRITICAL" "add-customer-for-woocommerce 1.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-anonymous-post No.known.fix Contributor+.Arbitrary.Redirect LOW" "accesspress-anonymous-post 2.8.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ai-postpix 1.1.8.1 Subscriber+.Arbitrary.File.Upload HIGH" "archives-calendar-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "awesome-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ad-invalid-click-protector 1.2.11 Injected.Backdoor CRITICAL" "ad-invalid-click-protector 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "ad-invalid-click-protector 1.2.7 Arbitrary.Ban.Deletion.via.CSRF MEDIUM" "ad-invalid-click-protector 1.2.6 Authenticated.SQL.Injection MEDIUM" "amazon-product-in-a-post-plugin 3.5.3 Unauthenticated.SQL.Injection CRITICAL" "add-comments No.known.fix Admin+.Stored.XSS LOW" "advanced-import 1.3.8 Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "advertising-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-migration-onedrive-extension 1.67 Unauthenticated.Access.Token.Update MEDIUM" "accesspress-social-share 4.5.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aikit-wordpress-ai-writing-assistant-using-gpt3 No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "admin-speedo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acurax-social-media-widget 3.2.6 Stored.XSS.&.CSRF HIGH" "attachment-file-icons No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "advanced-cf7-db 2.0.3 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "advanced-cf7-db No.known.fix Sensitive.Information.Exposure MEDIUM" "advanced-cf7-db 1.8.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-cf7-db 1.8.7 Subscriber+.Arbitrary.File.Deletion HIGH" "advanced-cf7-db 1.7.1 SQL.Injection CRITICAL" "active-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-thickbox-plus No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "admin-log No.known.fix CSRF MEDIUM" "avirato-calendar No.known.fix Subscriber+.SQLi HIGH" "ajax-bootmodal-login No.known.fix Captcha.Reuse MEDIUM" "awin-data-feed 1.8 Reflected.Cross-Site.Scripting MEDIUM" "awin-data-feed 1.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ai-content-generation 1.2.6 Missing.Authorization MEDIUM" "automatic-user-roles-switcher 1.1.2 Subscriber+.Privilege.Escalation HIGH" "adl-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-schemaorg-rich-snippets 1.6.6 All.In.One.Schema.Rich.Snippets.<.1.6.6.-.Multiple.CSRF MEDIUM" "all-in-one-schemaorg-rich-snippets 1.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-notifications 1.2.8 Missing.Authorization MEDIUM" "activitytime 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "activitytime 1.1.0 Unauthenticated.SQL.Injection HIGH" "activitytime 1.0.9 Unauthenticated.SQL.injection HIGH" "activitytime 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Paypal.Email.Update.via.IDOR MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Unauthorised.Actions MEDIUM" "add-subtitle No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "api-bing-map-2018 5.0 CSRF MEDIUM" "all-in-one-wp-migration-box-extension 1.54 Unauthenticated.Access.Token.Update MEDIUM" "author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "access-demo-importer 1.0.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "access-demo-importer 1.0.8 Data.Reset.via.CSRF HIGH" "access-demo-importer 1.0.7 Subscriber+.Arbitrary.File.Upload HIGH" "addons-for-divi 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addons-for-divi 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "addons-for-divi 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-divi 3.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amr-ical-events-list No.known.fix Admin+.Stored.XSS LOW" "ai-wp-writer 3.8.4.5 Cross-Site.Request.Forgery MEDIUM" "ai-wp-writer 3.6.5.6 Missing.Authorization MEDIUM" "amazon-einzeltitellinks No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "advanced-advertising-system No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "advanced-blog-post-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auxin-elements No.known.fix Missing.Authorization MEDIUM" "auxin-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Staff.Widget MEDIUM" "auxin-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aux_contact_box.and.aux_gmaps.Shortcodes MEDIUM" "auxin-elements 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Modern.Heading.and.Icon.Picker.Widgets MEDIUM" "auxin-elements 2.15.8 Contributor+.XSS.via.HTML.Element MEDIUM" "auxin-elements No.known.fix Subscriber+.PHP.Object.Injection HIGH" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.Custom.JS MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.title_tag MEDIUM" "auxin-elements 2.15.6 Contributor+.Stored.XSS.via.Accordion.Widget MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_timeline.Shortcode MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_gmaps.Shortcode MEDIUM" "auxin-elements 2.15.8 Subscriber+.Template.Import MEDIUM" "auxin-elements 2.15.5 Contributor+.Stored.XSS MEDIUM" "auxin-elements 2.15.0 Unauthenticated.Local.File.Inclusion CRITICAL" "auxin-elements 2.10.7 PHP.Objection.Injection MEDIUM" "auxin-elements 2.9.8 Reflected.Cross-Site-Scripting MEDIUM" "advanced-database-cleaner 3.1.4 Administrator+.PHP.Object.Injection MEDIUM" "advanced-database-cleaner 3.1.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "advanced-database-cleaner 3.1.2 Settings.Update.via.CSRF MEDIUM" "advanced-database-cleaner 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.4 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.2 Authenticated.SQL.injection MEDIUM" "add-edit-delete-listing-for-member-module No.known.fix SQL.Injection HIGH" "animated-typing-effect 1.3.7 Contributor+.Stored.XSS MEDIUM" "add-admin-javascript No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "auto-post-woocommerce-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-tiktok-advertising-pixel 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auphonic-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "a3-portfolio 3.1.1 Author+.Stored.XSS MEDIUM" "anual-archive No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive 1.6.0 Contributor+.Stored.XSS MEDIUM" "appmaps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "adsanity 1.8.2 Contributor.Arbitrary.File.Upload CRITICAL" "additional-product-fields-for-woocommerce 1.2.134 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "additional-product-fields-for-woocommerce 1.2.105 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "awesome-fitness-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-iframe 2024.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.0 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2023.9 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2022 Reflected.Cross-Site.Scripting MEDIUM" "auto-more-tag No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "add-rss No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "accurate-form-data-real-time-form-validation No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "advanced-options-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-excerpt-everywhere No.known.fix Cross-Site.Request.Forgery MEDIUM" "apk-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "admin-word-count-column No.known.fix Unauthenticated.Arbitrary.File.Read MEDIUM" "alpha-price-table-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-floating-content-lite 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-floating-content-lite 1.2.2 Contributor+.XSS MEDIUM" "add-social-share-buttons 1.1 CSRF.to.Settings.Change MEDIUM" "ad-inserter 2.7.38 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.27 Admin+.PHP.Object.Injection LOW" "ad-inserter 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter 2.7.11 Admin+.RCE./.Stored.XSS MEDIUM" "ad-inserter 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.4.22 Authenticated.Remote.Code.Execution HIGH" "ad-inserter 2.4.20 Authenticated.Path.Traversal HIGH" "ad-inserter 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ap-custom-testimonial 1.4.8 Admin+.SQL.Injection MEDIUM" "ap-custom-testimonial 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-custom-testimonial 1.4.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-page-visit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "advanced-page-visit-counter No.known.fix Admin+.Stored.XSS LOW" "advanced-page-visit-counter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 8.0.1 Contributor+.SQLi MEDIUM" "advanced-page-visit-counter 7.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 6.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "advanced-page-visit-counter 6.1.6 Subscriber+.Blind.SQL.injection HIGH" "advanced-page-visit-counter 6.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-coupons-for-woocommerce-free 4.5.0.1 Notice.Dismiss.via.CSRF MEDIUM" "acf-better-search 3.3.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "audio-video-download-buttons-for-youtube 1.04 Reflected.Cross-Site.Scripting MEDIUM" "alemha-watermark No.known.fix Author+.Stored.XSS MEDIUM" "ajax-load-more-anything 3.3.4 Subscriber+.Settings.Update MEDIUM" "arprice-responsive-pricing-table 3.6.1 Unauthenticated.SQLi HIGH" "arprice-responsive-pricing-table 2.3 Cross-Site.Request.Forgery MEDIUM" "advanced-popups 1.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "all-in-one-wp-migration-dropbox-extension 3.76 Unauthenticated.Access.Token.Update MEDIUM" "advanced-data-table-for-elementor 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "abwp-simple-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "affiliate-advantage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-security-and-firewall 5.2.7 Cross-Site.Request.Forgery.to.IP.Blocking MEDIUM" "all-in-one-wp-security-and-firewall 5.2.6 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-security-and-firewall 5.2.5 Protection.Bypass.of.Renamed.Login.Page.via.URL.Encoding MEDIUM" "all-in-one-wp-security-and-firewall 5.2.0 Insecure.Storage.of.Password MEDIUM" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Stored.XSS LOW" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Arbitrary.File/Folder.Access.via.Traversal MEDIUM" "all-in-one-wp-security-and-firewall 5.1.3 Configuration.Leak MEDIUM" "all-in-one-wp-security-and-firewall 5.1.1 Bulk.Actions.via.CSRF MEDIUM" "all-in-one-wp-security-and-firewall 5.0.8 IP.Spoofing MEDIUM" "all-in-one-wp-security-and-firewall 4.4.11 Authenticated.Arbitrary.Redirect./.Reflected.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-security-and-firewall 4.4.4 CSRF.&.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.2 Open.Redirect.&.Hidden.Login.Page.Exposure MEDIUM" "all-in-one-wp-security-and-firewall 4.2.2 Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.2.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.1.3 Multiple.vulnerabilities.in.login.CAPTCHA MEDIUM" "all-in-one-wp-security-and-firewall 4.0.9 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.7 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.6 XSS MEDIUM" "all-in-one-wp-security-and-firewall 4.0.5 XSS CRITICAL" "ameliabooking 1.2.5 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking 1.2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "ameliabooking 1.1.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.96 Cross-Site.Request.Forgery MEDIUM" "ameliabooking 1.0.99 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.94 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "ameliabooking 1.0.99 Missing.Authorization MEDIUM" "ameliabooking 1.0.86 Contributor+.Stored.XSS MEDIUM" "ameliabooking 1.0.76 Reflected.XSS HIGH" "ameliabooking 1.0.49 Customer+.Arbitrary.Appointments.Status.Update MEDIUM" "ameliabooking 1.0.48 Customer+.SMS.Service.Abuse.and.Sensitive.Data.Disclosure MEDIUM" "ameliabooking 1.0.47 Unauthenticated.Stored.XSS.via.lastName HIGH" "ameliabooking 1.0.47 Customer+.Arbitrary.Appointments.Update.and.Sensitive.Data.Disclosure HIGH" "ameliabooking 1.0.46 Manager+.RCE MEDIUM" "ameliabooking 1.0.46 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.46 Arbitrary.Customer.Deletion.via.CSRF MEDIUM" "add-widgets-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ar-for-woocommerce 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ad-injection No.known.fix Admin+.Stored.Cross-Site.Scripting.&.RCE HIGH" "auto-tag-creator No.known.fix Missing.Authorization.via.tag_save_settings_callback MEDIUM" "affiliate-power 2.3.0 Reflected.Cross-Site.Scripting HIGH" "automatic-pages-for-privacy-policy-terms-about-and-contact 1.42 Reflected.Cross-Site.Scripting MEDIUM" "acme-fix-images 2.0.0 Subscriber+.Image.Resizing MEDIUM" "alttext-ai 1.5.0 Authenticated.(Subscriber+).SQL.Injection HIGH" "alttext-ai 1.3.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "authors-list 2.0.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "authors-list 2.0.3 Reflected.Cross-Site.Scripting HIGH" "add-local-avatar No.known.fix Cross-Site.Request.Forgery.via.manage_avatar_cache MEDIUM" "ays-popup-box 4.9.8 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "ays-popup-box 4.7.8 Admin+.Stored.XSS LOW" "ays-popup-box 4.5.2 Missing.Authorization MEDIUM" "ays-popup-box 4.1.3 Cross-Site.Request.Forgery MEDIUM" "ays-popup-box 4.3.7 Missing.Authorization.to.Information.Exposure MEDIUM" "ays-popup-box 20.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 7.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Popup.Settings LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Categories LOW" "ays-popup-box 3.7.9 Admin+.Stored.XSS LOW" "ays-popup-box 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "ays-popup-box 3.4.5 Reflected.XSS HIGH" "ays-popup-box 2.3.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-popup-box 2.3.4 Authenticated.Blind.SQL.Injections HIGH" "ajax-pagination No.known.fix wp-admin/admin-ajax.php.loop.Parameter.Local.File.Inclusion HIGH" "advanced-cron-manager-pro 2.5.3 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "awesome-ssl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-ssl No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-menu-manager 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "advance-menu-manager 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advance-menu-manager 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-menu-manager 3.0.7 Unauthorised.Menu.Creation/Deletion MEDIUM" "advance-menu-manager 3.0 Unauthorised.Menu.Edition.via.CSRF MEDIUM" "advanced-uploader No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "adif-log-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-assistant-by-10web 1.0.19 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "angwp 1.5.6 Unauthenticated.Arbitrary.File.Upload/Deletion CRITICAL" "agenteasy-properties No.known.fix Admin+.Stored.XSS LOW" "affiliate-pro No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "add-to-cart-direct-checkout-for-woocommerce 2.1.49 Admin+.Stored.XSS LOW" "armember-membership 4.0.52 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "armember-membership 4.0.38 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "armember-membership 4.0.31 Open.Redirect MEDIUM" "armember-membership 4.0.29 Missing.Authorization MEDIUM" "armember-membership 4.0.28 Directory.Traversal.via.X-FILENAME MEDIUM" "armember-membership 4.0.27 Authenticated.(Contributor+).PHP.Object.Injection CRITICAL" "armember-membership 4.0.27 Unauthenticated.PHP.Object.Injection CRITICAL" "armember-membership 4.0.24 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "armember-membership 4.0.25 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "armember-membership 4.0.23 Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.11 Subscriber+.Privilege.Escalation HIGH" "armember-membership 4.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "armember-membership 4.0.17 Membership.<.4.0.17.-.Admin+.Stored.XSS MEDIUM" "armember-membership 4.0.6 ARMember.Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.3 Admin+.Stored.XSS LOW" "armember-membership 4.0.2 Reflected.XSS HIGH" "armember-membership 4.0 Unauthenticated.SQLi HIGH" "armember-membership 3.4.8 Unauthenticated.Admin.Account.Takeover CRITICAL" "addify-free-gifts-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "arforms No.known.fix Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Read HIGH" "arforms No.known.fix Missing.Authorization.to.Plugin.Settings.Change MEDIUM" "arforms 6.4.1 Reflected.XSS HIGH" "arforms 6.6 Admin+.Stored.XSS LOW" "arforms 6.6 Unauthenticated.RCE CRITICAL" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Option.Deletion MEDIUM" "arforms 6.4.1 Reflected.Cross-Site.Scripting MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "arforms 6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "arforms 4.0 Unauthenticated.Arbitrary.File.Deletion.via.Traversal HIGH" "arforms 3.5.2 Unauthenticated.Arbitrary.File.Deletion HIGH" "abitgone-commentsafe No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "activecampaign-subscription-forms 8.1.15 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "activecampaign-subscription-forms 8.1.12 Contributor+.Stored.XSS MEDIUM" "activecampaign-subscription-forms 8.0.2 Cross-Site.Request.Forgery.in.Settings HIGH" "acf-images-search-and-insert No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "advanced-category-and-custom-taxonomy-image 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_tax_image.Shortcode MEDIUM" "article-directory No.known.fix Admin+.Stored.XSS LOW" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "accordion-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "accesspress-social-counter 1.9.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "all-in-one-b2b-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "all-in-one-b2b-for-woocommerce No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "adventure-bucket-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accessibility-checker 1.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ap-mega-menu 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-mega-menu 3.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "animation-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Slider.and.Tabs.Widget.Elementor.Template MEDIUM" "agp-font-awesome-collection No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "agp-font-awesome-collection No.known.fix Reflected.XSS HIGH" "ajax-random-posts No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "address-email-and-phone-validation No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "amazonsimpleadmin 1.5.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "aceide No.known.fix Authenticated.(admin+).Arbitrary.File.Access MEDIUM" "aweber-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "animated-headline No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "aklamator-infeed No.known.fix Admin+.Stored.XSS LOW" "aklamator-infeed No.known.fix Reflected.XSS HIGH" "ask-me-anything-anonymously No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ad-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "anonymous-restricted-content 1.6.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "anonymous-restricted-content 1.6.3 .Protection.Mechanism.Bypass MEDIUM" "autowp-ai-content-writer-rewriter 2.0.9 Cross-Site.Request.Forgery MEDIUM" "alphabetical-list No.known.fix Settings.Update.via.CSRF MEDIUM" "accessibility 1.0.7 Cross-Site.Request.Forgery MEDIUM" "accessibility 1.0.4 Admin+.Stored.XSS LOW" "atarim-visual-collaboration 4.0.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 4.1.0 Missing.Authorization.to.Authenticated.(Subscriber+).Project.Page/File.Deletion MEDIUM" "atarim-visual-collaboration 4.0.2 Missing.Authorization.via.remove_feedbacktool_notice() MEDIUM" "atarim-visual-collaboration 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "atarim-visual-collaboration 4.0.1 Missing.Authorization MEDIUM" "atarim-visual-collaboration 3.32 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 3.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 3.30 Unauthenticated.Settings.Update,.Post.Deletion.etc HIGH" "atarim-visual-collaboration 3.13 Unauthenticated.Stored.XSS HIGH" "atarim-visual-collaboration 3.9.4 Admin+.Stored.XSS LOW" "amcharts-charts-and-maps 1.4.5 Reflected.Cross-Site.Scripting.via.Cross-Site.Request.Forgery MEDIUM" "amcharts-charts-and-maps 1.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "affiliate-disclosure-statement No.known.fix Cross-Site.Request.Forgery MEDIUM" "ai-image 1.5.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "advanced-booking-calendar No.known.fix Unauthenticated.SQLi HIGH" "advanced-booking-calendar No.known.fix CSRF MEDIUM" "advanced-booking-calendar 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-booking-calendar 1.7.1 Admin+.SQLi MEDIUM" "advanced-booking-calendar 1.7.0 Unauthenticated.SQL.Injection HIGH" "advanced-booking-calendar 1.6.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.7 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.2 Unauthenticated.SQL.Injection CRITICAL" "anti-plagiarism No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "article-analytics No.known.fix Unauthenticated.SQL.injection HIGH" "automatic-youtube-video-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "advanced-custom-fields 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.6.3 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3.6.3 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields 5.8.12 Cross-Site.Scripting.in.Select2.dropdowns MEDIUM" "advanced-custom-fields 5.7.12 Unserialize.of.user.input MEDIUM" "allow-svg 1.2.0 Author+.Stored.XSS.via.SVG MEDIUM" "ach-for-stripe-plaid No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addfunc-mobile-detect No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-infos-to-the-events-calendar 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accept-authorize-net-payments-using-contact-form-7 2.3 Unauthenticated.Information.Exposure MEDIUM" "aiify 0.1.0 Reflected.Cross-Site.Scripting MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Settings.Import.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Rule.Type.Migration.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.4 Settings.Update.via.CSRF MEDIUM" "aqua-svg-sprite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "affiliate-ads-builder-for-clickbank-products 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "all-bootstrap-blocks 1.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.20 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "all-bootstrap-blocks 1.3.20 Contributor+.Stored.XSS MEDIUM" "all-bootstrap-blocks 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.7 Cross-Site.Request.Forgery MEDIUM" "awesome-progess-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-auto-tool 2.1.3 Missing.Authorization MEDIUM" "advanced-forms-pro 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "appointment-booking-calendar 1.3.83 CSRF.appointment.scheduling MEDIUM" "appointment-booking-calendar 1.3.70 Feedback.Submission.via.CSRF MEDIUM" "appointment-booking-calendar 1.3.35 CSV.Injection MEDIUM" "appointment-booking-calendar 1.3.35 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "appointment-booking-calendar 1.3.19 Unauthenticated.Stored.XSS MEDIUM" "appointment-booking-calendar 1.1.25 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.24 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.8 Multiple.Reflected.Cross-Site.Scripting.(XSS).and.SQL.Injection HIGH" "addify-product-stock-manager 1.0.5 Subscriber+.Unauthorised.AJAX.Calls HIGH" "anfrageformular No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-floating-content 3.8.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection 2.2.0 Admin+.SQLi MEDIUM" "apex-notification-bar-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "anyguide No.known.fix Cross-Site.Request.Forgery MEDIUM" "about-me-3000 No.known.fix Administrator.Stored.Cross-Site.Scripting MEDIUM" "about-me-3000 No.known.fix CSRF MEDIUM" "amazon-link No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ag-custom-admin 7.2.4 Admin+.SSRF MEDIUM" "ag-custom-admin 7.2.2 Admin+.Stored.XSS.via.Image.URL LOW" "ag-custom-admin 7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ag-custom-admin 6.9.2 AGCA.<.6.9.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "ag-custom-admin 6.5.5 CSRF.&.XSS LOW" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adblock-notify-by-bweb No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "auto-hide-admin-bar 1.6.2 Admin+.Stored.XSS LOW" "apply-with-linkedin-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apply-with-linkedin-buttons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-usps-shipping-method 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "auto-refresh-single-page No.known.fix .Authenticated.(Contributor+).PHP.Object.Injection HIGH" "aco-product-labels-for-woocommerce 1.5.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "aco-product-labels-for-woocommerce 1.5.4 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "adminify 4.0.1.7 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "adminify 3.1.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "adminify 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ad-blocking-detector No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-shortcodes-for-genesis No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "ajax-wp-query-search-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "async-javascript 2.21.06.29 Authenticated.(admin+).Stored.XSS MEDIUM" "accredible-certificates 1.4.9 Admin+.Stored.XSS LOW" "accounting-for-woocommerce 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "amministrazione-aperta 3.8 Admin+.LFI LOW" "accordion-slider-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "availability-calendar No.known.fix Cross-Site.Request.Forgery.via.add_availability_calendar_create_admin_page() MEDIUM" "availability-calendar 1.2.1 Authenticated.SQL.Injection HIGH" "availability-calendar 1.2.2 Authenticated.Stored.Cross-Site.Scripting LOW" "advanced-fancybox No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "allpost-contactform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "add-fields-to-checkout-page-woocommerce 1.3.2 Missing.Authorization MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.1 Cross-Site.Request.Forgery MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-youtube-channel-pagination No.known.fix Reflected.XSS HIGH" "advanced-cron-manager 2.5.10 Missing.Authorization MEDIUM" "advanced-cron-manager 2.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "advanced-cron-manager 2.5.7 Admin+.Stored.XSS LOW" "advanced-cron-manager 2.4.2 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "add-custom-css-and-js No.known.fix Stored.XSS.via.CSRF HIGH" "addify-custom-fields-for-woocommerce 1.0.4 Multiple.CSRF MEDIUM" "any-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "any-popup No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "analytics-cat 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Settings.Update.via.CSRF MEDIUM" "advance-wc-analytics 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "advance-wc-analytics 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "analogwp-templates 1.8.1 CSRF.Nonce.Bypasses MEDIUM" "analogwp-templates 1.8.1 Cross-Site.Request.Forgery HIGH" "any-hostname No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "atlas-knowledge-base No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atlas-knowledge-base No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anymind-widget No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "advance-post-prefix No.known.fix Admin+.SQL.Injection MEDIUM" "ai-content-writing-assistant 1.1.7 CSRF MEDIUM" "annie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "annie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "assist24it No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-easy-shipping-for-wc-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auyautochat-for-wp No.known.fix Unauthenticated.Stored.XSS HIGH" "avif-support 1.1.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "avif-support 1.1.1 Author+.Stored.XSS.via.SVG.Uplaod MEDIUM" "aggregator-advanced-settings No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "allaccessible 1.3.5 Subscriber+.Privilege.Escalation HIGH" "allaccessible 1.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "advanced-what-should-we-write-about-next No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "advanced-what-should-we-write-about-next No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "admin-post-navigation No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "admin-notices-for-team No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-notices-for-team No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-notices-for-team No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "alojapro-widget 1.1.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "add-actions-and-filters No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-actions-and-filters 2.10 Reflected.XSS HIGH" "add-actions-and-filters 2.10 Settings.Update.via.CSRF MEDIUM" "add-actions-and-filters No.known.fix Admin+.Stored.XSS MEDIUM" "athemes-addons-for-elementor-lite 1.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "athemes-addons-for-elementor-lite 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addify-custom-order-number 1.2.0 Multiple.CSRF MEDIUM" "anthologize 0.8.1 Admin+.Stored.XSS LOW" "advanced-recent-posts No.known.fix Contributor+.Stored.XSS MEDIUM" "accesspress-facebook-auto-post 2.1.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accordions-wp 2.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.accordion.settings MEDIUM" "accordions-wp 2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "appointmind 4.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "analytics-for-wp No.known.fix Admin+.Stored.XSS LOW" "ads-by-datafeedrcom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ads-by-datafeedrcom 1.2.0 Unauthenticated.Remote.Code.Execution CRITICAL" "auto-featured-image-auto-generated 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "arprice No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "arprice No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "arprice No.known.fix Unauthenticated.SQL.Injection HIGH" "arprice No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "asgaros-forum 2.9.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.8.0 Unauthenticated.PHP.Object.Injection.in.prepare_unread_status CRITICAL" "asgaros-forum 2.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "asgaros-forum 2.2.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.0.0 Subscriber+.Blind.SQL.Injection HIGH" "asgaros-forum 1.15.15 Admin+.SQL.Injection.via.forum_id MEDIUM" "asgaros-forum 1.15.14 Admin+.Stored.Cross-Site.Scripting LOW" "asgaros-forum 1.15.13 Unauthenticated.SQL.Injection HIGH" "amazon-associate-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "adrotate 5.13.3 Admin+.Double.Extension.Arbitrary.File.Upload MEDIUM" "adrotate 5.9.1 Password.Change.via.CSRF MEDIUM" "adrotate 5.8.23 Admin+.XSS.via.Advert.Name LOW" "adrotate 5.8.23 Admin+.XSS.via.Group.Name LOW" "adrotate 5.8.22 Admin+.SQL.Injection MEDIUM" "adrotate 5.8.4 Authenticated.SQL.Injection MEDIUM" "adrotate 5.3 Authenticated.SQL.Injection HIGH" "analyse-uploads No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "augmented-reality No.known.fix Unauthenticated.PHP.File.Upload.leading.to.RCE CRITICAL" "add-posts-to-pages No.known.fix Contributor+.Stored.XSS MEDIUM" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Private.Templates.Content.Disclosure MEDIUM" "add-to-any 1.7.48 Admin+.Stored.Cross-Site.Scripting LOW" "add-to-any 1.7.46 Admin+.Stored.XSS MEDIUM" "addify-price-calculator-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "ai-responsive-gallery-album No.known.fix Missing.Authorization MEDIUM" "ai-responsive-gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-keyword-backlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-terms-of-service-and-privacy-policy 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "ari-stream-quiz 1.3.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Contributor+.Stored.XSS MEDIUM" "ari-stream-quiz 1.3.3 Contributor+.Content.Injection LOW" "authldap 2.5.9 Settings.Update.via.CSRF MEDIUM" "authldap 2.6.2 Admin+.Stored.XSS LOW" "ai-quiz No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "ai-quiz No.known.fix Missing.Authorization MEDIUM" "ajax-rating-with-custom-login No.known.fix Unauthenticated.SQL.Injection HIGH" "allow-rel-and-html-in-author-bios No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "auto-hyperlink-urls No.known.fix Tab.Nabbing MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "altos-connect No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "affiliatex 1.2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-most-recent-posts-mod No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "addon-library No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "advanced-admin-search 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "advanced-post-block 1.13.5 Unauthenticated.Arbitrary.Post.Access MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.AJAX.Calls MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.OpenAI.Key.Disclosure HIGH" "advanced-backgrounds 1.12.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.imageTag.Parameter MEDIUM" "ar-contactus 1.8.8 Authenticated.Stored.Cross-Site.Scripting CRITICAL" "add-whatsapp-button 2.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-seo-pack-pro 4.2.6 Admin+.SSRF LOW" "advanced-nocaptcha-recaptcha 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advanced-nocaptcha-recaptcha 7.1.0 .Local.File.Inclusion.via.CSRF HIGH" "advanced-nocaptcha-recaptcha 7.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amministrazione-trasparente 8.0.5 Admin+.Stored.XSS LOW" "amministrazione-trasparente 7.1.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "amministrazione-trasparente 7.1.1 Cross-Site.Request.Forgery HIGH" "amty-thumb-recent-post No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "automatic-translation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "autosave-net No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autosave-net No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "acf-city-selector 1.15.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "accordion-title-for-elementor 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "auto-prune-posts 2.0.0 Post.Deletion.Settings.Update.via.CSRF MEDIUM" "authenticator 1.3.1 Subscriber+.Denial.of.Service.via.Feed.Token.Disclosure MEDIUM" "auto-ftp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "allada-tshirt-designer-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "automatorwp 5.1.0 Reflected.Cross-Site.Scripting.via.a-0-o-search_field_value CRITICAL" "automatorwp 2.5.1 Object.Deletion.via.CSRF MEDIUM" "automatorwp 1.7.6 Missing.Authorization.and.Privilege.Escalation MEDIUM" "all-custom-fields-groups 1.05 Reflected.Cross-Site.Scripting MEDIUM" "amp-extensions No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "aphorismus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "auto-install-free-ssl 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "alo-easymail 2.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "adifier-system 3.1.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "abeta-punchout 1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "abeta-punchout 1.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-facebook-twitter-widget No.known.fix Admin+.Stored.XSS LOW" "accordions 2.2.100 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accordions 2.2.97 Missing.Authorization.to.Authenticated(Contributor+).Post.Duplication MEDIUM" "accordions 2.2.30 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "accordions 2.2.9 Unprotected.AJAX.Action.to.Stored/Reflected.XSS MEDIUM" "advanced-product-labels-for-woocommerce 1.2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "autocompleter No.known.fix Cross-Site.Request.Forgery MEDIUM" "asf-allow-svg-files No.known.fix Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "asf-allow-svg-files 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "admin-management-xtended 2.4.7 Contributor+.Stored.XSS MEDIUM" "admin-management-xtended 2.4.5 Post.Visibility/Date/Comment.Status.Update.via.CSRF MEDIUM" "admin-management-xtended 2.4.5 Multiple.CSRF MEDIUM" "admin-management-xtended 2.4.0.1 Privilege.Escalation MEDIUM" "automated-editor No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "altra-side-menu No.known.fix Admin+.SQL.Injection MEDIUM" "altra-side-menu No.known.fix Abitrary.Menu.Deletion.via.CSRF MEDIUM" "ai-for-seo 1.2.10 Missing.Authorization MEDIUM" "auxin-shop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ahmeti-wp-guzel-sozler No.known.fix Cross-Site.Request.Forgery MEDIUM" "audiocase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "albo-pretorio-on-line No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "albo-pretorio-on-line No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "albo-pretorio-on-line 4.6.4 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.2 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.1 Reflected.XSS HIGH" "aviary-image-editor-add-on-for-gravity-forms No.known.fix Unauthenticated.File.Upload CRITICAL" "animate-everything No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animate-everything No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animate-everything No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "all-in-one-facebook-like-widget 2.2.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "admin-and-client-message-after-order-for-woocommerce 13.3 Authenticated.(Subscriber+).Limited.File.Upload.to.Cross-Site.Scripting MEDIUM" "admin-and-client-message-after-order-for-woocommerce 12.5 Missing.Authorization.to.Arbitrary.File.Upload CRITICAL" "automatic-domain-changer 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "add-admin-css No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "auto-upload-images 3.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "auto-upload-images 3.3.1 CSRF MEDIUM" "ali2woo-lite 3.4.4 PHP.Object.Injection.via.CSRF HIGH" "ali2woo-lite 3.3.7 Reflected.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.4.7 Stored.XSS.via.CSRF HIGH" "ali2woo-lite 3.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ali2woo-lite 3.3.7 Missing.Authorization.via.Several.Functions MEDIUM" "add-to-feedly No.known.fix Admin+.Stored.XSS LOW" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.2.1 Reflected.Cross-Site.Scripting HIGH" "automatic-internal-links-for-seo 1.2.2 Authenticated.(Administrator+).SQL.Injection.via.post_id.Parameter MEDIUM" "automatic-internal-links-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-video-player-with-analytics No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "api-bearer-auth 20190908 Unauthenticated.Reflected.XSS MEDIUM" "affiliator-lite No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "automatically-hierarchic-categories-in-menu 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "automatically-hierarchic-categories-in-menu 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addfreestats No.known.fix Admin+.Stored.XSS LOW" "addify-checkout-fields-manager 1.0.2 Multiple.CSRF MEDIUM" "affiliate-solution No.known.fix Admin+.Stored.XSS LOW" "aa-calculator No.known.fix Reflected.Cross-Site.Scripting.via.invoice MEDIUM" "aramex-shipping-woocommerce No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "advanced-woo-search 2.97 Reflected.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.78 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.00 SQL.query.leak.in.ajax.search NONE" "advanced-free-flat-shipping-woocommerce 1.6.4.6 Cross-Site.Request.Forgery MEDIUM" "astra-pro-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-pro-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "atarapay-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.2 Missing.Authorization.to.Notice.Dismissal MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.3 Missing.Authorization MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.0 Authenticated.(Administrator+).SQL.Injection HIGH" "ads-txt-admin No.known.fix Cross-Site.Request.Forgery MEDIUM" "animategl No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "animategl 1.4.18 Reflected.Cross-Site.Scripting MEDIUM" "advanced-flamingo No.known.fix Cross-Site.Request.Forgery MEDIUM" "autoptimize 3.1.7 Admin+.Stored.Cross-Site.Scripting.via.Settings.Import LOW" "autoptimize 3.1.0 Sensitive.Data.Disclosure MEDIUM" "autoptimize 3.1.1 Admin+.Stored.Cross.Site.Scripting LOW" "autoptimize 2.8.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "autoptimize 2.7.8 Arbitrary.File.Upload.via."Import.Settings" CRITICAL" "autoptimize 2.7.8 Authenticated.Stored.XSS.via.File.Upload MEDIUM" "autoptimize 2.7.8 Race.Condition.leading.to.RCE CRITICAL" "autoptimize 2.7.7 Authenticated.Arbitrary.File.Upload MEDIUM" "aajoda-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aajoda-testimonials 2.2.2 Admin+.Stored.XSS LOW" "amp-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "anywhere-elementor 1.2.12 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "anywhere-elementor 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "anywhere-elementor 1.2.8 Freemius.API.Key.Disclosure MEDIUM" "anywhere-elementor 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anac-xml-viewer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.17.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.20.4 Reflected.Cross-Site.Scripting MEDIUM" "age-gate 2.17.1 Unauthenticated.Import.Settings CRITICAL" "age-gate 2.16.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.13.5 Unauthenticated.Open.Redirect LOW" "add-any-extension-to-pages 1.5 Cross-Site.Request.Forgery.via.aaetp_options_page MEDIUM" "amr-shortcode-any-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "automizy-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automizy-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alpine-photo-tile-for-pinterest No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "addon-elements-for-elementor-page-builder 1.14 Contributor+.Sensitive.Information.Disclosure LOW" "addon-elements-for-elementor-page-builder 1.13.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.table_saved_sections MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Missing.Authorization MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.eae_slider_animation.Parameters MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Twitter.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.3 Contributor+.DOM-Based.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.11 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.to.LFI HIGH" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Modal.Popup.effet MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Content.Switcher.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.12.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Admin+.Stored.XSS LOW" "addon-elements-for-elementor-page-builder 1.12.8 Settings.Update.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Unauthenticated.Post.ID/Tile.Disclosure MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Elementor.Addon.Element.Enabling/Disabling.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12 Reflected.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.11.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addon-elements-for-elementor-page-builder 1.11.8 CSRF.Bypass LOW" "addon-elements-for-elementor-page-builder 1.11.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.6.4 CSRF.&.XSS LOW" "avcp No.known.fix Cross-Site.Request.Forgery.via.settings.php MEDIUM" "avcp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "avcp No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "akismet-privacy-policies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "app-builder 5.3.8 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "app-builder 4.3.4 Unauthenticated.Limited.SQL.Injection.via.app-builder-search MEDIUM" "app-builder 3.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode HIGH" "app-builder 3.8.8 Open.Redirection MEDIUM" "advanced-visual-elements 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "add-instagram No.known.fix Admin+.Stored.XSS LOW" "analytics-tracker 1.1.1 XSS MEDIUM" "author-bio-box 3.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "auto-robot 3.3.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "autocomplete-location-field-contact-form-7-pro 2.0 Admin+.Store.Cross-Site.Scripting LOW" "anant-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "agile-video-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aruba-hispeed-cache 2.0.13 Missing.Authorization MEDIUM" "aruba-hispeed-cache 2.0.7 Unauthenticated.Log.File.Access MEDIUM" "advanced-pdf-generator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "add-custom-body-class No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ap-contact-form 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ayecode-connect 1.3.9 Missing.Authorization MEDIUM" "affiliates-manager 2.9.35 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.31 Sensitive.Information.Exposure.via.Log.File MEDIUM" "affiliates-manager 2.9.32 Cross-Site.Request.Forgery.via.multiple.AJAX.actions MEDIUM" "affiliates-manager 2.9.21 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.14 Reflected.Cross-Site.Scripting MEDIUM" "affiliates-manager 2.9.14 Admin+.Stored.Cross-Site.Scripting LOW" "affiliates-manager 2.9.14 Arbitrary.Affiliates.&.Creatives.Deletion.via.CSRF MEDIUM" "affiliates-manager 2.9.14 Affiliate.CSV.Injection MEDIUM" "affiliates-manager 2.9.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "affiliates-manager 2.8.7 Admin+.SQL.injection MEDIUM" "affiliates-manager 2.7.8 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "affiliates-manager 2.6.6 CRSF.Issues MEDIUM" "ads-for-wp 1.9.29 Cross-Site.Request.Forgery MEDIUM" "autotitle-for-wordpress No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "autolisticle-automatically-update-numbered-list-articles 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ad-inserter-pro 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter-pro 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "accessally 3.5.7 $_SERVER.Superglobal.Leakage HIGH" "accessally 3.3.2 Unauthenticated.Arbitrary.PHP.Code.Execution CRITICAL" "auto-limit-posts-reloaded No.known.fix Cross-Site.Request.Forgery MEDIUM" "arabic-webfonts No.known.fix Missing.Authorization MEDIUM" "audio-text No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "an-gradebook No.known.fix Subscriber+.SQLi HIGH" "an-gradebook No.known.fix Admin+.XSS LOW" "ajax-archive-calendar 2.6.8 Contributor+.Stored.XSS MEDIUM" "attendance-manager 0.5.7 CSRF.&.XSS HIGH" "athemes-starter-sites 1.0.54 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "acf-frontend-form-element 3.25.2 Unauthenticated.SQL.Injection MEDIUM" "acf-frontend-form-element 3.25.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "acf-frontend-form-element 3.25.1 Unauthenticated.Privilege.Escalation HIGH" "acf-frontend-form-element 3.19.5 Improper.Missing.Encryption.Exception.Handling.to.Form.Manipulation CRITICAL" "acf-frontend-form-element 3.18.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "acf-frontend-form-element 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alter No.known.fix Cross-Site.Request.Forgery MEDIUM" "acf-front-end-editor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "ai-seo-translator 1.6.3 Cross-Site.Request.Forgery.via.update_integration_option MEDIUM" "azw-woocommerce-file-uploads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "azw-woocommerce-file-uploads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accesspress-social-login-lite 3.4.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ai-mojo 0.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addify-custom-registration-forms-builder 1.0.2 Multiple.CSRF MEDIUM" "acf-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-text-widget No.known.fix Admin+.Stored.XSS LOW" "amilia-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "astra-widgets 1.2.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "astra-widgets 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.99.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "accelerated-mobile-pages 1.0.97 Missing.Authorization MEDIUM" "accelerated-mobile-pages 1.0.97 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "accelerated-mobile-pages 1.0.93.2 Authenticated(Contributor+).Arbitrary.Post.Deletion.via.amppb_remove_saved_layout_data MEDIUM" "accelerated-mobile-pages 1.0.93 Unautenticated.Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.92.1 Authenticated.(Contributor+).Cross-Site.Scripting.via.Shortcode MEDIUM" "accelerated-mobile-pages 1.0.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "accelerated-mobile-pages 1.0.77.33 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 1.0.77.32 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 0.9.97.21 Stored.XSS MEDIUM" "api-info-themes-plugins-wp-org 1.05 Reflected.Cross-Site.Scripting MEDIUM" "app-ads-txt 1.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "app-ads-txt 1.1.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animated-al-list No.known.fix Reflected.XSS HIGH" "azonbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ab-press-optimizer-lite No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "absolute-reviews 1.1.4 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Criteria.Name MEDIUM" "absolute-reviews 1.0.9 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "avenirsoft-directdownload No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "auto-location-for-wp-job-manager 1.1 Admin+.Cross.Site.Scripting LOW" "addons-for-visual-composer 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "addons-for-visual-composer 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "addons-for-visual-composer 3.6 Contributor+.Stored.XSS MEDIUM" "addons-for-visual-composer 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 2.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-columns-pro 5.5.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "admin-columns-pro 5.5.1 Admin+.Stored.XSS.in.Label LOW" "acf-for-woocommerce-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-for-woocommerce-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "art-picture-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "accordions-or-faqs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accordions-or-faqs 2.3.1 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.1.0 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.1.0 Authenticated.Arbitrary.Options.Update MEDIUM" "accordions-or-faqs 2.0.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "appmysite 3.11.1 Unauthenticated.Information.Disclsoure MEDIUM" "advanced-online-ordering-and-delivery-platform No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "acf-quickedit-fields 3.2.3 Contributor+.User.Metadata.Leak.via.IDOR LOW" "awesome-weather No.known.fix Contributor+.Stored.XSS MEDIUM" "awesome-weather No.known.fix Reflected.Cross-site.Scripting.(XSS) HIGH" "automatewoo 5.7.6 Cross-Site.Request.Forgery MEDIUM" "automatewoo 5.7.6 Missing.Authorization MEDIUM" "automatewoo 5.7.2 ShopManager+.SQLi MEDIUM" "automatewoo 5.7.2 Cross-Site.Request.Forgery MEDIUM" "analytics-insights 6.3 Open.Redirect MEDIUM" "absolute-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "azurecurve-toggle-showhide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attesa-extra 1.4.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "attesa-extra 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-blocks-pro No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "addthis 5.0.13 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "awesome-support No.known.fix Missing.Authorization MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.7 Insufficient.Authorization.via.wpas_can_delete_attachments() MEDIUM" "awesome-support 6.1.8 Missing.Authorization.via.wpas_get_users() MEDIUM" "awesome-support 6.1.8 Authenticated.(Subscriber+).SQL.Injection HIGH" "awesome-support 6.1.8 Missing.Authorization.via.editor_html() MEDIUM" "awesome-support 6.1.6 Cross-Site.Request.Forgery MEDIUM" "awesome-support 6.1.6 Missing.Authorization.via.wpas_load_reply_history MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.11 Missing.Authorization MEDIUM" "awesome-support 6.1.5 Missing.Authorization.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Cross-Site.Request.Forgery.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.1.5 Insufficient.permission.check.in.wpas_edit_reply MEDIUM" "awesome-support 6.1.5 Submitter+.Arbitrary.File.Deletion CRITICAL" "awesome-support 6.1.2 Subscriber+.Arbitrary.Exported.Tickets.Download MEDIUM" "awesome-support 6.0.8 Authenticated.Stored.XSS MEDIUM" "awesome-support 6.0.7 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.0.11 Reflected.Cross-Site.Scripting.(XSS) HIGH" "awesome-support 6.0.0 Stored.XSS.via.Ticket.Title MEDIUM" "awesome-support 3.1.7 XSS.&.Shortcodes.Allowed.in.Replies HIGH" "autocomplete-location-field-contact-form-7 3.0 Admin+.Store.Cross-Site.Scripting LOW" "ahathat No.known.fix Reflected.XSS.via.REQUEST_URI MEDIUM" "ahathat No.known.fix Admin+.SQL.Injection MEDIUM" "apa-register-newsletter-form No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "advanced-testimonial-carousel-for-elementor 3.0.1 Missing.Authorization MEDIUM" "admin-quick-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-quick-panel 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aio-contact No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "aio-contact No.known.fix Missing.Authorization MEDIUM" "aa-audio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-trim-interface No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "astra-bulk-edit 1.2.8 Missing.Authorization MEDIUM" "archivist-custom-archive-templates 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "archivist-custom-archive-templates No.known.fix Reflected.XSS HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Stored.XSS.via.CSRF HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Admin+.Stored.XSS LOW" "amazon-product-price No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "anyvar No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "authorizenet-payment-gateway-for-woocommerce No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Unauthenticated.Payment.Bypass MEDIUM" "add-categories-post-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ap-companion 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ajax-awesome-css No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-delete-posts No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "aweber-web-form-widget 7.3.15 Authenticated.(Admin+).SQL.Injection HIGH" "aweber-web-form-widget 7.3.10 Missing.Authorization.via.AJAX.actions MEDIUM" "additional-order-filters-for-woocommerce 1.22 Reflected.Cross-Site.Scripting MEDIUM" "additional-order-filters-for-woocommerce 1.12 Reflected.XSS HIGH" "auction-nudge 7.2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "altima-lookbook-free-for-woocommerce No.known.fix Refletced.Cross-Site.Scripting MEDIUM" "adsense-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsense-plugin 1.44 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "api-key-for-google-maps 1.2.2 Arbitrary.API.Key.Update.via.CSRF MEDIUM" "alphabetic-pagination 3.0.8 Unauthenticated.Arbitrary.Option.Update CRITICAL" "adbuddy-adblocker-detection No.known.fix Admin+.Stored.XSS LOW" "addify-product-labels-and-stickers 1.1.0 Multiple.CSRF MEDIUM" "acf-to-rest-api 3.3.0 Unauthenticated.Arbitrary.wp_options.Disclosure MEDIUM" "apppresser 4.4.7 Unauthenticated.Privilege.Escalation.via.Password.Reset CRITICAL" "apppresser 4.4.5 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "apppresser 4.4.0 Improper.Missing.Encryption.Exception.Handling.to.Authentication.Bypass HIGH" "apppresser 4.3.1 Missing.Authorization MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.force_logging_off() MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.toggle_logging_callback() MEDIUM" "apppresser 4.3.0 Insecure.Password.Reset.Mechanism HIGH" "adwork-media-ez-content-locker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-extended 0.8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "acf-extended 0.8.8.7 Admin+.SQL.Injection MEDIUM" "abbs-bing-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ari-fancy-lightbox 1.3.18 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ari-fancy-lightbox 1.3.9 Reflected.Cross-Site.Scripting MEDIUM" "adaptive-images 0.6.69 Reflected.Cross-Site.Scripting MEDIUM" "adaptive-images 0.6.67 Local.File.Inclusion.&.Deletion HIGH" "about-rentals No.known.fix Unauthenticated.Actions HIGH" "adapta-rgpd 1.3.3 Unauthorised.Consent.via.CSRF MEDIUM" "advanced-ajax-page-loader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "advanced-ajax-page-loader 2.7.7 Unauthenticated.Uploaded.File.Disclosure MEDIUM" "auth0 4.6.1 Reflected.Cross-Site.Scripting.via.wle MEDIUM" "auth0 4.0.0 Multiple.Vulnerabilities CRITICAL" "auth0 3.11.3 Unauthenticated.Reflected.XSS.via.wle.Parameter MEDIUM" "acl-floating-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "avalex 3.0.9 Missing.Authorization MEDIUM" "avalex 3.0.4 Admin+.Stored.XSS LOW" "aspose-doc-exporter No.known.fix Missing.Authorization MEDIUM" "aspose-doc-exporter 2.0 Unauthenticated.Arbitrary.File.Download HIGH" "admin-site-enhancements 7.6.3 Missing.Authorization LOW" "admin-site-enhancements 7.5.2 Authenticated.Stored.Cross-Site.Scripting.via.SVG MEDIUM" "admin-site-enhancements 5.8.0 Password.Protection.Mode.Security.Feature.Bypass HIGH" "airpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "airpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-ads 1.52.2 Authenticated.(Admin+).PHP.Object.Injection HIGH" "advanced-ads 1.52.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Ad.Widget MEDIUM" "advanced-ads 1.32.0 Admin+.Stored.XSS MEDIUM" "advanced-ads 1.17.4 Reflected.XSS.via.Admin.Dashboard MEDIUM" "autopilot 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "aoi-tori No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ahmeti-wp-timeline No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "adstxt No.known.fix Settings.Update.via.CSRF MEDIUM" "ai-content-generator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ai-post-generator No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Post/Page.Deletion MEDIUM" "ai-post-generator 3.4 Subscriber+.Posts.Read/Creation/Deletion MEDIUM" "advanced-exchange-rates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-exchange-rates No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-filter-posts 3.4.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ajax-filter-posts No.known.fix Missing.Authorization.to.Unauthenticated.Local.PHP.File.Inclusion CRITICAL" "ajax-filter-posts 3.4.11 Reflected.Cross-Site.Scripting MEDIUM" "ajax-filter-posts 3.4.12 Contributor+.Stored.XSS MEDIUM" "ajax-filter-posts 3.4.8 Missing.Authorization MEDIUM" "acf-vc-integrator 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "ars-affiliate-page 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "ak-menu-icons-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accessibility-widget 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "automation-web-platform 3.0.18 Unauthenticated.Privilege.Escalation CRITICAL" "astra-addon 4.3.2 Authenticated(Contributor+).Remote.Code.Execution.via.Metabox HIGH" "astra-addon 3.5.2 Unauthenticated.SQL.Injection HIGH" "bdthemes-element-pack 7.9.1 Addon.for.Elementor.Page.Builder.WordPress.Plugin.<.7.9.1.-.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Wrapper.Link.URL MEDIUM" "bdthemes-element-pack No.known.fix Authenticated.(Contributor+).Arbitrary.File.Read.and.PHAR.Deserialization CRITICAL" "boldgrid-easy-seo 1.6.15 Information.Exposure MEDIUM" "boldgrid-easy-seo 1.6.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Meta.Description MEDIUM" "business-profile 2.1.7 Subscriber+.Page.Creation.&.Settings.Update.to.Stored.XSS MEDIUM" "bulk-change No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "build-app-online No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "build-app-online No.known.fix Cross-Site.Request.Forgery MEDIUM" "build-app-online 1.0.22 Unauthenticated.Account.Takeover.via.Weak.Password.Reset.Mechanism CRITICAL" "build-app-online 1.0.21 Subscriber+.Privilege.Escalation HIGH" "build-app-online 1.0.19 Unauthenticated.SQL.Injection HIGH" "bws-latest-posts 0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "b-testimonial 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bstone-demo-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "be-popia-compliant 1.1.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.7.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Unauthenticated.Information.Exposure MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Unauthenticated.Privilege.Escalation CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.Arbitrary.File.Upload.via.uploadFile CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.SQL.Injection.via.userToken CRITICAL" "boat-rental-system No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "blossomthemes-email-newsletter 2.2.7 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blossomthemes-email-newsletter 2.2.5 Missing.Authorization MEDIUM" "buffer-my-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buffer-my-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttons-shortcode-and-widget No.known.fix Stored.XSS.via.shortcode MEDIUM" "buttons-shortcode-and-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "back-to-the-top-button 2.1.7 Admin+.Stored.XSS LOW" "bitcoin-lightning-publisher 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "bbp-style-pack 5.6.8 Contributor+.Stored.XSS MEDIUM" "bbp-style-pack 5.5.6 Reflected.XSS HIGH" "bp-greeting-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-search-replace 1.4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "better-search-replace 1.4.1 Admin+.SQLi MEDIUM" "blogpost-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "backwpup 4.0.2 Admin+.Directory.Traversal MEDIUM" "backwpup 4.0.4 Unauthenticated.Backup.Download HIGH" "backwpup 4.0.2 Authenticated.(Administrator+).Directory.Traversal HIGH" "backwpup 3.4.2 Backup.File.Download HIGH" "bing-site-verification-using-meta-tag No.known.fix Admin+.Stored.XSS LOW" "book-buyback-prices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-buyback-prices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bmi-adultkid-calculator 1.2.2 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "blaze-online-eparcel-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blogsafe-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blogsafe-scanner 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-add-to-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "blur-text 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "barclaycart No.known.fix Unauthenticated.Shell.Upload CRITICAL" "blobinator 2.3 Unauthorised.AJAX.call.via.CSRF MEDIUM" "brands-for-woocommerce 3.8.2.3 Missing.Authorization.to.Unauthenticated.Order.Manipulation.and.Information.Retrieval MEDIUM" "brands-for-woocommerce 3.8.2.3 Cross-Site.Request.Forgery MEDIUM" "brands-for-woocommerce 3.8.2 Contributor+.Stored.XSS MEDIUM" "bws-featured-posts 1.0.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "best-woocommerce-feed 7.3.16 Authenticated.(Admin+).Directory.Traversal LOW" "best-woocommerce-feed 3.0 Reflected.Cross-Site.Scripting MEDIUM" "best-woocommerce-feed 2.2.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "booking-calendar-contact-form 1.2.56 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "booking-calendar-contact-form 1.2.41 Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "booking-calendar-contact-form 1.0.24 XSS.&.SQL.Injection CRITICAL" "booking-calendar-contact-form 1.0.3 Multiple.Authenticated.Vulnerabilities MEDIUM" "bmi-bmr-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbp-core 1.2.6 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "bulk-attachment-download 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "bulk-attachment-download 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buying-buddy-idx-crm No.known.fix PHP.Object.Injection.via.CSRF HIGH" "bitformpro No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update HIGH" "bitformpro No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "bitformpro No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bitformpro No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "bigcontact No.known.fix Cross-Site.Request.Forgery MEDIUM" "bertha-ai-free 1.11.10.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "bsd-woo-stripe-connect-split-pay 3.2.10 Reflected.Cross-Site.Scripting MEDIUM" "bsd-woo-stripe-connect-split-pay 3.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booking-manager 2.1.6 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "booking-manager 2.0.29 Subscriber+.SSRF MEDIUM" "brand-my-footer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bne-gallery-extended 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.gallery.Shortcode MEDIUM" "breadcrumb-simple No.known.fix Admin+.Stored.XSS LOW" "buddyforms-anonymous-author 1.1 Reflected.Cross-Site.Scripting MEDIUM" "board-election No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "backup-by-supsystic No.known.fix Authenticated.Arbitrary.File.Download.and.Deletion CRITICAL" "bigcommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "backupwordpress 3.14 Admin+.Directory.Traversal LOW" "backupwordpress 3.13 Subscriber+.Backup.Disclosure MEDIUM" "bwl-advanced-faq-manager 2.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "business-hours-indicator 2.3.5 Admin+.Stored.Cross-Site.Scripting LOW" "block-options 1.40.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-options 1.40.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "block-options 1.17 Reflected.Cross-Site.Scripting MEDIUM" "block-options 1.31.6 Contributor+.Arbitrary.PHP.Code.Execution CRITICAL" "beaver-builder-lite-version 2.8.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.3 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Widget MEDIUM" "beaver-builder-lite-version 2.8.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3.7 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Group.Module MEDIUM" "beaver-builder-lite-version 2.8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.type.Parameter MEDIUM" "beaver-builder-lite-version 2.8.3.4 Reflected.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.1.3 Contributor+.Stored.Cross-Site.Scripting.via.photo.widget.crop.attribute MEDIUM" "beaver-builder-lite-version 2.8.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.0.7 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.5 Contributor+.Stored.Cross-Site.Scripting.via.heading.tag MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS.via.Icon.Widget MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Reflected.XSS HIGH" "beaver-builder-lite-version 2.7.2.1 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption.On.Hover MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Text.Editor MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Image.URL MEDIUM" "beaver-builder-lite-version 2.5.4.4 Subscriber+.Arbitrary.Post.Builder.Layout.Disabling MEDIUM" "backlink-monitoring-manager No.known.fix Reflected.XSS HIGH" "brizy-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bellows-accordion-menu 1.4.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "banner-system No.known.fix Missing.Authorization MEDIUM" "banner-system No.known.fix Privilege.Escalation HIGH" "banner-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blox-page-builder No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "business-manager 1.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "booking-system-trafft 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bakkbone-florist-companion 7.3.0 Reflected.Cross-Site.Scripting MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "bebetter-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betteroptin No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "bbp-voting 2.1.11.1 Admin+.Stored.XSS LOW" "better-wp-login-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bestbooks No.known.fix Unauthenticated.SQLi HIGH" "bubble-menu 4.0.3 Cross-Site.Request.Forgery MEDIUM" "bubble-menu 3.0.5 Admin+.Stored.XSS LOW" "bubble-menu 3.0.4 Reflected.XSS MEDIUM" "bubble-menu 3.0.2 Circle.Floating.Menu.<.3.0.2.-.Form.Deletion.via.CSRF MEDIUM" "bulk-datetime-change 1.12 Missing.Authorisation MEDIUM" "banner-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "biltorvet-dealer-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "business No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bemax-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress-sticky-post 1.9.9 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "button 1.1.28 Contributor+.PHP.Object.Injection.in.button_shortcode MEDIUM" "button 1.1.24 Admin+.Stored.XSS LOW" "before-after-image-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bamboo-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "baw-login-logout-menu No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "bulk-edit-events 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-events 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "browser-and-operating-system-finder No.known.fix Unauthenticated.Settings.Reset MEDIUM" "browser-and-operating-system-finder No.known.fix Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "benchmark-email-lite 4.2 Cross-Site.Request.Forgery.via.page_settings() MEDIUM" "blog-designer-for-post-and-widget 2.4.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bold-pagos-en-linea 3.1.5 Reflected.Cross-Site.Scripting HIGH" "blackhole-bad-bots 3.3.2 Arbitrary.IP.Address.Blocking.via.IP.Spoofing HIGH" "bitly-linker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "beam-me-up-scotty 1.0.22 Reflected.Cross-Site.Scripting MEDIUM" "blockington No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.28 Contributor+.Stored.XSS.via.beds24-link.Shortcode MEDIUM" "beds24-online-booking 2.0.26 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.24 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.25 Contributor+.Stored.XSS MEDIUM" "buddypress-docs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-docs 1.9.3 Authenticated.Lack.of.Authorisation MEDIUM" "business-directory-plugin 6.4.4 Authenticated.(Author+).CSV.Injection HIGH" "business-directory-plugin 6.4.3 Unauthenticated.SQL.Injection.via.listingfields.Parameter CRITICAL" "business-directory-plugin 6.3.10 Contributor+.Arbitrary.Listing.Deletion LOW" "business-directory-plugin 6.3.11 Cross-Site.Request.Forgery MEDIUM" "business-directory-plugin 5.11.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Payment.History.Update MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Listing.Export HIGH" "business-directory-plugin 5.11.1 Arbitrary.Add/Edit/Delete.Form.Field.to.Stored.XSS HIGH" "business-directory-plugin 5.11 Arbitrary.File.Upload.to.RCE HIGH" "business-directory-plugin 5.11.1 Authenticated.PHP4.Upload.to.RCE MEDIUM" "bws-smtp 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bible-text No.known.fix Contributor+.Stored.XSS MEDIUM" "bitcoin-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booster-extension No.known.fix Basic.Information.Exposure.via.booster_extension_authorbox_shortcode_display MEDIUM" "blocksy-companion 2.0.43 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blocksy-companion 2.0.46 Contributor+.Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "blocksy-companion 2.0.29 Cross-Site.Request.Forgery MEDIUM" "blocksy-companion 2.0.32 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.47 Reflected.Cross-Site.Scripting MEDIUM" "blocksy-companion 1.8.82 Subscriber+.Draft.Post.Access MEDIUM" "blocksy-companion 1.8.68 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-block-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-weir No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-weir 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "buddypress-global-search No.known.fix Admin+.Stored.XSS LOW" "blog-posts-and-category-for-elementor 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.and.Category.Filter.Widget MEDIUM" "blockart-blocks 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "banner-cycler No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "bdthemes-element-pack-lite 5.10.15 Addons.for.Elementor.<.5.10.15.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.13 Missing.Authorization MEDIUM" "bdthemes-element-pack-lite 5.10.6 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Lightbox.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+.Stored.Cross-Site.Scripting.via.Open.Map.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Gallery.and.Countdown.Widgets MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "bdthemes-element-pack-lite 5.7.7 Contributor+.Stored.XSS.via.title_tag MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS.via.onclick.events MEDIUM" "bdthemes-element-pack-lite 5.6.2 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.4 Form.Submission.Admin.Email.Bypass MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Panel.Slider.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Price.List.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.0 Sensitive.Information.Exposure.via..element_pack_ajax_search MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS.via.Trailer.Box.Widget MEDIUM" "bdthemes-element-pack-lite 5.3.3 Contributor+.Stored.XSS.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.5.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.4.12 Missing.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-element-pack-lite 5.2.1 Reflected.Cross-Site.Scripting MEDIUM" "better-follow-button-for-jetpack No.known.fix Admin+.Stored.XSS LOW" "bible-embed No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "breadcrumbs-by-menu 1.0.3 Multiple.Issues HIGH" "bp-member-type-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.1 Block.for.Font.Awesome.<.1,4,1.-Settings.Update.via.CSRF MEDIUM" "beek-widget-extention No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "blocks No.known.fix Admin+.Stored.XSS LOW" "bws-google-maps 1.3.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bws-popular-posts 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "buddyforms 2.8.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.13 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.12 Authenticated.(Contributor+).Privilege.Escalation HIGH" "buddyforms 2.8.10 Email.Verification.Bypass.due.to.Insufficient.Randomness MEDIUM" "buddyforms 2.8.9 Unauthenticated.Arbitrary.File.Read.and.Server-Side.Request.Forgery CRITICAL" "buddyforms 2.8.6 Reflected.Cross-Site.Scripting.via.page MEDIUM" "buddyforms 2.8.8 Missing.Authorization MEDIUM" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Upload HIGH" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Deletion HIGH" "buddyforms 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.2 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.7.8 Unauthenticated.PHAR.Deserialization HIGH" "buddyforms 2.7.6 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms 2.3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "buddyforms 2.2.8 SQL.Injection CRITICAL" "bulk-edit-post-titles No.known.fix Missing.Authorization.via.bulkUpdatePostTitles MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization MEDIUM" "best-restaurant-menu-by-pricelisto 1.4.3 Missing.Authorization MEDIUM" "best-restaurant-menu-by-pricelisto 1.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "best-restaurant-menu-by-pricelisto 1.4.0 Settings.Update.via.CSRF MEDIUM" "bg-biblie-references No.known.fix Reflected.XSS HIGH" "breakdance 2.0.0 Missing.Authorization MEDIUM" "breakdance 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breakdance 1.7.2 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "breakdance 1.7.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.custom.postmeta MEDIUM" "blockmeister 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.1.10 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-bp-registration No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "buymeacoffee 3.7 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "buymeacoffee 3.8 Subscriber+.Unauthorized.Data.Modification HIGH" "buymeacoffee 3.8 Cross-Site.Request.Forgery HIGH" "buymeacoffee 3.7 Admin+.Stored.XSS LOW" "bne-testimonials 2.0.8 Contributor+.Stored.XSS MEDIUM" "bc-menu-cart-woo No.known.fix Cross-Site.Request.Forgery MEDIUM" "business-profile-reviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bws-linkedin 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bbp-toolkit No.known.fix Reflected.XSS HIGH" "bbp-toolkit No.known.fix Cross-Site.Request.Forgery MEDIUM" "bulk-me-now No.known.fix Reflected.XSS HIGH" "bulk-me-now No.known.fix Message.Deletion.via.CSRF MEDIUM" "bulk-me-now No.known.fix Stored.XSS.via.Shortcode HIGH" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Export MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Order.Deletion MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Import MEDIUM" "bws-google-analytics 1.7.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bulgarisation-for-woocommerce 3.0.15 Cross-Site.Request.Forgery HIGH" "bulgarisation-for-woocommerce 3.0.15 Missing.Authorization HIGH" "blockonomics-bitcoin-payments 3.5.8 Reflected.Cross-Site.Scripting HIGH" "blockonomics-bitcoin-payments 3.3 Blockonomics.<.3.3.-.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "bookmarkify No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "blockypage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockypage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulk-page-creator 1.1.4 Arbitrary.Page.Creation.via.CSRF MEDIUM" "buddypress-giphy 1.5.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bigmart-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "board-document-manager-from-chuhpl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "business-card-by-esterox-100 No.known.fix Admin+.File.Upload MEDIUM" "business-card-by-esterox-100 No.known.fix Card.Edit.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Arbitrary.Card.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Edit.via.CSRF MEDIUM" "boldgrid-backup 1.16.7 Authenticated.(Administrator+).Remote.Code.Execution.via.Backup.Settings HIGH" "boldgrid-backup 1.15.9 Improper.Authorization.to.Unauthenticated.Arbitrary.File.Download HIGH" "boldgrid-backup 1.14.14 Subscriber+.Backup.Disclosure MEDIUM" "boldgrid-backup 1.14.10 Sensitive.Data.Disclosure.(Server.IP.Address,.UID.etc) MEDIUM" "boldgrid-backup 1.14.10 Unauthenticated.Backup.Download HIGH" "bizapp-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-search-tmc No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "better-captcha-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-captcha-gravity-forms 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bluetrait-event-viewer No.known.fix Settings.Update.via.CSRF MEDIUM" "breeze 2.1.15 Missing.Authorization MEDIUM" "breeze 2.1.15 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "breeze 2.1.4 Admin+.Stored.XSS LOW" "breeze 2.0.3 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "bsk-contact-form-7-blacklist No.known.fix Reflected.Cross-Site.Scripting HIGH" "books-papers No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "booqable-rental-reservations 2.4.16 Admin+.Stored.XSS LOW" "bet-wc-2018-russia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-create-group-type No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bit-assist 1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bit-assist 1.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "booking 10.9.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'booking'.Shortcode MEDIUM" "booking 10.6.5 Admin+.Stored.XSS LOW" "booking 10.6.3 Admin+.Stored.XSS LOW" "booking 10.6.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "booking 10.5.1 Reflected.Cross-Site.Scripting MEDIUM" "booking 10.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bookingform.Shortcode MEDIUM" "booking 9.9.1 Unauthenticated.SQL.Injection CRITICAL" "booking 9.7.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "booking 9.7.3.1 Unauthenticated.Stored.XSS HIGH" "booking 9.2.2 Arbitrary.Translation.Update.via.CSRF MEDIUM" "booking 9.1.1 PHP.Object.Injection HIGH" "booking 8.9.2 Reflected.Cross-Site.Scripting HIGH" "booking 8.4.5.15 SQL.Injection HIGH" "beacon-for-helpscout No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Updates MEDIUM" "booking-ultra-pro 1.1.14 Unauthenticated.Local.File.Inclusion CRITICAL" "booking-ultra-pro 1.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.13 Authenticated.(Contributor+).Privilege.Escalation HIGH" "booking-ultra-pro 1.1.7 Cross-Site.Request.Forgery MEDIUM" "booking-ultra-pro 1.1.7 Subscriber+.Settings.Update MEDIUM" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.7 Multiple.CSRF MEDIUM" "booking-ultra-pro 1.1.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "buddymeet 2.3.0 Contributor+.Stored.XSS MEDIUM" "bulk-delete-users-by-email No.known.fix User.Deletion.via.CSRF HIGH" "bulk-delete-users-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "beaf-before-and-after-gallery 4.5.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "basepress-migration-tools No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "booking-calendar-pro 11.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "blrt-wp-embed No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "blue-admin No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "bricksable 1.6.60 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "best-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "bradmax-player 1.1.28 Contributor+.Stored.XSS MEDIUM" "bulk-edit-categories-tags 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-categories-tags 1.5.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).SQL.Injection.via.tab.Parameter MEDIUM" "bp-profile-shortcodes-extra 2.5.3 Contributor+.Stored.XSS MEDIUM" "blog-manager-light No.known.fix Settings.Update.via.CSRF MEDIUM" "bannerlid No.known.fix Reflected.XSS HIGH" "bug-library 2.1.5 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bug-library 2.1.2 Admin+.Stored.XSS LOW" "bug-library 2.1.1 Unauthenticated.RCE CRITICAL" "bug-library 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "babelz No.known.fix CSRF.to.Stored.XSS HIGH" "bsuite No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "betterlinks 2.1.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "betterlinks 1.6.1 Improper.Authorization.to.Data.Import.and.Export MEDIUM" "betterlinks 1.2.6 Admin+.Stored.Cross-Site.Scripting LOW" "bitcoin-faucet No.known.fix Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "block-slider 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "block-slider 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bloglentor-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "badgeos No.known.fix Missing.Authorization MEDIUM" "badgeos No.known.fix Subscriber+.IDOR MEDIUM" "badgeos No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "badgeos No.known.fix Missing.Authorization.in.delete_badgeos_log_entries MEDIUM" "badgeos No.known.fix CSRF MEDIUM" "badgeos 3.7.1.3 Subscriber+.SQLi HIGH" "badgeos 3.7.1 Unauthenticated.SQLi HIGH" "banner-management-for-woocommerce 2.4.3 Shop.Banner.Settings.Update.via.CSRF MEDIUM" "banner-management-for-woocommerce 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "banner-management-for-woocommerce 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "banner-management-for-woocommerce 1.1.1 Unauthenticated.Settings.Change MEDIUM" "bulk-image-alt-text-with-yoast 1.4.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bsi-hotel-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "bulk-image-title-attribute 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bamazoo-button-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dgs.Shortcode MEDIUM" "background-animation-blocks No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "better-search 3.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "better-search 2.5.3 Cross-Site.Request.Forgery MEDIUM" "better-search 2.5.3 CSRF.Nonce.Bypass.in.Import/Export MEDIUM" "better-search 2.2.3 Unauthenticated.SQL.Injection CRITICAL" "better-search 1.3.5 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "better-search 1.3 admin.inc.php.Setting.Manipulation.CSRF MEDIUM" "bookshelf No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "bdthemes-prime-slider-lite 3.16.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.15.19 Addons.For.Elementor.(Revolution.of.a.slider,.Hero.Slider,.Ecommerce.Slider.<.3.15.19.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Blog.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pacific.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.2 Contributor+.Stored.XSS.via.Pagepiling.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.14.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Mercury.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Rubix.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fiestar.Widget MEDIUM" "bdthemes-prime-slider-lite 3.11.11 Incorrect.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-prime-slider-lite 3.8.3 Reflected.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 2.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ba-plus-before-after-image-slider-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "block-specific-plugin-updates 3.3.2 Arbitrary.Plugin.Update.Blocking.via.CSRF MEDIUM" "backuply 1.3.5 Authenticated.(Admin+).SQL.Injection CRITICAL" "backuply 1.2.8 Admin+.Directory.Traversal MEDIUM" "backuply 1.2.6 Backup,.Restore,.Migrate.and.Clone.<.1.2.6.-..Unauthenticated.Denial.of.Service HIGH" "backuply 1.2.4 Admin+.Directory.Traversal MEDIUM" "booking-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-for-woocommerce 4.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Deletion MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Update MEDIUM" "bbs-e-popup No.known.fix Reflected.XSS HIGH" "basepress 2.16.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Database.Update MEDIUM" "basepress 2.16.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "basepress 2.16.2.1 Missing.Authorization MEDIUM" "basepress 2.15.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbpress 2.6.5 Authenticated.Privilege.Escalation.via.the.Super.Moderator.feature HIGH" "bbpress 2.6.5 Unauthenticated.Privilege.Escalation.when.New.User.Registration.enabled CRITICAL" "bbpress 2.6.5 Authenticated.Stored.Cross-Site.Scripting.via.the.forums.list.table MEDIUM" "bbpress 2.6.0 Subscriber+.Stored.Cross-Site.Scripting.via.Post.Slug MEDIUM" "bbresolutions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbresolutions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddypress 14.2.1 Authenticated.(Subscriber+).Directory.Traversal HIGH" "buddypress 12.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 12.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 11.3.2 Contributor+.Stored.XSS MEDIUM" "buddypress 9.1.1 Activation.Key.Disclosure MEDIUM" "buddypress 9.1.1 SQL.Injections HIGH" "buddypress 7.3.0 Multiple.Authenticated.REST.API.Vulnerabilities MEDIUM" "buddypress 7.2.1 .Force.a.Friendship MEDIUM" "buddypress 7.2.1 Manage.BuddyPress.Member.Types MEDIUM" "buddypress 7.2.1 REST.API.Privilege.Escalation HIGH" "buddypress 7.2.1 Read.Private.Messages MEDIUM" "buddypress 7.2.1 Invite.Member.to.Join.Group MEDIUM" "buddypress 6.4.0 Lack.of.Capability.Check.on.Profile.Page MEDIUM" "buddypress 5.1.2 Private.Data.Exposure.via.REST.API HIGH" "buddypress 5.1.1 Denial.of.Service MEDIUM" "bng-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bng-gateway-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bng-gateway-for-woocommerce No.known.fix CSRF.Bypass MEDIUM" "b-slider 1.1.24 Gutenberg.Slider.Block.for.WP.<.1.1.24.-.Authenticated.(Contributor+).Private.Post.Disclosure.via.bsb-slider.Shortcode MEDIUM" "b-slider 1.1.13 Slider.for.your.block.editor.<.1.1.13.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "boot-modal 1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "book-appointment-online 1.39 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "base64-encoderdecoder No.known.fix Stored.XSS.via.CSRF HIGH" "base64-encoderdecoder No.known.fix Reflected.XSS HIGH" "base64-encoderdecoder No.known.fix Settings.Reset.via.CSRF MEDIUM" "booster-elite-for-woocommerce 7.1.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "booster-elite-for-woocommerce 7.1.2 .Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-elite-for-woocommerce 7.1.3 Subscriber+.Content.Injection MEDIUM" "booster-elite-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-elite-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-elite-for-woocommerce 1.1.8 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-elite-for-woocommerce 1.1.7 Checkout.Files.Deletion.via.CSRF LOW" "booster-elite-for-woocommerce 1.1.7 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-elite-for-woocommerce 1.1.3 Subscriber+.Order.Status.Update MEDIUM" "bricksbuilder 1.9.9 Insecure.Direct.Object.Reference MEDIUM" "buddypress-members-only 3.4.9 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "bread-butter 7.5.880 Contributor+.Stored.XSS MEDIUM" "bannerman No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "brute-force-login-protection No.known.fix Arbitrary.IP.Removal/Add.via.CSRF MEDIUM" "bookingcom-product-helper 1.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "brave-popup-builder 0.7.1 Cross-Site.Request.Forgery MEDIUM" "brave-popup-builder 0.7.0 Admin+.Stored.XSS LOW" "brave-popup-builder 0.6.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "brave-popup-builder 0.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "booking-package 1.6.29 Unauthenticated.Price.Manipulation MEDIUM" "booking-package 1.6.02 Reflected.XSS HIGH" "booking-package 1.5.29 Unauthenticated.Sensitive.Data.Disclosure HIGH" "booking-package 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator 1.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "before-and-after No.known.fix Cross-Site.Request.Forgery MEDIUM" "bamboo-enquiries No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "back-link-tracker No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "baidu-tongji-generator No.known.fix Admin+.Stored.XSS LOW" "better-click-to-tweet 5.10.4 Settings.Update.via.CSRF MEDIUM" "bmlt-tabbed-map 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bcs-bertline-book-importer 1.5.8 Unauthenticated.Product.Import HIGH" "bwp-google-xml-sitemaps No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "blogmentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagination_style.Parameter MEDIUM" "bg-patriarchia-bu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "borderless No.known.fix Authenticated.(Administrator+).Remote.Code.Execution HIGH" "borderless No.known.fix Missing.Authorization.to.Icon.Font.Deletion MEDIUM" "borderless 1.5.9 Editor+.Stored.XSS MEDIUM" "borderless 1.5.4 Widgets,.Elements,.Templates.and.Toolkit.for.Elementor.&.Gutenberg.<.1.5.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "borderless 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless 1.4.9 Admin+.Stored.XSS LOW" "bulk-editor 1.0.8.4 Authenticated.(Editor+).CSV.Path.Traversal LOW" "bulk-editor 1.0.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bulk-editor 1.0.8.2 Missing.Authorization MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery MEDIUM" "bulk-editor 1.0.8.1 Unauthenticated.Stored.Cross-Site.Scripting.via.profile_title MEDIUM" "bulk-editor 1.0.7.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bulk-editor 1.0.7.2 Admin+.Stored.XSS LOW" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7 Subscriber+.Stored.XSS HIGH" "be-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "button-generation 3.1.2 Cross-Site.Request.Forgery MEDIUM" "button-generation 3.0 Button.Deletion.via.CSRF MEDIUM" "button-generation 2.3.9 Button.Counter.Reset.via.CSRF MEDIUM" "button-generation 2.3.9 Unauthenticated.Button.Counter.Reset MEDIUM" "button-generation 2.3.6 Cross-Site.Request.Forgery MEDIUM" "button-generation 2.3.5 Reflected.XSS MEDIUM" "button-generation 2.3.4 easily.Button.Builder.<.2.3.4.-.Admin+.Stored.XSS LOW" "button-generation 2.3.3 RFI.leading.to.RCE.via.CSRF HIGH" "buddyboss-platform 2.6.0 Insecure.Direct.Object.Reference.on.Like.Comment MEDIUM" "buddyboss-platform 2.7.60 Private.Comment.Exposure.via.IDOR MEDIUM" "buddyboss-platform 1.7.9 Subscriber+.SQL.Injection MEDIUM" "better-font-awesome 2.0.4 Contributor+.Stored.XSS MEDIUM" "better-font-awesome 2.0.2 Settings.Update.via.CSRF MEDIUM" "blog2social 7.5.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "blog2social 7.4.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "blog2social 7.5.0 Information.Exposure MEDIUM" "blog2social 7.2.1 Reflected.XSS HIGH" "blog2social 6.9.12 Subscriber+.Settings.Update MEDIUM" "blog2social 6.9.10 Subscriber+.SSRF MEDIUM" "blog2social 6.9.10 Subscriber+.SQLi HIGH" "blog2social 6.8.7 Reflected.Cross-Site.Scripting HIGH" "blog2social 6.3.1 Authenticated.SQL.Injection CRITICAL" "blog2social 5.9.0 Cross-Site.Scripting.Issue MEDIUM" "blog2social 5.6.0 SQL.Injection CRITICAL" "blog2social 5.0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bpcustomerio No.known.fix Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "bulk-comment-remove No.known.fix Cross-Site.Request.Forgery.via.brc_admin() MEDIUM" "bnfw 1.7 Reflected.Cross-Site.Scripting MEDIUM" "bnfw 1.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bnfw 1.8.7 Email.Address.Disclosure MEDIUM" "blocks-post-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-profile-search 5.8 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "bp-profile-search 5.6 Reflected.Cross-Site.Scripting.via.BPS_FORM MEDIUM" "book-press 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "book-press 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brodos-net-onlineshop No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-wc-vendors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-wc-vendors No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "backend-designer 1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bp-cover No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "bookingpress-appointment-booking 1.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingpress-appointment-booking 1.1.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.23 Unauthenticated.Export.File.Download MEDIUM" "bookingpress-appointment-booking 1.1.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.8 1.1.7.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "bookingpress-appointment-booking 1.1.6 Authenticated.(Subscriber+).Arbitrary.File.Read.to.Arbitrary.File.Creation HIGH" "bookingpress-appointment-booking 1.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update.and.Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.83 Missing.Authorization.to.Appointment.Time.Alteration MEDIUM" "bookingpress-appointment-booking 1.0.82 Authenticated.(Customer+).Insecure.Direct.Object.Reference MEDIUM" "bookingpress-appointment-booking 1.0.88 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.75 Unauthenticated.Booking.Price.Manipulation HIGH" "bookingpress-appointment-booking 1.0.73 Authenticated.(Contributor+).SQL.Injection HIGH" "bookingpress-appointment-booking 1.0.77 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.31 Unauthenticated.IDOR.in.appointment_id HIGH" "bookingpress-appointment-booking 1.0.11 Unauthenticated.SQL.Injection HIGH" "bverse-convert No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brutebank 1.9 WP.Security.&.Firewall.<.1.9.-.Settings.Update.via.CSRF MEDIUM" "bb-ultimate-addon 1.35.15 Contributor+.Privilege.Escalation HIGH" "bb-ultimate-addon 1.35.14 Contributor+.Arbitrary.File.Download MEDIUM" "bonway-static-block-editor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "broken-link-finder 2.5.1 Authenticated.(Author+).Blind.Server-Side.Request.Forgery MEDIUM" "broken-link-finder 2.5.0 Missing.Authorization.via.moblc_auth_save_settings MEDIUM" "booking-calendar 3.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "booking-calendar 3.2.20 Authenticated.(Contributor+).SQL.Injection MEDIUM" "booking-calendar 3.2.16 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "booking-calendar 3.2.12 Admin+.SQLi MEDIUM" "booking-calendar 3.2.9 Multiple.Authenticated(Editor+).SQL.Injection HIGH" "booking-calendar 3.2.8 Admin+.SQLi MEDIUM" "booking-calendar 3.2.4 Editor+.Stored.XSS LOW" "booking-calendar 3.2.4 Form.Creation/Update/Deletion/Duplication.via.CSRF MEDIUM" "booking-calendar 3.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "booking-calendar 2.2.3 Parameters.Tampering.Allowing.Arbitrary.Prices.Change HIGH" "booking-calendar 2.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "bp-toolkit 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "bp-toolkit 3.3.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-review 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "block-controller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blizzard-quotes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bootstrap-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-hashtags 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bp-social-connect 1.6.2 Authentication.Bypass CRITICAL" "builder-style-manager 0.7.7 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "bws-testimonials 0.1.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "boom-fest 2.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "blog-filter 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "better-author-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "baw-post-views-count No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "bit-form 2.17.5 Authenticated.(Administrator+).Server-Side.Request.Forgery LOW" "bit-form 2.17.4 Missing.Authorization.to.Authenticated.(Subscriber+).Form.Submission.Disclosure MEDIUM" "bit-form 2.15.3 Admin+.Arbitrary.File.Read LOW" "bit-form 2.13.12 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bit-form 2.13.11 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.13.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection.via.getLogHistory.Function HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.JavaScript.File.Uploads MEDIUM" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.File.Read.And.Deletion CRITICAL" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection HIGH" "bit-form 2.13.5 2.13.4.-.Authenticater.(Administrator+).Arbitrary.File.Deletion HIGH" "bit-form 2.13.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.10.2 Unauthenticated.Insecure.Direct.Object.Reference.to.Form.Submission.Alteration MEDIUM" "bit-form 2.2.0 Admin+.Stored.XSS LOW" "bit-form 1.9 RCE.via.Unauthenticated.Arbitrary.File.Upload CRITICAL" "backup 2.0.9.9 Directory.Listing.Exposing.Backups HIGH" "backup 1.6.9.1 Admin+.Stored.XSS LOW" "backup 1.6.0 Authenticated.Arbitrary.File.Upload CRITICAL" "backup 1.4.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "backup 1.4.1 Subscriber+.Arbitrary.Backup.Location.Update MEDIUM" "backup 1.4.0 Arbitrary.File.Upload.via.CSRF HIGH" "backup 1.1.47 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "backup 1.0.3 Authenticated.Arbitrary.File.Upload CRITICAL" "bizlibrary No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bizlibrary No.known.fix Admin+.Stored.XSS LOW" "buzzsprout-podcasting 1.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "blocks-bakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blocks-bakery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-woocommerce-form-elements 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "better-messages-wcfm-integration 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blogger-image-import No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "becustom 1.0.5.3 Settings.Update.via.CSRF MEDIUM" "bulk-edit-posts-on-frontend 2.4.27 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-posts-on-frontend 2.4.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "betterdocs 3.3.4 Unauthenticated.PHP.Object.Injection CRITICAL" "betterdocs 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betterdocs 2.5.3 Missing.Authorization.via.AJAX.actions MEDIUM" "betterdocs 1.9.0 Reflected.Cross-Site.Scripting HIGH" "betterdocs 1.9.2 Reflected.Cross-Site.Scripting HIGH" "buddyforms-hierarchical-posts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "bp-activity-plus-reloaded 1.1.2 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "backup-wd No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "blogintroduction-wordpress-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "bmlt-meeting-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bmlt-meeting-map 2.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "better-protected-pages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bitpay-checkout-for-woocommerce 5.0.0 Missing.Authorization MEDIUM" "birthdays-widget No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "backup-database No.known.fix Admin+.Stored.XSS LOW" "b-banner-slider No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "block-styler-for-gravity-forms 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "block-styler-for-gravity-forms 6.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-user-profile-reviews 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buddyforms-remote 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "bwd-elementor-addons 4.3.19 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "breadcrumbs-shortcode 1.45 Reflected.Cross-Site.Scripting MEDIUM" "bard-extra 1.2.8 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "button-block 1.1.6 Missing.Authorization MEDIUM" "button-block No.known.fix Contributor+.Stored.XSS MEDIUM" "button-block 1.1.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "button-block 1.1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "blossom-recipe-maker 1.0.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "backup-scheduler No.known.fix Cross-Site.Request.Forgery MEDIUM" "bloom 1.1.1 Privilege.Escalation HIGH" "brid-video-easy-publish 3.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.brid_override_yt.Shortcode MEDIUM" "brid-video-easy-publish 3.8.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ban-users No.known.fix Subscriber+.Settings.Update.&.Privilege.Escalation.via.Missing.Authorization HIGH" "bulk-role-change No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "britetechs-companion 2.2.8 Injected.Backdoor CRITICAL" "b2bking 4.6.20 Subscriber+.Arbitrary.Products.Price.Update MEDIUM" "blog-designer-pack 3.4.2 Unauthenticated.Remote.Code.Execution.via.Local.File.Inclusion HIGH" "blog-designer-pack 3.4.1 Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pack 3.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "blog-designer-pack 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "byconsole-woo-order-delivery-time 2.4.7 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "byconsole-woo-order-delivery-time 2.4.8 Reflected.XSS HIGH" "bmi-calculator-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-robots-txt 1.4.6 Cross-Site.Request.Forgery MEDIUM" "better-robots-txt 1.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-robots-txt 1.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "better-comments 1.5.6 Admin+.Stored.XSS LOW" "better-comments 1.5.6 Subscriber+.Stored.XSS HIGH" "better-comments 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "better-comments 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-members 1.4.12 Reflected.Cross-Site.Scripting MEDIUM" "back-in-stock-notifier-for-woocommerce 5.3.2 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "buddypress-media 4.6.19 Subscriber+.SQL.Injection HIGH" "buddypress-media 4.6.19 Authenticated.(Contributor+).SQL.Injection.via.rtmedia_gallery.Shortcode HIGH" "buddypress-media 4.6.16 Admin+.RCE MEDIUM" "buddypress-media 4.6.16 Subscriber+.RCE CRITICAL" "buddypress-media 4.6.15 Missing.Authorization.via.export_settings MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Settings.Update MEDIUM" "bridge-core 3.3.1 Missing.Authorization MEDIUM" "bridge-core 3.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "bridge-core 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bridge-core 3.1.0 Reflected.XSS HIGH" "bulk-resize-media No.known.fix CSRF MEDIUM" "broadstreet 1.51.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.zone.Parameter MEDIUM" "bp-better-messages 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bp-better-messages 2.4.33 Missing.Authorization MEDIUM" "bp-better-messages 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bp-better-messages 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "bp-better-messages 1.9.10.71 Subscriber+.Messaging.Block.Bypass MEDIUM" "bp-better-messages 1.9.10.69 Subscriber+.SSRF MEDIUM" "bp-better-messages 1.9.10.58 Subscriber+.Denial.Of.Service MEDIUM" "bp-better-messages 1.9.9.170 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-better-messages 1.9.9.149 File.Upload.via.CSRF LOW" "bp-better-messages 1.9.9.149 Cross-Site.Request.Forgery MEDIUM" "bp-better-messages 1.9.9.41 Reflected.Cross-Site.Scripting HIGH" "bp-better-messages 1.9.9.41 Multiple.CSRF MEDIUM" "burst-statistics 1.5.7 Contributor+.Stored.Cross-Site.Scripting.via.burst_total_pageviews_count MEDIUM" "burst-statistics 1.5.4 Editor+.SQL.Injection HIGH" "burst-statistics 1.5.0 Unauthenticated.SQL.Injection HIGH" "before-and-after-product-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bulletin-announcements 3.12 Reflected.Cross-Site.Scripting HIGH" "bulletin-announcements 3.9.0 Authenticated.(Administrator+).SQL.Injection HIGH" "bulletin-announcements 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "bulletin-announcements 3.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "bulletin-announcements 3.7.1 Cross-Site.Request.Forgery MEDIUM" "bulletin-announcements 3.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyvendor 1.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bws-pinterest 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bp-email-assign-templates 1.6 Reflected.XSS HIGH" "blog-in-blog No.known.fix Editor+.Local.File.Inclusion.via.Shortcode HIGH" "blog-in-blog No.known.fix Editor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "buddypress-check-ins-pro 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "batch-cat No.known.fix Subscriber+.Arbitrary.Categories.Add/Set/Delete.to.Posts MEDIUM" "back-button-widget 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "book-a-place No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "banner-garden No.known.fix Reflected.XSS HIGH" "biometric-login-for-woocommerce 1.0.4 Unauthenticated.Privilege.Escalation CRITICAL" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.XSS HIGH" "beautiful-and-responsive-cookie-consent 2.9.1 Admin+.Stored.XSS LOW" "basic-interactive-world-map 2.7 Admin+.Stored.XSS LOW" "buddydrive 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "brozzme-scroll-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "background-control No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "bu-section-editing No.known.fix Reflected.XSS HIGH" "bu-section-editing No.known.fix Reflected.Cross-Site.Scripting.via.[placeholder] MEDIUM" "bo-wc-customer-review-watson No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buooy-sticky-header No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "broken-link-manager No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "broken-link-manager 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-manager 0.5.0 Unauthenticated.SQL.Injection.&.XSS CRITICAL" "background-takeover 4.1.5 Directory.Traversal HIGH" "bizcalendar-web 1.1.0.26 Reflected.XSS HIGH" "browsing-history No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-themer 1.4.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "beaver-themer 1.4.9.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.shortcode MEDIUM" "beautiful-taxonomy-filters No.known.fix Unauthenticated.SQL.Injection HIGH" "black-widgets 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bukza 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "build-private-store-for-woocommerce 1.1 Missing.Authorization MEDIUM" "build-private-store-for-woocommerce 1.1 Cross-Site.Request.Forgery MEDIUM" "bbspoiler 2.02 Contributor+.Stored.XSS MEDIUM" "broken-link-checker 2.4.2 Admin+.SSRF MEDIUM" "broken-link-checker 2.4.1 Reflected.XSS HIGH" "broken-link-checker 2.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "broken-link-checker 1.11.20 Admin+.Cross-Site.Scripting LOW" "broken-link-checker 1.11.17 Admin+.PHAR.Deserialization MEDIUM" "broken-link-checker 1.11.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-checker 1.10.9 Unauthenticated.Stored.XSS MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Arbitrary.Page/Post.Deletion MEDIUM" "booster-plus-for-woocommerce 7.1.3 Missing.Authorization.to.Arbitrary.Options.Disclosure MEDIUM" "booster-plus-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-plus-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-plus-for-woocommerce 5.6.6 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-plus-for-woocommerce 5.6.5 Checkout.Files.Deletion.via.CSRF LOW" "booster-plus-for-woocommerce 5.6.5 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-plus-for-woocommerce 5.6.1 Subscriber+.Order.Status.Update MEDIUM" "bbpress-notify-nospam 2.18.4 Reflected.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.6 Authenticated.(Editor+).Path.Traversal LOW" "bold-page-builder 5.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.4 Missing.Authorization MEDIUM" "bold-page-builder 5.1.1 -.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_button.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AI.Features MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Separator.Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via."Price.List".Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_price_list.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.URL.Attribute MEDIUM" "bold-page-builder 4.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Link MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Raw.Content MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.URL MEDIUM" "bold-page-builder 4.7.0 Contributor+.Stored.XSS MEDIUM" "bold-page-builder 4.3.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 3.1.6 PHP.Object.Injection MEDIUM" "bold-page-builder 2.3.2 Missing.Access.Controls HIGH" "bacola-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "brickscore No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "booking-and-rental-manager-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "booking-and-rental-manager-for-woocommerce 1.2.2 Admin+.Stored.XSS LOW" "buddypress-activity-plus 1.6.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "buttonizer-multifunctional-button 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "buttonizer-multifunctional-button 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttonizer-multifunctional-button 2.5.5 Smart.Floating.Action.Button.<.2.5.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "better-sharing 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "better-sharing 1.7.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bu-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-activity-social-share 3.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buddyforms-ultimate-member 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "bodi0s-easy-cache 0.9 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bunnycdn 2.0.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "buttons-x No.known.fix Buttons.X.<=.0.8.6.-.Contributor+.Stored.XSS MEDIUM" "baslider No.known.fix Multiple.CSRF MEDIUM" "baslider No.known.fix Arbitrary.Slide.Deletion.via.CSRF MEDIUM" "baslider No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "blaze-widget 2.5.4 Injected.Backdoor CRITICAL" "bulletproof-security 6.1 Admin+.Stored.Cross-Site.Scripting LOW" "bulletproof-security 5.8 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "bulletproof-security 5.2 Sensitive.Information.Disclosure MEDIUM" "bulletproof-security .53.4 Multiple.XSS.Vulnerabilities MEDIUM" "bus-ticket-booking-with-seat-reservation 5.4.4 Cross-Site.Request.Forgery MEDIUM" "bus-ticket-booking-with-seat-reservation 5.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bus-ticket-booking-with-seat-reservation 5.2.6 Unauthenticated.Cross-Site.Scripting HIGH" "bus-ticket-booking-with-seat-reservation 5.2.4 Reflected.XSS HIGH" "bj-lazy-load 1.0 Remote.File.Inclusion.(Timthumb) HIGH" "blogger-301-redirect No.known.fix Unauthenticated.SQL.Injection.via.br HIGH" "bp-user-to-do-list 3.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bank-mellat 2.0.1 Reflected.Cross-Site.Scripting HIGH" "blockons 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "better-rss-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-anchor-links No.known.fix Cross-Site.Request.Forgery.via.admin/options.php MEDIUM" "burst-pro 1.5.1 Unauthenticated.SQL.Injection HIGH" "bus-booking-manager 4.2.3 Administrator+.Stored.XSS LOW" "button-contact-vr 4.7.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "button-contact-vr 4.7.8 Admin+.Stored.XSS LOW" "button-contact-vr 4.7.7 Admin+.Stored.XSS LOW" "bb-bootstrap-cards 1.1.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "bb-bootstrap-cards 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Cards.Widget MEDIUM" "bb-bootstrap-cards 1.1.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.bootstrapcard.link MEDIUM" "billingo 3.4.0 ShopManager+.Stored.XSS MEDIUM" "blog-summary No.known.fix Contributor+.Stored.XSS MEDIUM" "bold-timeline-lite 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-timeline-lite 1.2.0 Missing.Authorization.to.Admin.Notice.Dismissal MEDIUM" "bold-timeline-lite 1.1.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bet-sport-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "broken-link-checker-for-youtube No.known.fix Cross-Site.Request.Forgery.via.plugin_settings_page() MEDIUM" "bigbluebutton No.known.fix Reflected.XSS HIGH" "bigbluebutton 2.2.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "backup-backup 1.4.6.1 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialize_replace' HIGH" "backup-backup 1.4.4 Information.Exposure.via.Log.Files MEDIUM" "backup-backup 1.4.0 Authenticated.(Admin+).OS.Command.Injection.via.url MEDIUM" "backup-backup 1.4.0 1.3.9.-.Remote.File.Inclusion.via.content-dir HIGH" "backup-backup 1.4.0 Unauthenticated.Path.Traversal.to.Arbitrary.File.Deletion HIGH" "backup-backup 1.3.8 Unauthenticated.RCE CRITICAL" "backup-backup 1.3.6 Sensitive.Data.Exposure HIGH" "backup-backup 1.3.7 Unauthenticated.Arbitrary.File.Download.to.Sensitive.Information.Exposure HIGH" "backup-backup 1.3.0 Cross-Site.Request.Forgery MEDIUM" "backup-backup 1.2.8 Plugin.Installation.via.CSRF MEDIUM" "backup-backup 1.2.8 Subscriber+.Plugin.Installation MEDIUM" "backup-backup 1.1.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "better-user-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.25 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.14 Admin+.Stored.Cross-Site.Scripting LOW" "bulk-edit-user-profiles-in-spreadsheet 1.5.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookster 1.2.0 Unauthenticated.Appointment.Status.Update MEDIUM" "bosa-elementor-for-woocommerce 1.0.13 Missing.Authorization MEDIUM" "boostify-header-footer-builder 1.3.7 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "boostify-header-footer-builder 1.3.6 Missing.Authorization.to.Page/Post.Creation MEDIUM" "boostify-header-footer-builder 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.size.Parameter MEDIUM" "bp-activity-filter 2.8.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buddyforms-posts-to-posts-integration 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "bookalet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog-sidebar-widget 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blog-sidebar-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bounce-handler-mailpoet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-check-in 1.9.4 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "breadcrumb 1.5.33 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "branda-white-labeling 3.4.22 Reflected.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.19 Unauthenticated.Full.Path.Disclosure MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "branda-white-labeling 3.4.15 IP.Spoofing MEDIUM" "bsk-gravityforms-blacklist 4.0 SQLi.via.CSRF MEDIUM" "bsk-gravityforms-blacklist 3.9 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.7 Admin+.Stored.Cross-Site.Scripting LOW" "browser-theme-color No.known.fix Cross-Site.Request.Forgery.via.btc_settings_page MEDIUM" "bulkpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bookit 2.4.1 Price.Bypass MEDIUM" "bookit 2.4.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "bookit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "bookit 2.3.8 Authentication.Bypass CRITICAL" "bookit 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookit 2.1.6 Authorised.AJAX.Calls MEDIUM" "booking-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "buddyboss-media No.known.fix Stored.XSS MEDIUM" "blocks-product-editor-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "bonjour-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "basticom-framework 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "bonus-for-woo 5.8.3 Reflected.Cross-Site.Scripting HIGH" "boombox-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-referer-spam 1.1.9.5 Admin+.Stored.XSS LOW" "bp-job-manager 2.6.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "backup-and-restore-for-wp No.known.fix Admin+.Arbitrary.File.Deletion MEDIUM" "bookly-responsive-appointment-booking-tool 23.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Color.Profile.Parameter MEDIUM" "bookly-responsive-appointment-booking-tool 22.5 Admin+.Stored.XSS LOW" "bookly-responsive-appointment-booking-tool 22.4 Admin+.SQLi MEDIUM" "bookly-responsive-appointment-booking-tool 21.8 Admin+.Stored.Cross-Site.Scripting.via.service.titles MEDIUM" "bookly-responsive-appointment-booking-tool 21.6 Unauthenticated.Stored.XSS HIGH" "bookly-responsive-appointment-booking-tool 20.3.1 Staff.Member.Stored.Cross-Site.Scripting MEDIUM" "bookly-responsive-appointment-booking-tool 14.5 Bookly.#1.WordPress.Booking.Plugin.(Lite).<.14,5.–.Unauthenticated.Blind.Stored.XSS MEDIUM" "bs-shortcode-ultimate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "backup-bolt 1.4.0 Sensitive.Data.Exposure MEDIUM" "backup-bolt 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "booking-calendar-pro-payment 21.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "bxslider-wp No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "buddyforms-attach-posts-to-groups-extension 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "bvd-easy-gallery-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bpmnio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddypress-profile-pro 2.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 2.6.5 Reflected.Cross-Site.Scripting MEDIUM" "blockspare 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbp-move-topics 1.1.6 Code.Injection.&.CSRF CRITICAL" "biagiotti-membership 1.1 Authentication.Bypass.via.biagiotti_membership_check_facebook_user CRITICAL" "bot-for-telegram-on-woocommerce No.known.fix Authenticated.(Subscriber+).Telegram.Bot.Token.Disclosure.to.Authentication.Bypass HIGH" "brizy 2.5.2 Cross-Site.Request.Forgery MEDIUM" "brizy 2.4.45 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.45 Missing.Authorization.to.Authenticated.(Contributor+).Post.Modification HIGH" "brizy 2.4.44 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Form.Functionality MEDIUM" "brizy 2.4.44 Unauthenticated.Stored.Cross-Site.Scripting.via.Form HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.Widget.Link.To.URL HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "brizy 2.4.44 Missing.Authorization MEDIUM" "brizy 2.4.42 Authenticated(Contributor+).Stored.Cross-Site.Scripting HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.30 Contributor+.Stored.XSS MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.URL MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.Content MEDIUM" "brizy 2.3.12 2.3.11.-.Incorrect.Authorization.to.Post.Modification HIGH" "brizy 2.3.12 Authenticated.File.Upload.and.Path.Traversal HIGH" "brizy 2.3.12 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "brizy 1.0.126 Page.Builder.<.1.0.126.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "bravo-translate No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "bsk-pdf-manager 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bsk-pdf-manager 3.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bsk-pdf-manager 3.1.2 Admin+.SQL.Injection MEDIUM" "bsk-pdf-manager 1.5 Multiple.Authenticated.SQL.Injections CRITICAL" "bsk-pdf-manager 2.9.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "better-wp-security 9.3.2 IP.Address.Spoofing.to.Denial.of.Service MEDIUM" "better-wp-security 9.0.1 Unauthenticated.Login.Page.Disclosure MEDIUM" "better-wp-security 7.9.1 Hide.Backend.Bypass MEDIUM" "better-wp-security 7.0.3 Authenticated.SQL.Injection HIGH" "better-wp-security 6.9.1 Cross-Site.Scripting.(XSS) HIGH" "biteship 2.2.25 Reflected.Cross-Site.Scripting.via.biteship_error.and.biteship_message MEDIUM" "biteship 2.2.28 Shop.manager+.Stored.XSS MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting HIGH" "block-editor-bootstrap-blocks 6.6.2 Reflected.Cross-Site.Scripting.via.tab MEDIUM" "ba-book-everything 1.6.21 Reflected.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.21 Cross-Site.Request.Forgery.to.Email.Address.Update/Account.Takeover HIGH" "ba-book-everything 1.6.21 Unauthenticated.Arbitrary.User.Password.Reset MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ba-book-everything 1.6.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "ba-book-everything 1.3.25 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "booking-system No.known.fix Missing.Authorization MEDIUM" "booking-system 2.9.9.5.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "booking-system No.known.fix Stored.XSS.via.CSRF HIGH" "booking-system 2.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "booking-system 2.9.9.4.8 Admin+.Stored.XSS LOW" "booking-system 2.9.9.4.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "booking-system 2.9.9.2.9 Admin+.Stored.XSS LOW" "booking-system 2.9.9.2.9 Subscriber+.SQLi HIGH" "booking-system 2.1 Authenticated.Blind.SQL.Injection HIGH" "builderall-cheetah-for-wp 2.0.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "bbpowerpack 2.37.4 Reflected.Cross-Site.Scripting MEDIUM" "bbpowerpack 2.33.1 Contributor+.Privilege.Escalation HIGH" "better-messages-wc-vendors-integration 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "best-bootstrap-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bc-woo-custom-thank-you-pages 1.4.14 Missing.Authorization MEDIUM" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms-acf 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "bft-autoresponder 2.7.2.4 Cross-Site.Request.Forgery MEDIUM" "bft-autoresponder 2.7.2.3 CSRF MEDIUM" "bft-autoresponder 2.7.1.1 Admin+.Stored.XSS LOW" "bft-autoresponder 2.7.1.1 Unauthenticated.Stored.XSS HIGH" "bft-autoresponder 2.1.7.2 Contributor+.Stored.XSS MEDIUM" "bft-autoresponder 2.1.7.2 Admin+.Stored.XSS LOW" "bft-autoresponder 2.5.2 Authenticated.Blind.SQL.Injection.&.Multiple.XSS HIGH" "bulk-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "browser-shots 1.7.6 Contributor+.Stored.XSS MEDIUM" "blocked-in-china 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blocked-in-china 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-elementor-addons 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.2 Authenticated(Contributor+).Local.File.Inclusion HIGH" "better-elementor-addons 1.4.2 Contributor+.Stored.XSS MEDIUM" "better-elementor-addons 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.3.9 Subscriber+.Settings.Update./.Reset MEDIUM" "better-elementor-addons 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bzscore-live-score 1.6.0 Contributor+.Stored.XSS MEDIUM" "backupbuddy 8.8.3 Multiple.Reflected.Cross-Site.Scripting HIGH" "backupbuddy 8.7.5 Unauthenticated.Arbitrary.File.Access HIGH" "blue-triad-ezanalytics No.known.fix Reflected.Cross-Site.Scripting.via.'bt_webid' MEDIUM" "buk-appointments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bcorp-shortcodes No.known.fix .Unauthenticated.PHP.Object.Injection CRITICAL" "bilingual-linker 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms-hook-fields 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "bulk-image-resizer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Options.Update MEDIUM" "beepress No.known.fix Cross-Site.Request.Forgery.via.beepress-pro.php MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.16 Reflected.Cross-Site.Scripting MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.10 Reflected.Cross-Site.Scripting.via.tab,.order,.and.orderby MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.5 Reflected.XSS HIGH" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.51 Missing.Authorization MEDIUM" "buddyforms-easypin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-easypin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-easypin No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "branding No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "booking-activities 1.15.20 Reflected.Cross-Site.Scripting MEDIUM" "buddybadges No.known.fix Admin+.SQLi MEDIUM" "cpo-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cpo-shortcodes No.known.fix Admin+.Stored.XSS LOW" "cookie-bar 2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "cookie-bar 1.8.9 Admin+.Stored.Cross-Site.Scripting LOW" "club-management-software No.known.fix Authenticated.SQL.Injection MEDIUM" "cozy-addons 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "code-snippets 3.6.0 Arbitrary.settings.change.via.CSRF MEDIUM" "code-snippets 2.14.4 Reflected.Cross-Site.Scripting MEDIUM" "code-snippets 2.14.3 Reflected.Cross-Site.Scripting HIGH" "code-snippets 2.14.0 CSRF.to.RCE HIGH" "cf7-styler No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.9 Reflected.XSS MEDIUM" "cf7-styler 1.6.9 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.5 Missing.Authorization.via.Several.AJAX.Action MEDIUM" "cf7-styler 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "classyfrieds No.known.fix Authenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "cm-download-manager 2.9.1 Download.Edit.via.CSRF MEDIUM" "cm-download-manager 2.9.0 Download.Unpublish.via.CSRF MEDIUM" "cm-download-manager 2.9.0 Download.Deletion.via.CSRF MEDIUM" "cm-download-manager 2.8.6 Admin+.Arbitrary.File.Upload MEDIUM" "cm-download-manager 2.8.0 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cm-download-manager 2.8.0 Authenticated.Arbitrary.File.Deletion MEDIUM" "cm-download-manager 2.8.0 Authenticated.Cross-Site.Scripting MEDIUM" "cm-download-manager 2.0.7 CSRF.to.Cross-Site.Scripting HIGH" "cm-download-manager 2.0.4 Unauthenticated.Code.Injection CRITICAL" "content-egg 5.5.0 Multiple.CSRF MEDIUM" "content-egg 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "content-egg 5.3.0 Reflected.Cross-Site.Scripting MEDIUM" "complianz-gdpr-premium 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr-premium 6.3.6 Translator.SQLi MEDIUM" "comic-easel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "candidate-application-form No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "contexture-page-security No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "consensu-io 1.0.4 Unauthenticated.Settings.Update MEDIUM" "cross-linker No.known.fix Arbitrary.Cross-Link.Creation.via.CSRF MEDIUM" "country-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "country-blocker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-syndication-toolkit-reader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chp-ads-block-detector 3.9.8 Subscriber+.Plugin.Settings.Update MEDIUM" "chp-ads-block-detector 3.9.8 Plugin.Settings.Update.via.CSRF MEDIUM" "chp-ads-block-detector 3.9.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "contact-form-with-captcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-with-captcha 1.6.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "coins-marketcap 5.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-maker No.known.fix Admin+.SQLi MEDIUM" "contact-form-maker 1.13.5 Cross-Site.Request.Forgery.to.LFI HIGH" "chatroll-live-chat 2.6.0 Contributor+.Stored.XSS MEDIUM" "copy-the-code 4.0.4 Contributor+.Stored.XSS MEDIUM" "copy-the-code 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "copy-the-code 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "conversador No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "cartflows 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cartflows 2.0.2 Editor+.Stored.XSS LOW" "cartflows 1.6.13 Authenticated.Stored.XSS.via.FB.Pixel.ID.and.Google.Analytics.ID MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "contact-form-to-email 1.3.53 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-to-email 1.3.45 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-to-email 1.3.42 Captcha.Bypass MEDIUM" "contact-form-to-email 1.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.3.38 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-to-email 1.3.25 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.2.66 Multiple.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "cwicly 1.4.0.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "custom-facebook-feed 4.2.2 Facebook.Token.Reset/Update.via.CSRF MEDIUM" "custom-facebook-feed 4.1.6 Contributor+.Stored.XSS MEDIUM" "custom-facebook-feed 4.1.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "custom-facebook-feed 4.0.1 Subscriber+.Arbitrary.Plugin.Settings.Update.to.Stored.XSS HIGH" "custom-facebook-feed 2.19.2 Unauthenticated.Stored.XSS CRITICAL" "custom-facebook-feed 2.19.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-bank No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cpo-companion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpo-companion 1.1.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cpo-companion 1.1.0 Admin+.Stored.XSS LOW" "catch-breadcrumb 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "catch-breadcrumb 1.5.7 Unauthenticated.Reflected.XSS MEDIUM" "conveythis-translate 235 Missing.Authorization.to.Limited.Option.Update MEDIUM" "conveythis-translate 224 Unauthenticated.Stored.Cross-Site.Scripting.via.api_key HIGH" "convert-docx2post No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "csprite No.known.fix Cross-Site.Request.Forgery MEDIUM" "carousels-slider-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "css-js-files 1.5.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "coditor No.known.fix Arbitrary.File.Edition,.Deletion.and.Internal.Directory.Listing.in.wp-content CRITICAL" "customizer-export-import 0.9.7.1 Authenticated.(Admin+).Arbitrary.File.Upload.via.Customization.Settings.Import MEDIUM" "customizer-export-import 0.9.6 Admin+.PHP.Object.Injection LOW" "customizer-export-import 0.9.5 Admin+.PHP.Object.Injection MEDIUM" "customizer-export-import 0.9.5 Admin+.PHP.Objection.Injection MEDIUM" "ct-commerce No.known.fix Admin+.Stored.XSS LOW" "custom-post-widget 3.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content_block.Shortcode MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-icons-for-elementor 0.3.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "comments-from-facebook 2.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "custom-email-options No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "clotya-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "click-to-chat-for-whatsapp 4.0 Contributor+.LFI HIGH" "click-to-chat-for-whatsapp 3.18.1 Contributor+.Stored.XSS MEDIUM" "custom-sidebars 3.1.0 CSRF HIGH" "custom-sidebars 3.0.8.1 CSRF HIGH" "cssable-countdown No.known.fix Admin+.Stored.XSS LOW" "copy-delete-posts 1.4.0 Plugin.Installation.via.CSRF MEDIUM" "copy-delete-posts 1.4.0 Subscriber+.Plugin.Installation MEDIUM" "copy-delete-posts 1.2.0 Authenticated.SQL.Injection MEDIUM" "captchinoo-captcha-for-login-form-protection 2.5 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "captchinoo-captcha-for-login-form-protection 2.4 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "corner-ad 1.0.57 Ads.Deletion.via.CSRF MEDIUM" "corner-ad 1.0.8 Admin+.Stored.XSS LOW" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting.via.PHP_SELF MEDIUM" "cars-seller-auto-classifieds-script No.known.fix Auto.Classifieds.Script.<=.2.1.0.-.Unauthenticated.SQL.Injection CRITICAL" "contact-form-cfdb7 1.2.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-cfdb7 1.2.6.5 CSV.Injection LOW" "contact-form-cfdb7 1.2.6.1 Arbitrary.Form.Deletion..via.CSRF MEDIUM" "contact-form-cfdb7 1.2.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contact-form-cfdb7 1.2.5.6 CSV.Injection MEDIUM" "contact-form-cfdb7 1.2.5.4 Authenticated.SQL.Injections CRITICAL" "custom-share-buttons-with-floating-sidebar 4.2 Admin+.Stored.XSS LOW" "choice-payment-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "choice-payment-gateway-for-woocommerce 2.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-order-statuses-woocommerce 2.4.0 Cross-Site.Request.Forgery MEDIUM" "change-login-logo 1.1.5 Authenticated.Stored.Cross-Site.Scripting LOW" "cc-bcc-for-woocommerce-order-emails No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "comicbookmanagementsystemweeklypicks 2.2.0 Admin+.SQLi MEDIUM" "cta 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "check-pincode-for-woocommerce 1.2 Reflected.Cross-Site.Scripting MEDIUM" "counter-yandex-metrica No.known.fix Admin+.Stored.XSS LOW" "custom-font-uploader 2.4.0 Custom.Font.Uploader.<.2.4.0.-.Missing.Authorization.to.Font.Deletion MEDIUM" "custom-font-uploader 2.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "coub No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "css-javascript-toolbox 11.9 Contributor+.Stored.XSS MEDIUM" "cryptocurrency-pricing-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-master No.known.fix Reflected.XSS HIGH" "cp-blocks 1.0.21 CSRF MEDIUM" "cp-blocks 1.0.15 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-x 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "crm2go No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-invisible-recaptcha 1.3.4 CSRF MEDIUM" "cf7-invisible-recaptcha 1.3.2 XSS MEDIUM" "crony No.known.fix Cross-Site.Request.Forgery MEDIUM" "crony 0.4.7 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "calendarista-basic-edition 3.0.3 Cross-Site.Request.Forgery MEDIUM" "calendarista-basic-edition 3.0.6 Missing.Authorization MEDIUM" "calendarista-basic-edition 3.0.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "chatter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chatter No.known.fix Missing.Authorization MEDIUM" "custom-field-finder 0.4 Authenticated.(Author+).PHP.Object.Injection HIGH" "change-table-prefix No.known.fix Cross-Site.Request.Forgery.via.change_prefix_form HIGH" "cyklodev-wp-notify 1.3.0 Admin+.Stored.XSS LOW" "category-post-list-widget No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "contact-form-to-any-api 1.2.5 Unauthenticated.Stored.Cross-Site.Scripting.via.Contact.Form HIGH" "contact-form-to-any-api 1.1.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "contact-form-to-any-api 1.1.7 Subscriber+.API.Entry.Record.Deletion MEDIUM" "contact-form-to-any-api 1.1.3 Admin+.SQLi MEDIUM" "cab-grid 1.6 Admin+.Stored.XSS LOW" "collapsing-categories 3.0.9 Unauthenticated.SQL.Injection HIGH" "contact-form-7-skins 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-skins 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "catch-import-export 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "comment-press 2.7.2 Unauthenticated.Cross-Frame.Scripting HIGH" "category-d3-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-control 2.2.0 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-control 1.1.10 Contributor+.Stored.XSS MEDIUM" "cities-shipping-zones-for-woocommerce 1.2.8 Authenticated.(Shop.Manager+).Local.File.Inclusion HIGH" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_title] MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Term.Custom.Field HIGH" "custom-field-suite No.known.fix Contributor+.PHP.Code.Injection.via.Loop.Custom.Field HIGH" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_content] MEDIUM" "custom-field-suite 2.6.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.3 Admin+.Stored.XSS LOW" "custom-field-suite 2.5.15 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "clickbank-ads-clickbank-widget 1.35 Admin+.Stored.Cross-Site.Scripting LOW" "clickbank-ads-clickbank-widget 1.35 CSRF.to.Stored.Cross-Site.Scripting HIGH" "codeflavors-vimeo-video-post-lite 2.2.2 Reflected.XSS HIGH" "custom-order-numbers-for-woocommerce 1.4.1 CSRF MEDIUM" "captcha 4.4.5 Backdoored MEDIUM" "cart-lift 3.1.6 Reflected.XSS HIGH" "corona-virus-covid-19-banner No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "corona-virus-covid-19-banner 1.8.0 CSRF MEDIUM" "category-page-icons No.known.fix Arbitrary.File.Upload/Deletion.via.Path.Traversal CRITICAL" "custom-product-builder-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "custom-codes 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-to-db 1.7.3 Authenticated.(Author+).SQL.Injection CRITICAL" "contact-form-to-db 1.7.2 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "custom-css-js 3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.1 Admin+.Stored.XSS LOW" "contextual-related-posts 3.3.1 Contributor+.Stored.XSS MEDIUM" "contextual-related-posts 2.9.4 CSRF.Nonce.Validation.Bypass MEDIUM" "contextual-related-posts 1.8.7 Cross-Site.Request.Forgery MEDIUM" "contextual-related-posts 1.8.10.2 Multiple.Parameter.SQL.Injection HIGH" "countdown-timer-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "cryptocurrency-price-widget 1.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "current-template-name 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "convert-post-types No.known.fix Cross-Site.Request.Forgery MEDIUM" "convert-post-types No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "currency-switcher-woocommerce 2.11.2 Security.Restrictions.Bypass MEDIUM" "captain-slider No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "creative-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calculator-builder 1.5.1 Reflected.XSS MEDIUM" "coupon-zen 1.0.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "contact-form-lite 1.1.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-slider-block 3.1.6 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "cms-commander-client 2.288 Unauthenticated.Authorisation.Bypass HIGH" "catalog No.known.fix Admin+.SQL.Injection MEDIUM" "connected-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "connected-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "comment-guestbook No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cmb2 2.11.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "customizely No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customizely 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chatpressai 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "change-prices-with-time-for-woocommerce 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "change-prices-with-time-for-woocommerce 1.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "currency-converter-calculator 1.3.2 Contributor+.Stored.XSS MEDIUM" "cc-custom-taxonmy No.known.fix Admin+.Stored.XSS LOW" "css-js-manager 2.4.49.1 Multiple.CSRF MEDIUM" "contact-page-with-google-map No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "customer-reviews-woocommerce 5.62.0 Missing.Authorization.to.Authenticated.(Subscriber+).Import.Cancellation MEDIUM" "customer-reviews-woocommerce 5.48.0 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Coupon.Search MEDIUM" "customer-reviews-woocommerce 5.39.0 Improper.Authorization.via.submit_review MEDIUM" "customer-reviews-woocommerce 5.38.10 Author+.Arbitrary.File.Upload HIGH" "customer-reviews-woocommerce 5.38.2 Cross-Site.Request.Forgery.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.38.2 Missing.Authorization.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization.in.Reviews.Exporter MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization MEDIUM" "customer-reviews-woocommerce 5.17.0 Contributor+.Stored.XSS MEDIUM" "customer-reviews-woocommerce 5.16.0 Contributor+.LFI CRITICAL" "customer-reviews-woocommerce 5.3.6 Cross-Site.Request.Forgery MEDIUM" "customer-reviews-woocommerce 5.3.6 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "customer-reviews-woocommerce 5.3.6 Broken.Access.Control MEDIUM" "cm-header-footer-script-loader 1.2.2 Reflected.XSS HIGH" "category-seo-meta-tags No.known.fix Cross-Site.Request.Forgery.via.csmt_admin_options MEDIUM" "category-seo-meta-tags No.known.fix Admin+.Stored.XSS LOW" "customily-v2 No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "chameleon 1.4.4 Admin+.Stored.XSS LOW" "custom-404-pro 3.11.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-404-pro 3.10.1 Unauthenticated.Stored.Cross-Site.Scripting.via.logging HIGH" "custom-404-pro 3.8.1 Multiple.SQL.Injection HIGH" "custom-404-pro 3.8.2 Reflected.XSS HIGH" "custom-404-pro 3.7.3 Reflected.Cross-Site.Scripting HIGH" "custom-404-pro 3.7.2 Logs.Deletion.via.CSRF MEDIUM" "custom-404-pro 3.7.1 Admin+.SQLi MEDIUM" "custom-404-pro 3.2.9 Authenticated.Reflected.XSS MEDIUM" "custom-404-pro 3.2.8 XSS MEDIUM" "captchelfie-captcha-by-selfie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "copyrightpro No.known.fix Settings.Update.via.CSRF MEDIUM" "csv-to-html 3.15 Reflected.Cross-Site.Scripting HIGH" "csv-to-html 3.27 Subscriber+.Arbitrary.File.Upload CRITICAL" "comments-on-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clasify-classified-listing No.known.fix Reflected.XSS HIGH" "cysteme-finder 1.4 Unauthenticated.LFI.and.Unauthenticated.File.Upload CRITICAL" "cart-rest-api-for-woocommerce 3.12.0 Missing.Authorization MEDIUM" "comment-blacklist-updater 1.2.0 Cross-Site.Request.Forgery.via.update_blacklist_manual MEDIUM" "culture-object 4.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "calderawp-license-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "copy-move-posts No.known.fix Missing.Authorization MEDIUM" "contact-form-7-simple-recaptcha 0.1.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-simple-recaptcha 0.0.9 CSRF.to.Stored.XSS HIGH" "cookielay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cookielay.Shortcode MEDIUM" "categorycustomfields No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-us-page-contact-people 3.7.1 Contact.people.LITE.<.3.7.1.-.Contact.Update/Deletion/Creation.via.CSRF MEDIUM" "coupon-referral-program No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "coupon-referral-program No.known.fix Sensitive.Information.Disclosure MEDIUM" "culqi-checkout 3.0.15 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "church-theme-content 2.6.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "community-events 1.5.1 Admin+.Stored.XSS LOW" "community-events 1.5 Event.Deletion.via.CSRF MEDIUM" "community-events 1.4.9 Admin+.Stored.XSS LOW" "community-events 1.4.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "community-events 1.4 SQL.Injection CRITICAL" "cm-video-lesson-manager 1.8.3 Reflected.XSS HIGH" "cm-video-lesson-manager 1.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-db-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-reply-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "compare-ninja-comparison-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "categories-gallery No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "current-menu-item-for-custom-post-types 1.6 Cross-Site.Request.Forgery MEDIUM" "clyp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatbot 5.5.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_delete_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_upload_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_list_callback MEDIUM" "chatbot 5.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "chatbot 4.7.9 Authenticated.(Administrator+).SQL.Injection HIGH" "chatbot 4.9.7 4.9.6.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.in.FAQ.Builder MEDIUM" "chatbot 4.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.3 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.1 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "chatbot 4.9.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.1 Authenticated.(Subscriber+).Directory.Traversal.to.Arbitrary.File.Write.via.qcld_openai_upload_pagetraining_file CRITICAL" "chatbot 4.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "chatbot 4.9.3 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.7.9 CSRF MEDIUM" "chatbot 4.7.8 Admin+.Stored.XSS.in.Language.Settings LOW" "chatbot 4.7.8 Admin+.Stored.XSS.in.FAQ.Builder LOW" "chatbot 4.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.4.9 Unauthenticated.Stored.XSS HIGH" "chatbot 4.4.5 Stored.XSS.via.CSRF HIGH" "chatbot 4.4.9 Subscriber+.OpenAI.Settings.Update.to.Stored.XSS HIGH" "chatbot 4.4.7 Unauthenticated.PHP.Object.Injection HIGH" "chatbot 4.5.1 Admin+.Stored.XSS LOW" "chatbot 4.3.0 Settings.Reset.via.CSRF MEDIUM" "chatbot 4.3.1 Admin+.Stored.XSS LOW" "chatbot 4.2.9 Unauthenticated.Settings.Reset MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS.via.shortcode MEDIUM" "calculatorpro-calculators No.known.fix Reflected.Cross-Site.Scripting.via.CP_preview_calc MEDIUM" "clicksend-lead-capture-form No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Message.Deletion MEDIUM" "companion-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-telegram 0.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Subscription.Approve/Pause/Refuse MEDIUM" "cf7-grid-and-styler-for-divi 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-grid-and-styler-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Cross-Site.Request.Forgery MEDIUM" "checkout-plugins-stripe-woo 1.4.11 Settings.Update.via.CSRF MEDIUM" "code-manager 1.0.26 Reflected.Cross-Site.Scripting MEDIUM" "code-manager 1.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "co-authors-plus 3.5.2 Guest.Authors.Email.Address.Disclosure MEDIUM" "clipr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "codepile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codepile 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "card-elements-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comfino-payment-gateway 4.1.2 Reflected.Cross-Site.Scripting HIGH" "custom-sub-menus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "coru-lfmember No.known.fix Arbitrary.Game.Deletion/Activation.via.CSRF MEDIUM" "coru-lfmember No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "coschool No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "cyberus-key 1.1 Admin+.Stored.XSS LOW" "cubewp-forms No.known.fix Missing.Authorization MEDIUM" "cubewp-forms 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "carrrot No.known.fix Admin+.Stored.XSS LOW" "custom-search-plugin 1.36 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cookiemonster No.known.fix Admin+.Stored.XSS LOW" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Creation MEDIUM" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Updates/Deletions MEDIUM" "cf7-message-filter 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-message-filter 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "cf7-mailchimp 1.1.1 Reflected.Cross-Site.Scripting HIGH" "campaign-monitor-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "campaign-monitor-wp 2.5.6 Subscriber+.Arbitrary.Options.Update MEDIUM" "ce21-suite 2.2.1 Unauthenticated.Privilege.Escalation CRITICAL" "ce21-suite No.known.fix JWT.Token.Disclosure CRITICAL" "ce21-suite 2.2.1 Authentication.Bypass CRITICAL" "ce21-suite No.known.fix Missing.Authorization.to.Unauthenticated.Plugin.Settings.Change MEDIUM" "copymatic 2.0 Missing.Authorization MEDIUM" "copymatic 1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cm-table-of-content 1.2.4 Stored.XSS.via.CSRF HIGH" "cm-table-of-content 1.2.3 Settings.Reset.via.CSRF MEDIUM" "code-snippets-extended No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "code-snippets-extended No.known.fix Arbitrary.Snippet.Deletion/Disabling.via.CSRF MEDIUM" "code-snippets-extended No.known.fix RCE.via.CSRF HIGH" "connect-contact-form-7-to-constant-contact-v3 1.5 Reflected.Cross-Site.Scripting MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-anti-spambot No.known.fix Missing.Authorization MEDIUM" "comments-not-replied-to 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "comments-not-replied-to 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-ready 2.0.12 Form.Styling.Update.via.CSRF MEDIUM" "civicrm 5.24.3 Authenticated.Phar.Deserialization MEDIUM" "civicrm 5.28.1 CSRF.to.Stored.XSS MEDIUM" "continuous-announcement-scroller No.known.fix Admin+.Stored.XSS LOW" "cp-simple-newsletter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-simple-newsletter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "clients No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-multi-step-module 4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-multi-step-module 4.1.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-multi-step-module 3.0.9 Subscriber+.Arbitrary.Option.Update CRITICAL" "currency-switcher 1.2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "currency-switcher 1.2.0.2 Cross-Site.Request.Forgery MEDIUM" "currency-switcher 1.2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.2.0 Subscriber+.Missing.Authorization.Checks MEDIUM" "currency-switcher 1.2.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.1.7 Arbitrary.Plugin's.Settings.Change.via.CSRF MEDIUM" "csv-importer 0.3.9 Cross-Site.Request.Forgery MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.livesite-pay.Shortcode MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cf7-multi-step 2.7.8 Unauthenticated.SQL.Injection HIGH" "cf7-infusionsoft 1.1.4 Reflected.Cross-Site.Scripting HIGH" "content-restrictor-for-divi 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "content-restrictor-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "create-flipbook-from-pdf No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "clean-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "creative-mail-by-constant-contact 1.6.0 Multiple.CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 Settings.Reset.via.CSRF MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked-pro 1.8.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cooked-pro 1.8.0 Cross-Site.Request.Forgery MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Reset MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).HTML.Injection MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.via.cooked_get_recipe_ids MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Apply MEDIUM" "cooked-pro 1.7.5.7 Unauthenticated.PHP.Object.Injection HIGH" "cooked-pro 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "comment-emailer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-map No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "commonsbooking 2.6.8 Unauthenticated.SQL.Injection HIGH" "cybersoldier 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "clerkio 4.0.0 Authentication.Bypass.and.API.Keys.Disclosure LOW" "crypto-converter-widget 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "crypto-converter-widget 1.8.4 Contributor+.Stored.XSS MEDIUM" "content-blocks-builder 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-blocks-builder 2.3.17 Reflected.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.288 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.colibri_video_player.Shortcode MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting.via.the.plugin's.'colibri_breadcrumb_element'.shortcode MEDIUM" "colibri-page-builder 1.0.264 Author+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.270 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.249 Missing.Authorization MEDIUM" "colibri-page-builder 1.0.260 Arbitrary.Shortcode.Call.via.CSRF MEDIUM" "colibri-page-builder 1.0.260 Import.Images,.Delete.Post,.Save.Theme.Data.via.CSRF MEDIUM" "colibri-page-builder 1.0.240 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.248 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.229 Admin+.SQL.Injection MEDIUM" "circle-image-slider-with-lightbox 1.0.1 Image.Data.Update.via.CSRF MEDIUM" "circle-image-slider-with-lightbox 1.0.18 Reflected.Cross-Site.Scripting MEDIUM" "circle-image-slider-with-lightbox 1.0.16 Reflected.Cross-Site.Scripting MEDIUM" "custom-author-base No.known.fix Settings.Update.via.CSRF MEDIUM" "creative-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "catch-instagram-feed-gallery-widget 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "conditional-menus 1.2.1 Reflected.XSS HIGH" "cube-slider No.known.fix Admin+.SQLi MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.IP.Spoofing MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.Stored.XSS HIGH" "convertbox-auto-embed 1.0.20 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cf7-insightly 1.0.9 Reflected.Cross-Site.Scripting HIGH" "cc-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "convertkit 2.4.9.1 Missing.Authorization MEDIUM" "convertkit 2.4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "convertkit 2.2.1 Reflected.XSS HIGH" "convertkit 2.0.5 Contributor+.Stored.XSS MEDIUM" "callbook-mobile-bar No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "cosmosfarm-share-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.75 Reflected.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.77 Admin+.Stored.XSS.via.Custom.Styles LOW" "cp-polls 1.0.77 Admin+.Stored.Cross-Site.Scripting LOW" "cp-polls 1.0.72 Unauthenticated.Content.Injection MEDIUM" "cp-polls 1.0.72 Unauthenticated.Poll.Limit.Bypass MEDIUM" "cp-polls 1.0.9 Multiple.XSS.Vulnerabilities MEDIUM" "cp-polls 1.0.9 Multiple.CSRF.Vulnerabilities MEDIUM" "category-specific-rss-feed-menu 2.3 Admin+.Stored.XSS LOW" "category-specific-rss-feed-menu 2.2 Settings.Update.via.CSRF MEDIUM" "correos-express No.known.fix Sensitive.Information.Disclosure HIGH" "cf7-active-campaign 1.0.4 Reflected.Cross-Site.Scripting HIGH" "ck-and-syntaxhighlighter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "copyright-safeguard-footer-notice No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cf7-mollie No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "cf7-mollie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convertplug 3.5.26.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.5.26 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "convertplug 3.5.26 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.4.5 Multiple.Issues HIGH" "contact-form-7-to-database-extension 2.10.36 CSV.Injection CRITICAL" "common-tools-for-site No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "css-hero 4.07 Authenticated.Reflected.XSS MEDIUM" "cs-element-bucket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-easy-math-captcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cyr3lat 3.7 Editor+.SQL.Injection MEDIUM" "cookie-consent-autoblock No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "clearfy 2.2.5 Missing.Authorization MEDIUM" "clearfy No.known.fix Cross-Site.Request.Forgery MEDIUM" "clearfy 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "charitydonation-thermometer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-text-selection-colors No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "carousel-ck No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "comments-ratings No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "comments-ratings No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "comments-ratings 1.1.7 Cross-Site.Request.Forgery MEDIUM" "co2ok-for-woocommerce 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Subscriber+.Arbitrary.Option.Update CRITICAL" "content-views-query-and-display-post-page 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagingType.Parameter MEDIUM" "content-views-query-and-display-post-page 3.7.1 Contributor+.Stored.Cross-Site.Scripting.via.Widget.Post.Overlay MEDIUM" "content-views-query-and-display-post-page 3.6.3 Admin+.Stored.XSS MEDIUM" "csv-wc-product-import-export No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "cashtomer No.known.fix Authenticated.SQL.Injection MEDIUM" "cds-simple-seo 2.0.26 Arbitrary.Settings.Update.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Sitemap.Creation/Deletion.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Subscriber+.Sitemap.Creation/Deletion MEDIUM" "cds-simple-seo 1.7.92 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "comparison-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "comparison-slider No.known.fix Missing.Authorization MEDIUM" "comparison-slider No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "countdown-timer-block No.known.fix Contributor+.Stored.XSS MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.confetti-fall-animation.Shortcode MEDIUM" "classified-listing 3.1.16 Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update HIGH" "classified-listing 3.1.17 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "classified-listing 3.1.8 Missing.Authorization MEDIUM" "classified-listing 3.0.11 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "classified-listing 3.0.5 Cross-Site.Request.Forgery.to.Account.Takeover.via.rtcl_update_user_account HIGH" "classified-listing 3.0.5 Missing.Authorization MEDIUM" "classified-listing 2.4.6 Cross-Site.Request.Forgery MEDIUM" "classified-listing 2.2.14 Reflected.Cross-Site.Scripting MEDIUM" "cresta-addons-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.heading_tag.Parameter MEDIUM" "cbxwpbookmark 1.7.22 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.7.21 Admin+.SQLi MEDIUM" "cbxwpbookmark 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.6.9 Reflected.Cross-Site.Scripting HIGH" "click-to-top 1.2.8 Authenticated.Stored.Cross-Site.Scripting LOW" "contact-form-add No.known.fix CSRF HIGH" "contact-form-add 1.9.8.4 Authenticated.Stored.Cross-Site.Scripting LOW" "contact-form-add 1.9.8.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "continue-shopping-from-cart-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "consulting-elementor-widgets 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "collectchat 2.4.4 Admin+.XSS LOW" "collectchat 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "collectchat 2.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization.to.Authenticated.(Contributor+).PHP.Object.Injection HIGH" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization MEDIUM" "custom-add-to-cart-button-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "cmsmasters-content-composer 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "conditional-extra-fees-for-woocommerce 1.0.97 Admin+.Stored.XSS MEDIUM" "custom-settings No.known.fix Admin+.Stored XSS LOW" "cf7-dynamics-crm 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "cloud-manager No.known.fix Reflected.XSS CRITICAL" "custom-skins-contact-form-7 No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Update.and.Skin.Creation MEDIUM" "clictracker No.known.fix Admin+.Stored.XSS LOW" "cf7-widget-elementor 2.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cf7-widget-elementor 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7_redirect_page.Attribute MEDIUM" "cf7-widget-elementor 2.4 Missing.Authorization MEDIUM" "caching-compatible-cookie-optin-and-javascript 0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "change-uploaded-file-permissions No.known.fix File.Permission.Update.via.CSRF MEDIUM" "coming-soon-by-supsystic 1.7.11 Cross-Site.Request.Forgery MEDIUM" "coming-soon-by-supsystic 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "cf7save-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "commons-booking No.known.fix Admin+.Stored.XSS LOW" "commons-booking No.known.fix Code/Timeframe/Booking.Deletion.via.CSRF MEDIUM" "conditional-payments-for-woocommerce 2.3.2 Plugin.RuleSets.Activation/Deactivation.via.CSRF MEDIUM" "comment-link-remove 2.1.6 Arbitrary.Comment.Deletion.via.CSRF MEDIUM" "client-power-tools 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "calendar-event 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "calendar-event 1.4.7 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Information.Exposure.via.Unprotected.Directory MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Admin+.Stored.XSS LOW" "ctt-expresso-para-woocommerce 3.2.12 Admin+.Stored.XSS LOW" "cmsmasters-elementor-addon 1.15.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "catch-themes-demo-import 2.1.1 Admin+.Remote.Code.Execution MEDIUM" "catch-themes-demo-import 1.8 Admin+.Arbitrary.File.Upload CRITICAL" "catch-themes-demo-import 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-login 4.1.1 Subscriber+.Unauthorised.Action MEDIUM" "copy-me No.known.fix Copy.Posts.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "captcha-bws 5.2.1 Captcha.Bypass MEDIUM" "chalet-montagne-com-tools No.known.fix Reflected.XSS HIGH" "convertful 2.6 Missing.Authorization.via.add_woo_coupon MEDIUM" "clock-in-portal No.known.fix Holidays.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Staff.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Designation.Deletion.via.CSRF MEDIUM" "cardealerpress 6.7.2411.00 Reflected.Cross-Site.Scripting MEDIUM" "custom-user-guide 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-user-guide 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-product-type-for-woocommerce 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-product-type-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cubewp-framework 1.1.16 Missing.Authorization MEDIUM" "cubewp-framework 1.1.13 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "codepen-embedded-pen-shortcode 1.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "codepen-embedded-pen-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cookies-by-jm No.known.fix Admin+.Stored.XSS LOW" "cpt-to-map-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-shortcode-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "car-rental No.known.fix Admin+.Stored.XSS LOW" "car-rental 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "conversion-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.4 Cross-Site.Request.Forgery MEDIUM" "code-explorer No.known.fix Authenticated.(Admin+).External.File.Reading MEDIUM" "coupon-lite 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coupon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "catch-scroll-progress-bar 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "csv-import-export No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "computer-repair-shop 3.8120 Authenticated.(Customer+).Privilege.Esclation.via.Account.Takeover CRITICAL" "computer-repair-shop 3.8122 Missing.Authorization.to.Account.Takeover/Privilege.Escalation HIGH" "computer-repair-shop 3.8116 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cookie-law-info 1.8.3 Improper.Access.Controls CRITICAL" "crudlab-google-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "countdown-for-the-events-calendar 1.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "content-protector 4.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.6.5 Contributor+.Stored.XSS.via.content_protector.Shortcode MEDIUM" "content-protector 4.2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.9 Protection.Bypass.&.Arbitrary.Post.Access HIGH" "content-protector 3.5.5.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.5.2 Insecure.Storage.of.Password MEDIUM" "content-protector 3.5.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cryptocurrency No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cryptocurrency No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "captcha-for-contact-form-7 1.11.4 Captcha.Bypass MEDIUM" "cj-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "changyan No.known.fix Missing.Authorization MEDIUM" "custom-contact-forms 5.1.0.4 Unauthenticated.Database.Import/Export CRITICAL" "custom-contact-forms 5.1.0.3 Authenticated.Cross.Site.Scripting CRITICAL" "cookie-consent-box 1.1.7 Admin+.Stored.XSS LOW" "cricket-score No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customify-sites No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "custom-twitter-feeds 2.2.4 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.2.3 Admin+.Stored.XSS LOW" "custom-twitter-feeds 2.2.2 Cross-Site.Request.Forgery.to.Plugin.Options.Update MEDIUM" "custom-twitter-feeds 2.2 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-twitter-feeds 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "crazy-call-to-action-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkfront-wp-booking 3.7 Settings.Update.via.CSRF MEDIUM" "cardoza-wordpress-poll No.known.fix Authenticated.SQL.Injection HIGH" "cardoza-wordpress-poll 34.06 Multiple.External.Function.Remote.Poll.Manipulation CRITICAL" "cardoza-wordpress-poll 33.6 Multiple.SQL.Injection.Vulnerabilities CRITICAL" "cpa-offerwall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "co-marquage-service-public 0.5.77 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "co-marquage-service-public 0.5.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "co-marquage-service-public 0.5.73 Reflected.Cross-Site.Scripting.via.search_term MEDIUM" "checkout-mestres-wp 8.6.1 Authenticated.(Admin+).Local.File.Inclusion HIGH" "checkout-mestres-wp 7.1.9.8 Unauthenticated.SQL.Injection CRITICAL" "checkout-mestres-wp 7.1.9.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "checkout-mestres-wp 7.1.9.8 Authentication.Bypass.via.Password.Reset CRITICAL" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.type.Parameter MEDIUM" "current-book No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "clickfunnels No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clickfunnels No.known.fix Settings.Update.via.CSRF MEDIUM" "cf7-zoho 1.2.4 Admin+.SQLi MEDIUM" "cf7-zoho 1.2.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cf7-zoho 1.1.9 Reflected.Cross-Site.Scripting HIGH" "cf7-zoho 1.1.8 Reflected.Cross-Site.Scripting HIGH" "contest-gallery 25.1.2 Authenticated.(Author+).SQL.Injection MEDIUM" "contest-gallery 24.0.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 24.0.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "contest-gallery 24.0.4 Unauthenticated.SQL.Injection CRITICAL" "contest-gallery 23.1.3 Unauthenticated.Information.Exposure MEDIUM" "contest-gallery 23.1.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Author+).Arbitrary.File.Deletion MEDIUM" "contest-gallery 21.3.6 Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.2.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.1 Author+.Stored.Cross.Site.Scripting MEDIUM" "contest-gallery 21.2.9 Cross-Site.Request.Forgery MEDIUM" "contest-gallery 21.2.8.1 Unauthenticated.Stored.XSS.via.HTTP.Headers HIGH" "contest-gallery 21.1.2.1 Reflected.XSS HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 14.0.0 Unauthenticated.Stored.XSS MEDIUM" "contest-gallery 17.0.5 Author+.SQLi HIGH" "contest-gallery 14.0.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 13.1.0.6 Missing.Access.Controls.to.Unauthenticated.SQL.injection./.Email.Address.Disclosure HIGH" "contest-gallery 13.1.0.7 Subscriber+.Email.Address.Disclosure MEDIUM" "contest-gallery 10.4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "cloud-sso-single-sign-on 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "college-publisher-import No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "creative-image-slider 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "coolclock 4.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "change-wp-admin-login 1.1.4 Secret.Login.Page.Disclosure MEDIUM" "change-wp-admin-login 1.1.0 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "cool-tag-cloud 2.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "configurable-tag-cloud-widget 5.3 Cross-Site.Request.Forgery MEDIUM" "collage-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "collage-for-divi 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "captainform No.known.fix Reflected.Cross-Site.Scripting.via.REQUEST_URI MEDIUM" "captainform No.known.fix CSRF MEDIUM" "cartflows-pro 1.11.13 CSRF MEDIUM" "cartflows-pro 1.11.12 Reflected.Cross-Site.Scripting HIGH" "caldera-forms 1.7.5.1 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "caldera-forms 1.6.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "cleantalk-spam-protect 6.45 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.44 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.21 Email.Update.via.CSRF MEDIUM" "cleantalk-spam-protect 6.21 Counters.Reset/Creation.via.CSRF MEDIUM" "cleantalk-spam-protect 5.185.1 Admin+.SQLi MEDIUM" "cleantalk-spam-protect 5.174.1 Reflected.Cross-Site.Scripting MEDIUM" "cleantalk-spam-protect 5.153.4 Unauthenticated.Blind.SQL.Injection HIGH" "cleantalk-spam-protect 5.149 Multiple.Authenticated.SQL.Injections MEDIUM" "cleantalk-spam-protect 5.127.4 Cross-Site.Scripting.Issue MEDIUM" "cleantalk-spam-protect 5.22 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "crafty-social-buttons 1.5.8 XSS MEDIUM" "customer-area 8.2.5 Event.Log.Deletion.via.CSRF MEDIUM" "customer-area 8.2.5 Bulk.Delete.via.CSRF MEDIUM" "customer-area 8.2.3 .Reflected.Cross-Site.Scripting MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Leak MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Update MEDIUM" "customer-area 8.1.4 Unauthorised.Actions.via.CSRF MEDIUM" "customer-area 7.4.3 XSS MEDIUM" "coblocks 3.1.14 Missing.Authorization MEDIUM" "coblocks 3.1.13 Editor+.Stored.XSS LOW" "coblocks 3.1.12 Contributor+.SSRF LOW" "coblocks 3.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Profiles MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "content-security-policy-pro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-advanced-database No.known.fix Unauthorised.AJAX.Calls MEDIUM" "custom-css-pro 1.0.4 CSRF.&.XSS HIGH" "contact-form-entries 1.3.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-entries 1.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "contact-form-entries 1.3.3 Admin+.Arbitrary.File.Upload MEDIUM" "contact-form-entries 1.3.1 Contributor+.Stored.XSS MEDIUM" "contact-form-entries 1.3.1 SQL.Injection MEDIUM" "contact-form-entries 1.3.0 CSV.Injection MEDIUM" "contact-form-entries 1.2.4 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.2 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.1 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.1.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "comment-reply-notification No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-wp-rest-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-check-tester No.known.fix Broken.Access.Control.to.Cross-Site.Scripting.(XSS) HIGH" "cpt-onomies No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-campaign-monitor-extension No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "cz-loan-management No.known.fix Unauthenticated.SQLi HIGH" "cf7-field-validation No.known.fix Unauthenticated.SQLi HIGH" "custom-post-type-generator No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "clever-fox 25.2.1 Missing.Authorization.to.arbitrary.theme.activation.via.clever-fox-activate-theme MEDIUM" "clever-fox 25.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-text-slider-on-post 6.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "critical-site-intel-stats No.known.fix Unauthenticated.SQL.Injection CRITICAL" "chauffeur-booking-system 7.0 Authentication.Bypass CRITICAL" "chauffeur-booking-system 7.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "codecolorer 0.10.1 CodeColorer.<.0,10,1.–.Admin+.Stored.Cross-Site.Scripting LOW" "change-default-login-logo-url-and-title No.known.fix Cross-Site.Request.Forgery MEDIUM" "catch-gallery 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "chat-bubble No.known.fix Admin+.Stored.XSS LOW" "chat-bubble No.known.fix Settings.Update.via.CSRF MEDIUM" "chat-bubble 2.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "contact-form-builder 1.0.69 CSRF.to.LFI HIGH" "custom-banners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-banners 3.3 CSRF.Nonce.Bypass.in.saveCustomFields MEDIUM" "custom-banners 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "custom-css 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "custom-login-redirect No.known.fix CSRF.to.Stored.XSS HIGH" "commentluv No.known.fix Unauthenticated.SSRF MEDIUM" "cm-registration-pro 3.2.1 PHP.Object.Injection MEDIUM" "canvasflow No.known.fix Reflected.XSS HIGH" "chatbot-support-ai No.known.fix Admin+.Stored.XSS LOW" "comment-engine-pro No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "custom-url-shorter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "create-with-code 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "copify No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "contact-form-7-mailchimp-extension No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-mailchimp-extension No.known.fix Subscriber+.Server-Side.Request.Forgery MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Update MEDIUM" "chatbot-chatgpt 2.1.9 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Assistant.Modification MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Addition MEDIUM" "chatbot-chatgpt 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Deletion MEDIUM" "chatbot-chatgpt 1.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.0.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chatbot-chatgpt 2.0.0 Unauthenticated.Arbitrary.File.Upload.via.chatbot_chatgpt_upload_file_to_assistant.Function CRITICAL" "custom-permalinks 2.7.0 Authenticated(Editor+).Stored.Cross-Site.Scripting MEDIUM" "codestyling-localization No.known.fix Multiple.CSRF HIGH" "cheetaho-image-optimizer 1.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "cart66-lite 1.5.5 XSS MEDIUM" "category-posts 4.9.18 Admin+.Stored.XSS LOW" "category-posts 4.9.17 Admin+.Stored.XSS LOW" "cloak-front-end-email 1.9.2 Contributor+.Stored.XSS MEDIUM" "contact-form-7 5.9.5 Unauthenticated.Open.Redirect MEDIUM" "contact-form-7 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7 5.8.4 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "contact-form-7 5.3.2 Unrestricted.File.Upload HIGH" "contact-form-7 5.0.4 register_post_type().Privilege.Escalation CRITICAL" "change-wc-price-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "change-wc-price-title 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "currency-per-product-for-woocommerce 1.7.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "cm-email-blacklist 1.5.4 Reflected.XSS HIGH" "cm-email-blacklist 1.4.9 Add/Delete.Emails.via.CSRF.Add.and.delete.any.item.from.blacklist/whitelist MEDIUM" "cost-of-goods-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "cliengo No.known.fix Cross-Site.Request.Forgery MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Unauthenticated.Chatbot.Settings.Update MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Authorized.(Subscriber+).Chatbot.Settings.Update MEDIUM" "create-custom-dashboard-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "create-custom-dashboard-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "credit-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.0.4 Admin+.Stored.XSS LOW" "cf7-antispam 0.6.1 Reflected.Cross-Site.Scripting MEDIUM" "christmasify 1.5.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "capability-manager-enhanced 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capability-manager-enhanced 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "capability-manager-enhanced 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "clickwhale 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cm-answers 3.2.7 Missing.Authorization MEDIUM" "cm-answers 3.2.0 Admin+.Stored.XSS LOW" "customer-chat-facebook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customer-chat-facebook No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customer-chat-facebook No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "custom-add-user No.known.fix Reflected.Cross-Site.Scripting HIGH" "cardgate 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "cardgate 3.1.16 Unauthorised.Payments.Hijacking.and.Order.Status.Spoofing HIGH" "crelly-slider 1.4.7 Admin+.Stored.XSS LOW" "crelly-slider 1.4.6 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "crelly-slider No.known.fix Admin+.Stored.XSS LOW" "crelly-slider 1.3.5 Arbitrary.File.Upload HIGH" "caddy 1.9.8 Cross-Site.Request.Forgery MEDIUM" "coreactivity 2.1 Unauthenticated.IP.Spoofing MEDIUM" "coreactivity 1.8.1 Unauthenticated.Stored.XSS HIGH" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Creation.to.Stored.XSS HIGH" "cp-multi-view-calendar 1.4.01 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cm-pop-up-banners 1.7.6 Reflected.XSS HIGH" "cm-pop-up-banners 1.7.3 Contributor+.Stored.XSS MEDIUM" "cm-pop-up-banners 1.6.6 Contributor+.Stored.XSS MEDIUM" "clickcease-click-fraud-protection 3.2.5 Improper.Authorization.to.sensitive.information.exposure.via.get_settings MEDIUM" "clickcease-click-fraud-protection 3.2.8 Cross-Site.Request.Forgery MEDIUM" "customize-my-account-for-woocommerce 2.7.30 Reflected.Cross-Site.Scripting.via.tab.Parameter MEDIUM" "customize-my-account-for-woocommerce 1.8.4 Cross-Site.Request.Forgery.via.restore_my_account_tabs MEDIUM" "coming-soon-wp 2.1.3 Maintenance.Mode.Bypass MEDIUM" "coming-soon-wp 1.6.7 Admin+.Stored.Cross-Site.Scripting MEDIUM" "codepress-admin-columns 4.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "codepress-admin-columns 4.3 Admin+.Stored.XSS.in.Label LOW" "ckeditor-for-wordpress 4.5.3.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "call-now-button 1.4.14 Cross-Site.Request.Forgery MEDIUM" "call-now-button 1.4.7 Admin+.Stored.XSS LOW" "call-now-button 1.1.2 Reflected.Cross-Site.Scripting LOW" "charity-addon-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "charity-addon-for-elementor 1.3.3 Contributor+.Stored.XSS MEDIUM" "charity-addon-for-elementor 1.3.2 .Contributor+.Stored.XSS MEDIUM" "custom-post-type-cpt-cusom-taxonomy-ct-manager No.known.fix Stored.XSS.via.CSRF HIGH" "custom-admin-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "crm-perks-forms 1.1.6 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "crm-perks-forms 1.1.5 Unauthenticated.SQL.Injection CRITICAL" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.1 Reflected.XSS HIGH" "cm-video-lesson-manager-pro 3.5.9 Admin+.Stored.Cross-Site.Scripting LOW" "campaign-url-builder 1.8.2 Contributor+.Stored.XSS MEDIUM" "checklist 1.1.9 Unauthenticated.Reflected.XSS MEDIUM" "commenting-feature 3.2 Reflected.Cross-Site.Scripting MEDIUM" "commenting-feature 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cache-images 3.2.1 Image.Upload./.Import.via.CSRF MEDIUM" "cforms2 15.0.7 Unauthenticated.Stored.XSS HIGH" "cforms2 15.0.7 Admin+.Stored.XSS LOW" "cforms2 15.0.5 Settings.Update.via.CSRF MEDIUM" "cforms2 15.0.2 Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms2 14.13.3 Multiple.XSS MEDIUM" "cforms2 14.13 SQL.Injection CRITICAL" "cforms2 14.6.10 SQL.Injection CRITICAL" "contact-form-7-multi-step-addon 1.0.7 Injected.Backdoor CRITICAL" "cryout-serious-slider 1.2.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cryout-serious-slider 1.2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cryout-serious-slider 1.2.5 Cross-Site.Request.Forgery MEDIUM" "ceceppa-multilingua No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "cf7-styler-for-divi 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler-for-divi 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "classic-editor-addon 2.6.4 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "classic-editor-addon 2.6.4 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "cwd-3d-image-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-simple-rss 2.0.7 CSRF MEDIUM" "capabilities-pro 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capabilities-pro 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "currency-converter-widget-pro 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comment-license 1.4.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "configure-smtp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coupon-creator 3.1.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "coupon-creator 3.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "category-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.14 Contributor+.Stored.XSS MEDIUM" "custom-landing-pages-leadmagic No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "car-demon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "code-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "callrail-phone-call-tracking 0.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "callrail-phone-call-tracking 0.4.10 Stored.XSS.via.CSRF MEDIUM" "chronoforms No.known.fix CSRF MEDIUM" "croma-music 3.6.1 Authenticated.(Subscriber+).Arbitrary.Options.Update.in.ironMusic_ajax HIGH" "crm-customer-relationship-management-by-vcita 2.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "crm-customer-relationship-management-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "credova-financial 1.4.9 Sensitive.Information.Disclosure MEDIUM" "client-portal-suitedash-login 1.8.0 Admin+.Stored.XSS LOW" "cpt-speakers No.known.fix Speakers.<=.1.1.-.Admin+.Stored.XSS LOW" "conversation-watson 0.8.21 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "coupon-reveal-button 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cgc-maintenance-mode No.known.fix Sensitive.Information.Exposure MEDIUM" "cgc-maintenance-mode No.known.fix IP.Spoofing MEDIUM" "clean-contact No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "custom-content-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "custom-content-shortcode No.known.fix Contributor+.LFI CRITICAL" "custom-content-shortcode 4.0.2 Authenticated.Arbitrary.File.Access./.LFI HIGH" "custom-content-shortcode 4.0.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "custom-content-shortcode 4.0.1 Unauthorised.Arbitrary.Post.Metadata.Access MEDIUM" "custom-tinymce-shortcode-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-round-robin-lead-distribution No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "conditional-marketing-mailer 1.6 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "conditional-marketing-mailer 1.5.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "cart-weight-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cart-weight-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "campation-postoffice No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "campation-postoffice 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-live-preview No.known.fix Missing.Authorization.via.update_option MEDIUM" "call-me-now No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-header-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "christmas-greetings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cloudflare 4.12.3 Missing.Authorization.via.initProxy MEDIUM" "cloudflare 1.1.12 Unauthenticated.RCE.via.PHPUnit CRITICAL" "cf7-constant-contact No.known.fix Cross-Site.Request.Forgery MEDIUM" "cf7-constant-contact 1.1.5 Open.Redirect MEDIUM" "cf7-constant-contact 1.1.0 Reflected.Cross-Site.Scripting HIGH" "christian-science-bible-lesson-subjects 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "connect-daily-web-calendar 1.4.5 Multiple.Reflected.XSS HIGH" "cultbooking-booking-engine No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "commerce-coinbase-for-woocommerce 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "commerce-coinbase-for-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-fields-search 1.3.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "custom-fonts 2.1.5 Author+.Stored.XSS MEDIUM" "cf7-database 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calculated-fields-form 5.2.64 Denial.of.Service MEDIUM" "calculated-fields-form 5.2.46 HTML.Injection MEDIUM" "calculated-fields-form 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "calculated-fields-form 5.1.57 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "calculated-fields-form 1.2.53 Contributor+.Stored.XSS MEDIUM" "calculated-fields-form 1.2.29 Contributor+.Open.Redirect MEDIUM" "calculated-fields-form 1.2.41 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "calculated-fields-form 1.1.151 Admin+.Stored.Cross-Site.Scripting.via.Dropdown.Fields LOW" "calculated-fields-form 1.0.354 Authenticated.Stored.XSS MEDIUM" "chameleon-jobs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cost-calculator-builder-pro 3.2.16 Unauthenticated.SQL.Injection.via.data HIGH" "cost-calculator-builder-pro No.known.fix .Unauthenticated.Price.Manipulation MEDIUM" "cost-calculator-builder-pro 3.1.76 Unauthenticated.Arbitrary.Email.Sending MEDIUM" "cost-calculator-builder-pro 3.1.73 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cost-calculator-builder-pro 3.1.68 Unauthenticated.Cross-Site.Scripting.via.SVG.Upload HIGH" "configure-conference-room No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comment-form 1.2.1 Admin+.Authenticated.Stored.XSS LOW" "countdown-wpdevart-extended 1.8.3 Admin+.Stored.XSS LOW" "countdown-wpdevart-extended 1.5.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "chamber-dashboard-business-directory 3.3.11 Missing.Authorization MEDIUM" "chamber-dashboard-business-directory 3.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "convert-classic-editor-to-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convert-classic-editor-to-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-grabber No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "custom-post-type-lockdown No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "contact-form-multi 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "catch-infinite-scroll 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "citadela-directory No.known.fix Unauthenticated.Sensitive.Information.Exposure HIGH" "citadela-directory No.known.fix Cross-Site.Request.Forgery MEDIUM" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "cf7-hubspot 1.3.2 Cross-Site.Request.Forgery MEDIUM" "cf7-hubspot 1.2.0 Reflected.Cross-Site.Scripting HIGH" "currency-converter-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "combo-wp-rewrite-slugs No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "cookie-notice-and-consent-banner 1.7.2 Admin+.Stored.XSS LOW" "control-horas No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "card-games No.known.fix CSRF.Bypass NONE" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.32 Admin+.Stored.Cross-Site.Scripting LOW" "content-staging No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "clean-login 1.14.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "clean-login 1.13.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clean-login 1.12.6.4 Reflected.Cross-Site.Scripting MEDIUM" "clean-login 1.8 Change.Redirect.URL.CSRF MEDIUM" "clean-login 1.5.1 Reflected.XSS MEDIUM" "catalyst-connect-client-portal 2.1.0 Admin+.Stored.XSS LOW" "catalyst-connect-client-portal 2.1.0 Reflected.XSS HIGH" "chessgame-shizzle 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "catch-web-tools 2.7.1 Subscriber+.Arbitrary.Catch.IDs.Activation/Deactivation MEDIUM" "catch-web-tools 2.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "chat-bee No.known.fix Admin+.Stored.XSS LOW" "custom-admin-page 0.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "companion-auto-update 3.3.6 Authenticated.SQL.Injection CRITICAL" "cleanup-action-scheduler 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "clicksold-wordpress-plugin No.known.fix Admin+.XSS LOW" "coming-soon-master 1.1 Reflected.Cross-Site.Scripting MEDIUM" "contentlock No.known.fix Groups/Emails.Deletion.via.CSRF MEDIUM" "contentlock No.known.fix Settings.Update.via.CSRF MEDIUM" "contentlock No.known.fix Email.Adding.via.CSRF MEDIUM" "custom-user-css No.known.fix Settings.Update.via.CSRF MEDIUM" "coschedule-by-todaymade 3.3.9 CSRF MEDIUM" "complianz-gdpr 7.0.0 Cross-Site.Request.Forgery.to.Data.Request.Deletion MEDIUM" "complianz-gdpr 6.5.6 Admin+.Stored.XSS LOW" "complianz-gdpr 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr 6.3.4 Translator.SQLi MEDIUM" "complianz-gdpr 6.0.0 GDPR/CCPA.Cookie.Consent.<.6.0.0.-.Reflected.Cross-Site.Scripting MEDIUM" "chaty-pro 2.8.2 Reflected.Cross-Site.Scripting HIGH" "cm-on-demand-search-and-replace 1.4.3 Reflected.XSS HIGH" "cm-on-demand-search-and-replace 1.3.9 Plugin.Reset.via.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Multiple.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Admin+.Stored.XSS LOW" "car No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "connatix-video-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customize-login-image 3.5.3 Admin+.Stored.Cross-Site.Scripting LOW" "conversational-forms 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.2.0 Unauthenticated.Arbitrary.File.Download HIGH" "conversational-forms 1.17 Admin+.Stored.XSS LOW" "cool-facebook-page-feed-timeline No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cww-companion 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-searchable-data-entry-system No.known.fix Unauthenticated.Data.Modification.and.Deletion CRITICAL" "controlled-admin-access 1.5.6 Improper.Access.Control.to.Privilege.Escalation HIGH" "controlled-admin-access 1.5.2 Improper.Access.Control.&.Privilege.Escalation HIGH" "core-control No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "course-migration-for-learndash No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "convoworks-wp 0.22.15 Reflected.Cross-Site.Scripting MEDIUM" "convoworks-wp 0.22.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "curtain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "curtain 1.0.2 Unauthenticated.Maintenance.Mode.Switch HIGH" "course-booking-system No.known.fix Unauthenticated.SQL.Injection HIGH" "colorlib-coming-soon-maintenance No.known.fix Information.Exposure MEDIUM" "colorlib-coming-soon-maintenance 1.0.99 Admin+.Stored.Cross.Site.Scripting LOW" "codesnips No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-summary-and-print 1.2.6 Settings.Update.via.CSRF MEDIUM" "codoc 0.9.52 Reflected.Cross-Site.Scripting MEDIUM" "caret-country-access-limit 1.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "content-cards No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "content-cards 0.9.7 Cross-Site.Scripting.(XSS) MEDIUM" "comment-images-reloaded No.known.fix Authenticated.(Subscriber+).Arbitrary.Media.Deletion MEDIUM" "coinbase-commerce-for-contact-form-7 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-post-type-page-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-tiktok-video-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cits-support-svg-webp-media-upload 3.0 Author+.Stored.XSS.via.SVG MEDIUM" "custom-login-page No.known.fix Reflected.XSS HIGH" "cab-fare-calculator 1.1.7 Admin+.Stored.XSS LOW" "cab-fare-calculator 1.0.4 Unauthenticated.LFI MEDIUM" "cf7-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "cardoza-facebook-like-box 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.7.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).PHP.Object.Injection MEDIUM" "countdown-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "countdown-builder No.known.fix Pro.Features.Lock.Bypass LOW" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-integrated-with-google-maps 2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cookie-notice 2.4.18 Admin+.Stored.XSS LOW" "cookie-notice 2.4.7 Contributor+.Stored.XSS MEDIUM" "cookie-notice 2.4.7 Contributor+.XSS MEDIUM" "cookie-notice 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "cimy-header-image-rotator No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "custom-css-js-php No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "custom-css-js-php No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "comments-like-dislike 1.2.0 Subscriber+.Settings.Reset MEDIUM" "comments-like-dislike 1.1.4 Add.Like/Dislike.Bypass MEDIUM" "cmyee-momentopress 1.0.2 Contributor+.Stored.XSS MEDIUM" "cookiehub 1.1.1 Missing.Authorization MEDIUM" "check-email 1.0.10 Unauthenticated.Hook.Injection HIGH" "check-email 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "check-email 1.0.4 Reflected.Cross-Site.Scripting HIGH" "check-email 1.0.3 Admin+.SQL.Injections MEDIUM" "check-email 0.5.2 Cross-Site.Scripting.(XSS) MEDIUM" "chained-quiz 1.3.3 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "chained-quiz 1.3.2.9 Missing.Authorization MEDIUM" "chained-quiz 1.3.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.6 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.1 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.5 Submitted.Quiz.Response.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.4 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.3 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.5 Arbitrary.Quiz.Deletion.&.Copying.via.CSRF MEDIUM" "chained-quiz 1.3.2.5 Arbitrary.Question.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.2.7.2 Authenticated.Stored.Cross.Site.Scripting LOW" "chained-quiz 1.1.9.1 Authenticated.Stored.XSS MEDIUM" "chained-quiz 1.1.8.2 Unauthenticated.Reflected.XSS CRITICAL" "chained-quiz 1.0.9 Unauthenticated.SQL.Injection MEDIUM" "cognito-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "curatorio 1.9.2 Contributor+.Stored.XSS MEDIUM" "cforms No.known.fix Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms No.known.fix Multiple.XSS MEDIUM" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix Remote.Code.Execution.via.Unauthorised.File.Upload MEDIUM" "cforms 13.2 XSS MEDIUM" "cforms 10.5 XSS MEDIUM" "custom-field-template 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Information.Exposure MEDIUM" "custom-field-template 2.6.2 Authenticated(Constibutor+).Stored.Cross-Site.Scripting.via.Custom.Field.Name MEDIUM" "custom-field-template 2.6.2 Authenticated.(Admin+).Stored.Cross-Site.Scritping MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "custom-field-template 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$search_label MEDIUM" "custom-field-template 2.6 Reflected.Cross-Site.Scripting HIGH" "custom-field-template 2.5.9 Cross-Site.Request.Forgery MEDIUM" "custom-field-template 2.5.8 Admin+.PHP.Object.Injection LOW" "custom-field-template 2.5.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-field-template 2.5.2 Cross-Site.Request.Forgery MEDIUM" "custom-post-limits No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "cf7-repeatable-fields 2.0.2 Repeatable.Fields.<.2.0.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.field_group.Shortcode MEDIUM" "continuous-image-carousel-with-lightbox 1.0.16 Reflected.XSS HIGH" "custom-field-manager No.known.fix Reflected.XSS.Vulnerability HIGH" "category-ajax-filter 2.8.3 Unauthenticated.Local.File.Inclusion CRITICAL" "cartpops 1.4.28 Reflected.Cross-Site.Scripting MEDIUM" "cartpops 1.4.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "custom-scroll-bar-designer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "checkout-freemius-rewamped 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "content-aware-sidebars 3.19.1 Reflected.Cross-Site.Scripting MEDIUM" "content-aware-sidebars 3.17.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-aware-sidebars 3.8.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "catch-duplicate-switcher 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "cf7-google-sheets-connector 5.0.18 Missing.Authorization MEDIUM" "cf7-google-sheets-connector 5.0.10 Missing.Authorization.to.Limited.Site.Configuration.Update MEDIUM" "cf7-google-sheets-connector 5.0.6 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log HIGH" "cf7-google-sheets-connector 5.0.2 Reflected.XSS HIGH" "crazy-bone No.known.fix Unauthenticated.Stored.XSS HIGH" "crazy-bone 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "custom-post-type-gui No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-collector No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-collector No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "charitable 1.8.3.1 Reflected.Cross-Site.Scripting MEDIUM" "charitable 1.8.1.15 Insecure.Direct.Object.Reference.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "charitable 1.8.1.8 Missing.Authorization.to.Unauthorized.Donation MEDIUM" "charitable 1.8.1.8 Missing.Authorization.via.ajax_license_check() MEDIUM" "charitable 1.7.0.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.7.0.13 Unauthenticated.Privilege.Escalation CRITICAL" "charitable 1.7.0.11 Reflected.XSS HIGH" "charitable 1.6.51 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "charitable 1.6.51 Donation.Plugin.<.1.6.51.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "charitable 1.5.14 Unauthorised.Access HIGH" "country-flags-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-more-link-complete No.known.fix Admin+.Stored.XSS LOW" "custom-database-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cart-tracking-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "calendar No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "calendar 1.3.11 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "country-state-city-auto-dropdown 2.7.3 Unauthenticated.SQL.Injection CRITICAL" "country-state-city-auto-dropdown 2.7.2 Missing.Authorization MEDIUM" "count-per-day 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "count-per-day 3.5.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "count-per-day 3.4.1 SQL.Injection MEDIUM" "cbxpetition No.known.fix Unauthenticated.SQLi HIGH" "court-reservation 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "court-reservation 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cj-change-howdy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "content-excel-importer 4.3 Reflected.Cross-Site.Scripting MEDIUM" "ct-ultimate-gdpr 2.5 Unauthenticated.Plugin.Settings.Export.and.Import CRITICAL" "comments-disable-accesspress 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "custom-fields-shortcode No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "column-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "calendarista 15.5.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "carts-guru 1.4.6 Unauthenticated.Object.Injection CRITICAL" "cp-image-store 1.0.68 Unauthenticated.SQLi HIGH" "custom-layouts 1.4.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contest-code-checker 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.8 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cyan-backup 2.5.4 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "cookie-scanner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "checkout-files-upload-woocommerce 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-donation-box 1.8 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cardealer 4.48 Missing.Authorization MEDIUM" "cardealer 4.16 Admin+.Content.Injection LOW" "cardealer 3.05 Subscriber+.Arbitrary.Plugin.Installation HIGH" "contact-forms-builder No.known.fix Authentication.Request.Bypass MEDIUM" "contact-forms-builder No.known.fix Reflected.XSS HIGH" "categories-gallery-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "camptix 1.5.1 CSV.Injection.Bypasses.and.XSS HIGH" "commenttweets No.known.fix Settings.Update.via.CSRF MEDIUM" "code-generator-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "coneblog-widgets 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-manager 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-bulk-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customer-reviews-collector-for-woocommerce 4.0 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "countdown-time 1.2.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "content-hubs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-hubs 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "companion-sitemap-generator 4.5.3 Reflected.XSS HIGH" "companion-sitemap-generator 4.5.3 Contributor+.Stored.XSS MEDIUM" "companion-sitemap-generator 3.7.0 CSRF HIGH" "circles-gallery No.known.fix Admin+.Stored.XSS LOW" "conversion-de-moneda No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-page-templates-by-vegacorp 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "custom-page-templates-by-vegacorp 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "card-oracle 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "card-oracle 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "compact-wp-audio-player 1.9.15 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "compact-wp-audio-player 1.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sc_embed_player.Shortcode MEDIUM" "compact-wp-audio-player 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fileurl MEDIUM" "compact-wp-audio-player 1.9.8 Contributor+.Stored.XSS MEDIUM" "compact-wp-audio-player 1.9.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "compact-wp-audio-player 1.9.7 Setting.Change.via.CSRF MEDIUM" "custom-widget-classes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.43 Settings.update.via.CSRF MEDIUM" "cost-calculator-builder 3.2.29 Admin+.SQL.Injection MEDIUM" "cost-calculator-builder 3.2.16 Unauthenticated.SQL.Injection CRITICAL" "cost-calculator-builder 3.2.13 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Creation MEDIUM" "cost-calculator-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "cp-contact-form-with-paypal 1.3.53 Cross-Site.Request.Forgery MEDIUM" "cp-contact-form-with-paypal 1.3.02 Multiple.XSS MEDIUM" "cp-contact-form-with-paypal 1.1.6 Multiple.Vulnerabilities HIGH" "comments-import-export-woocommerce 2.3.9 Authenticated.(Author+).Arbitrary.File.Read.via.Directory.Traversal MEDIUM" "comments-import-export-woocommerce 2.3.6 Cross-Site.Request.Forgery MEDIUM" "comments-import-export-woocommerce 2.1.11 Cross-Site.Request.Forgery.(CSRF).Issue HIGH" "correosoficial No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "clickbank-storefront No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "conditional-payment-methods-for-woocommerce No.known.fix Admin+.SQLi MEDIUM" "cms-tree-page-view 1.6.8 Reflected.XSS HIGH" "content-warning-v2 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cloudnet-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "check-zipcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "check-zipcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chart-builder 2.9.6 Unauthenticated.Local.File.Inclusion.via.source CRITICAL" "chart-builder 2.7.7 Reflected.Cross-Site.Scripting MEDIUM" "chart-builder 2.0.7 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chart-builder 1.9.7 Admin+.Stored.XSS LOW" "cnzz51la-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chesstempoviewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chilexpress-oficial No.known.fix Reflected.XSS HIGH" "control-block-patterns No.known.fix Missing.Authorization MEDIUM" "custom-field-for-wp-job-manager 1.4 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-for-wp-job-manager 1.3 .Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.Shortcode MEDIUM" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-to-tweet No.known.fix Reflected.XSS HIGH" "click-to-tweet No.known.fix Missing.Authorization MEDIUM" "collect-and-deliver-interface-for-woocommerce 5.5.6 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "collect-and-deliver-interface-for-woocommerce 5.1.9 Reflected.Cross-Site-Scripting MEDIUM" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Deletion MEDIUM" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "cryptocurrency-widgets-pack 2.0 Unauthenticated.SQLi HIGH" "cms-press No.known.fix Admin+.Stored.XSS LOW" "cardoza-3d-tag-cloud No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cardoza-3d-tag-cloud No.known.fix Stored.XSS.via.CSRF MEDIUM" "contact-form-7-sms-addon 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "call-now-icon-animate No.known.fix Admin+.Stored.XSS LOW" "caxton No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "caxton 1.30.1 Reflected.Cross-Site.Scripting MEDIUM" "caxton 1.30.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "camera-slideshow No.known.fix Reflected.Cross-Site.Scripting HIGH" "captcha-them-all 1.4 Admin+.Stored.XSS LOW" "compare-affiliated-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "compare-affiliated-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-post-view-generator No.known.fix Reflected.Cross-Site.Scripting HIGH" "crm-memberships No.known.fix Admin+.Stored.XSS LOW" "cm-business-directory 1.4.2 Reflected.XSS HIGH" "counter-box 2.0.6 Cross-Site.Request.Forgery MEDIUM" "counter-box 1.2.4 Counter.Deletion.via.CSRF MEDIUM" "counter-box 1.2.2 Reflected.XSS MEDIUM" "counter-box 1.2.1 Arbitrary.Counter.Activation/Deactivation.via.CSRF MEDIUM" "counter-box 1.2 Admin+.LFI MEDIUM" "captcha-bank No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chative-live-chat-and-chatbot 1.2 Channel/Org.ID.Update.via.CSRF MEDIUM" "catchers-helpdesk No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "custom-post-type-templates-for-elementor 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "complete-open-graph No.known.fix Admin+.Stored.XSS LOW" "clevernode-related-content 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-recaptcha-mine 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "cardinity-free-payment-gateway-for-woocommerce 3.0.7 Reflected.Cross-Site.Scripting HIGH" "cf7-store-to-db-lite 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cf7-store-to-db-lite 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "custom-product-list-table No.known.fix Cross-Site.Request.Forgery MEDIUM" "crayon-syntax-highlighter No.known.fix Contributor+.Server.Side.Request.Forgery MEDIUM" "crayon-syntax-highlighter No.known.fix Cross-Site.Request.Forgery MEDIUM" "crayon-syntax-highlighter 2.8.4 Multiple.XSS MEDIUM" "checkout-fees-for-woocommerce 2.12.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "custom-post-types 5.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.3 Admin+.Stored.XSS LOW" "classic-editor-and-classic-widgets 1.4.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "classic-editor-and-classic-widgets 1.2.6 Settings.Update.via.CSRF MEDIUM" "conditional-payments 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "catch-ids 2.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-post-type-ui 1.13.5 Debug.Info.Sending.via.CSRF LOW" "category-icon 1.0.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "coming-soon 6.18.4 Editor+.Stored.XSS MEDIUM" "coming-soon 6.15.22 Unauthenticated.Plugin.Page.Content.Update MEDIUM" "coming-soon 6.15.15.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "coming-soon 5.1.2 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "css-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "colorful-categories 2.0.15 Arbitrary.Colors.Update.via.CSRF MEDIUM" "content-audit-exporter No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Editor+).Local.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Contributor+).Limited.Local.PHP.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-style No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "constant-contact-forms 2.4.3 Information.Disclosure.via.Log.Files MEDIUM" "constant-contact-forms 1.8.8 Multiple.Authenticated.Stored.XSS MEDIUM" "crypto 2.16 Cross-Site.Request.Forgery.to.Authentication.Bypass HIGH" "crypto 2.19 Authentication.Bypass.via.log_in CRITICAL" "crypto 2.20 Authentication.Bypass.via.register CRITICAL" "copyscape-premium 1.4.0 Stored.XSS.via.CSRF HIGH" "csv2wpec-coupon No.known.fix Unauthenticated.Remote.File.Upload HIGH" "custom-admin-login-styler-wpzest No.known.fix Admin+.Stored.XSS LOW" "child-theme-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cc-canadian-mortgage-calculator 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cosmetsy-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "child-support-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "child-support-calculator 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-file-download No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "company-updates-for-linkedin No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "coming-soons No.known.fix Under.Construction.<=.1.2.0.-.Admin+.Stored.Cross-Site.Scripting LOW" "countdown-block 1.1.2 Missing.Authorisation.in.AJAX.action MEDIUM" "clover-online-orders 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.moo_receipt_link.Shortcode MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Data.Update MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Plugin.Deactivation.and.Data.Deletion MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "clover-online-orders 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.5 Reflected.XSS HIGH" "contractor-contact-form-website-to-workflow-tool 4.1.0 Reflected.XSS HIGH" "colour-smooth-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpt-bootstrap-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpt-bootstrap-carousel No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "catch-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "competition-form No.known.fix Reflected.XSS HIGH" "competition-form No.known.fix Competition.Deletion.via.CSRF MEDIUM" "contact-form-submissions 1.7.3 Unauthenticated.Stored.XSS HIGH" "contact-form-submissions 1.7.1 Authenticated.Double.Query.SQL.injection MEDIUM" "contact-form-submissions 1.7.1 Authenticated.SQL.Injection MEDIUM" "conference-scheduler 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-list-table-example No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "capitalize-my-title No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-to-call-or-chat-buttons 1.5.0 Admin+.Stored.XSS LOW" "cf-geoplugin 8.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Menu.Creation/Deletion MEDIUM" "cf-geoplugin 8.7.0 Missing.Authorization.to.Unauthenticated.Shortcode.Execution MEDIUM" "cf-geoplugin 8.6.5 PHP.Object.Injection CRITICAL" "cf-geoplugin 8.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 8.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 7.13.12 Reflected.Cross-Site.Scripting HIGH" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinicalwp-core No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "contact-form-7-datepicker No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting.in.New.Chart LOW" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "clockwork-two-factor-authentication 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "caldera-forms-pro 1.8.2 Unauthenticated.Arbitrary.File.Read HIGH" "category-post-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "copy-or-move-comments No.known.fix Reflected.XSS HIGH" "copy-or-move-comments No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "codebard-help-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codebard-help-desk 1.1.2 Cross-Site.Request.Forgery MEDIUM" "comment-highlighter No.known.fix Authenticated.SQL.Injection MEDIUM" "content-no-cache 0.1.3 Unauthenticated.Private.Content.Disclosure MEDIUM" "content-sidebars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-sidebars 1.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "capa No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "canto 3.0.9 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto 3.0.7 Unauthenticated.RCE CRITICAL" "canto 3.0.5 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto No.known.fix Unauthenticated.Blind.SSRF MEDIUM" "custom-dashboard-widgets No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.cdw_DashboardWidgets HIGH" "contact-form-generator No.known.fix Contributor+.SQLi MEDIUM" "contact-form-generator 2.6.0 Reflected.XSS HIGH" "contact-form-generator 2.5.5 Multiple.Cross-Site.Request.Forgery.(CSRF) HIGH" "cf7-google-sheets-connector-pro 2.3.7 Reflected.XSS HIGH" "cc-coming-soon No.known.fix Reflected.XSS HIGH" "cherry-plugin 1.2.7 Unauthenticated.Arbitrary.File.Upload.and.Download CRITICAL" "campus-explorer-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "canva No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cleverwise-daily-quotes No.known.fix Stored.XSS.via.CSRF HIGH" "cluevo-lms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cluevo-lms No.known.fix Cross-Site.Request.Forgery.to.Module.Deletion MEDIUM" "cluevo-lms 1.11.0 Settings.Update.via.CSRF MEDIUM" "cluevo-lms 1.8.1 Admin+.Stored.Cross.Site.Scripting LOW" "custom-registration-form-builder-with-submission-manager 6.0.2.7 Unauthenticated.Privilege.Escalation.via.Password.Recovery CRITICAL" "custom-registration-form-builder-with-submission-manager 6.0.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 6.0.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.2.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 IP.Spoofing MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 Form.Submission.Limit.Bypass MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.6 Authenticated(Administrator+).SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.1 Missing.Authorization MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.2 Reflected.Cross-Site.Scripting.via.section_id MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.1.1 Unauthenticated.Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 5.2.1.0 Admin+.Arbitrary.Password.Update.via.IDOR MEDIUM" "custom-registration-form-builder-with-submission-manager 5.1.9.3 Form.Deletion.via.CSRF MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.2.2 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.6 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.8 Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 4.6.0.4 Multiple.Critical.Issues HIGH" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Authenticated.SQL.Injection.via.Form_id MEDIUM" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Multiple.Cross-Site.Scripting.(XSS) HIGH" "cool-timeline 2.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cool-timeline 2.0.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cool-timeline 2.0.3 Cross-Site.Request.Forgery MEDIUM" "crafthemes-demo-import No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload.in.process_uploaded_files HIGH" "crafthemes-demo-import No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation HIGH" "conditional-shipping-for-woocommerce 2.3.2 Ruleset.Toggle.via.CSRF MEDIUM" "cf7-salesforce 1.4.0 Cross-Site.Request.Forgery MEDIUM" "cf7-salesforce 1.2.6 Reflected.Cross-Site.Scripting HIGH" "case-study No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cb-logo-slider 4.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cb-logo-slider 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calendar-booking No.known.fix Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "calendar-booking No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "captivatesync-trade 2.0.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "chopslider No.known.fix Unauthenticated.Blind.SQL.Injection CRITICAL" "custom-post-type-pdf-attachment 3.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pdf_attachment.Shortcode MEDIUM" "custom-post-type-list-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "cancel-order-request-woocommerce 1.3.3 Admin+.Stored.XSS LOW" "classy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chaty 3.2.3 Admin+.Stored.XSS LOW" "chaty 3.1.9 Editor+.Stored.XSS LOW" "chaty 3.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "chaty 3.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.1 Reflected.XSS HIGH" "chaty 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.0.3 Admin+.SQLi MEDIUM" "chaty 2.8.4 Admin+.Stored.Cross-Site.Scripting MEDIUM" "chaty 2.8.3 Reflected.Cross-Site.Scripting HIGH" "classima-core 1.10 Reflected.Cross-Site.Scripting MEDIUM" "custom-tabs-for-products-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cssjockey-add-ons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "customize-login No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "contact-widgets-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "compute-links No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "cryptocurrency-prices No.known.fix Contributor+.Stored.XSS MEDIUM" "cf7-conditional-fields 2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-conditional-fields 2.4.14 Cross-Site.Request.Forgery.to.Plugin.Setting.Reset MEDIUM" "cf7-conditional-fields 2.4.2 Missing.Authorization MEDIUM" "contentstudio 1.2.6 Nonce.Disclosure HIGH" "contentstudio 1.2.6 Authorisation.Bypass HIGH" "contentstudio 1.2.6 Unauthorised.Function.Calls HIGH" "cooked 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cooked 1.8.0 Cooked.–.Recipe.Management.<=.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked 1.7.15.1 Contributor+.Stored.XSS MEDIUM" "cooked 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "cooked 1.7.9.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cooked 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "custom-welcome-guide 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "custom-welcome-guide 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "church-admin 5.0.9 Missing.Authorization MEDIUM" "church-admin 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "church-admin 4.4.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.4.5 Missing.Authorization MEDIUM" "church-admin 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 4.4.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "church-admin 4.2.0 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.0.28 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.7 Missing.Authorization MEDIUM" "church-admin 4.1.6 .Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.1.8 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.19 Missing.Authorization MEDIUM" "church-admin 4.0.28 Authenticated.(Contributor+).SQL.Injection HIGH" "church-admin 4.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "church-admin 4.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.meta-text MEDIUM" "church-admin 3.8.0 Server-Side.Request.Forgery.(SSRF) MEDIUM" "church-admin 3.7.6 Reflected.XSS HIGH" "church-admin 3.7.30 Reflected.XSS HIGH" "church-admin 3.4.135 Unauthenticated.Plugin's.Backup.Disclosure HIGH" "church-admin 1.2550 CSRF HIGH" "contact-list 2.9.88 Missing.Authorization.to.Notice.Dismissal MEDIUM" "contact-list 2.9.72 Reflected.Cross-Site.Scripting MEDIUM" "contact-list 2.9.50 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-list 2.9.42 Reflected.Cross-Site.Scripting HIGH" "cookiebot 3.6.1 CSRF.&.XSS LOW" "contests-from-rewards-fuel 2.0.66 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contests-from-rewards-fuel 2.0.65 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.update_rewards_fuel_api_key MEDIUM" "contests-from-rewards-fuel 2.0.63 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "classified-listing-store 1.4.20 Reflected.Cross-Site.Scripting MEDIUM" "custom-base-terms 1.0.3 Admin+.Stored.XSS LOW" "css3-rotating-words 5.7 Cross-Site.Request.Forgery MEDIUM" "css3-rotating-words 5.5 Cross-Site.Request.Forgery.via.save_admin_options MEDIUM" "custom-global-variables 1.1.1 Stored.Cross-Site.Scripting.(XSS) HIGH" "cliptakes 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "common-ninja No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "configure-login-timeout No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cpo-content-types 1.1.1 Admin+.Stored.XSS LOW" "canecto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-designer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "collapsing-archives 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.16.10 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.14.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "checkbox 0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "checkbox 0.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Contributor+.Stored.XSS MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Admin+.Stored.Cross.Site.Scripting MEDIUM" "custom-post-type-relations No.known.fix Reflected.Cross-Site.Scripting HIGH" "chat-viber 1.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-forms 1.9.5 Missing.Authorization.to.Unauthenticated.Form.Submission.Download MEDIUM" "contact-forms 1.9.3 Cross-Site.Request.Forgery.via.process_bulk_action.Function MEDIUM" "contact-forms 1.9.1 Admin+.Stored.XSS LOW" "contact-forms 1.8.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-forms 1.6.1 CSRF MEDIUM" "contact-forms 1.5.8 Cross-Site.Request.Forgery MEDIUM" "contact-forms 1.5.5 Reflected.XSS HIGH" "contact-forms 1.5.5 Unauthenticated.Stored.XSS HIGH" "contact-forms 1.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "customizable-captcha-and-contact-us-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cookie-law-bar No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cmp-coming-soon-maintenance 4.1.11 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "cmp-coming-soon-maintenance 4.1.8 Maintenance.Mode.Bypass MEDIUM" "cmp-coming-soon-maintenance 4.1.7 Unauthenticated.Post/Page.Access.in.Maintenance.Mode MEDIUM" "cmp-coming-soon-maintenance 4.0.19 Unauthenticated.Arbitrary.CSS.Update HIGH" "cmp-coming-soon-maintenance 3.8.2 Coming.Soon.&.Maintenance.<.3.8.2.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "coupons 1.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "catch-under-construction 1.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "craw-data No.known.fix Server.Side.Request.Forgery MEDIUM" "cookie-notice-consent 1.6.1 Admin+.Stored.XSS LOW" "cryptocurrency-widgets-for-elementor 1.6.5 Unauthenticated.Local.File.Inclusion HIGH" "cryptocurrency-widgets-for-elementor 1.3 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cp-image-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-image-gallery No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "custom-my-account-for-woocommerce No.known.fix Stored.XSS.via.CSRF HIGH" "crisp 0.45 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "crisp 0.32 CSRF.to.Stored.Cross-Site.Scripting HIGH" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "change-memory-limit No.known.fix Missing.Authorization.via.admin_logic() MEDIUM" "coming-soon-maintenance-mode 1.0.6 Information.Exposure MEDIUM" "cryptocurrency-price-ticker-widget 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-price-ticker-widget 2.6.9 Missing.Authorization MEDIUM" "cryptocurrency-price-ticker-widget 2.6.6 2.6.5.-.Unauthenticated.SQL.Injection CRITICAL" "cryptocurrency-price-ticker-widget 2.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "client-dash No.known.fix Missing.Authorization MEDIUM" "client-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "caldera-smtp-mailer No.known.fix Missing.Authorization MEDIUM" "contact-form-7-dynamic-text-extension 5.0.2 Cross-Site.Request.Forgery MEDIUM" "contact-form-7-dynamic-text-extension 4.5.1 Information.Disclosure.via.Shortcode MEDIUM" "contact-form-7-dynamic-text-extension 4.2.0 Insecure.Direct.Object.Reference MEDIUM" "cf7-email-add-on No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "content-audit 1.9.2 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "clickervolt No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "css-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatplusjp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-repeater No.known.fix Admin+.Stored.XSS LOW" "content-mask 1.8.4.1 Subscriber+.Arbitrary.Options.Update HIGH" "connections No.known.fix Authenticated.(Admin+).Arbitrary.Directory.Deletion MEDIUM" "connections 10.4.37 Contributor+.Stored.XSS MEDIUM" "connections 10.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "connections 9.7 Admin+.CSV.Injection MEDIUM" "connections 8.5.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "calendar-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "conditional-logic-for-woo-product-add-ons 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "cafe-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "cafe-lite 2.2.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.CAFE.Widgets MEDIUM" "cafe-lite 2.1.0 Contributor+.Stored.XSS MEDIUM" "cpt-shortcode No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cpt-shortcode No.known.fix Admin+.Stored.XSS LOW" "click-datos-lopd No.known.fix Reflected.XSS HIGH" "community-yard-sale No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "candifly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "create-block-theme 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "contact-form-by-supsystic 1.7.29 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-by-supsystic 1.7.29 Authenticated.(Admin+).Remote.Code.Execution HIGH" "contact-form-by-supsystic 1.7.28 CSRF MEDIUM" "contact-form-by-supsystic 1.7.25 CSRF MEDIUM" "contact-form-by-supsystic 1.7.20 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-by-supsystic 1.7.15 Reflected.Cross-Site.scripting.(XSS) HIGH" "contact-form-by-supsystic 1.7.11 Authenticated.SQL.Injections CRITICAL" "contact-form-by-supsystic 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-customizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "clipart No.known.fix Reflected.XSS HIGH" "captcha-code-authentication 3.0 Captcha.Bypass MEDIUM" "captcha-code-authentication 2.8 Settings.Update.via.CSRF MEDIUM" "cf7-cc-avenue-add-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cc-bmi-calculator 2.1.0 Contributor+.Stored.XSS MEDIUM" "cartoon-url No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "carousel-slider 2.0.0 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Editor+.Stored.XSS LOW" "carousel-slider 2.2.11 Editor+.Stored.XSS LOW" "carousel-slider 2.2.10 Editor+.Stored.XSS MEDIUM" "carousel-slider 2.2.7 Editor+.Stored.XSS LOW" "carousel-slider 2.2.3 Missing.Authorization MEDIUM" "chameleon-css No.known.fix Subscriber+.SQL.Injection CRITICAL" "constant-contact-forms-by-mailmunch 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "constant-contact-forms-by-mailmunch 2.1.0 Contributor+.Stored.XSS MEDIUM" "constant-contact-forms-by-mailmunch 2.0.11 Arbitrary.Settings.Update.via.CSRF MEDIUM" "contact-forms-anti-spam 2.2.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Change MEDIUM" "contact-forms-anti-spam 2.1.3 Advanced.Spam.protection.<.2.1.3.-.Admin+.Stored.XSS LOW" "contact-forms-anti-spam 0.10.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "contact-forms-anti-spam 0.10.4 IP.Validation.Bypass MEDIUM" "contact-forms-anti-spam 0.9.3 Unauthenticated.Stored.Cross-Site.Scripting.via.efas_add_to_log MEDIUM" "contact-forms-anti-spam 0.7.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "coming-soon-page 3.7.4 IP.Address.Spoofing.via.get_real_ip MEDIUM" "coming-soon-page 3.6.8 Arbitrary.Email.Sending.to.Subscribed.Users.via.CSRF LOW" "coming-soon-page 3.6.7 Subscriber+.Arbitrary.Email.Sending.to.Subscribed.Users MEDIUM" "coming-soon-page 3.5.3 Authenticated.Stored.XSS LOW" "contact-form-7-paypal-add-on 2.3.2 PayPal.&.Stripe.Add-on.<.2.3.2.-.Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "contact-form-7-paypal-add-on 1.9.4 Cross-Site.Request.Forgery MEDIUM" "cc-child-pages 1.43 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "canvasio3d-light No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "canvasio3d-light No.known.fix Subscriber+.Entries.Update/Deletion MEDIUM" "canvasio3d-light No.known.fix Reflected.XSS HIGH" "carousel-anything No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_subject MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_address MEDIUM" "contact-form-plugin 4.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 4.0.2 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 3.96 XSS MEDIUM" "contact-form-plugin 3.82 Unauthorized.Language.Manipulation MEDIUM" "contact-form-plugin 3.82 contact_form.php.cntctfrm_contact_email.Parameter.XSS MEDIUM" "clickdesigns 2.0.0 Missing.Authorization.to.API.Key.Modification.or.Removal MEDIUM" "catch-sticky-menu 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "devrix-dark-site 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "darkmysite No.known.fix Cross-Site.Request.Forgery MEDIUM" "demomentsomtres-grid-archive No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-grid-archive No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dynamic-url-seo 1.2 Cross-Site.Request.Forgery MEDIUM" "dynamic-url-seo 1.2 Reflected.XSS HIGH" "dukapress 2.5.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "devoluciones-packback No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "demomentsomtres-classify-on-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dark-mode-for-wp-dashboard 1.2.4 Cross-Site.Request.Forgery MEDIUM" "digital-publications-by-supsystic 1.7.8 Missing.Authorization MEDIUM" "digital-publications-by-supsystic 1.7.8 Cross-Site.Request.Forgery MEDIUM" "digital-publications-by-supsystic 1.7.7 Cross-Site.Request.Forgery.via.AJAX.action MEDIUM" "digital-publications-by-supsystic 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "digital-publications-by-supsystic 1.7.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "digital-publications-by-supsystic 1.6.12 Authenticated.Path.Traversal LOW" "delete-old-posts-programmatically 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "delete-old-posts-programmatically 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "donations-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "donations-block No.known.fix Unauthenticated.Stored.XSS HIGH" "donations-block 2.1.0 Contributor+.Stored.XSS MEDIUM" "depay-payments-for-woocommerce 2.12.18 Missing.Authorization.to.Information.Exposure MEDIUM" "deeper-comments No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "database-backups No.known.fix CSRF.to.Backup.Download HIGH" "drawit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "droit-dark-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "dashing-memberships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devexhub-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "dracula-dark-mode 1.0.9 The.Revolutionary.Dark.Mode.Plugin.For.WordPress.<.1.0.9.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "dracula-dark-mode 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "dejureorg-vernetzungsfunktion 1.98.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "drug-search No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "debug-tool No.known.fix Missing.Authorization MEDIUM" "debug-tool No.known.fix Unauthenticated.Arbitrary.File.Creation CRITICAL" "debug-tool No.known.fix Missing.Authorization.to.Information.Exposure MEDIUM" "drop-shadow-boxes 1.7.15 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "drop-shadow-boxes 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "drop-shadow-boxes 1.7.12 Reflected.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.11 Contributor+.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drop-shadow-boxes 1.7.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "dn-footer-contacts 1.6.3 Admin+.Stored.XSS LOW" "devnex-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ds-suit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "duplicate-page 4.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-page 3.4 Authenticated.SQL.Injection HIGH" "dp-intro-tours 6.5.3 Reflected.Cross-Site.Scripting MEDIUM" "dp-addthis No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delete-usermetas 1.2.0 Cross-Site.Request.Forgery MEDIUM" "ds-site-message No.known.fix Cross-Site.Request.Forgery MEDIUM" "database-for-cf7 1.2.5 Subscriber+.CF7.DB.Entries.Deletion MEDIUM" "download-attachments 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-attachments 1.3 Contributor+.Stored.XSS MEDIUM" "daggerhart-openid-connect-generic 3.8.2 Reflected.Cross.Site.Scripting.(XSS).via.Login.Error MEDIUM" "device-detector 4.2.1 Reflected.Cross-Site.Scripting.via.id MEDIUM" "dollie 6.2.1 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "delete-duplicate-posts 4.9 Missing.Authorization.via.AJAX.Actions MEDIUM" "delete-duplicate-posts 4.8.9 Reflected.Cross-Site.Scripting MEDIUM" "delete-duplicate-posts 4.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-duplicate-posts 4.1.9.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "dirtysuds-embed-pdf No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "disable-admin-notices No.known.fix Cross-Site.Request.Forgery MEDIUM" "dn-shipping-by-weight 1.2 Settings.Update.via.CSRF MEDIUM" "donate-button 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "democracy-poll No.known.fix Missing.Authorization MEDIUM" "democracy-poll 5.4 CSRF.&.XSS HIGH" "debrandify 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "different-shipping-and-billing-address-for-woocommerce 1.3 Unauthenticated.SQL.Injection HIGH" "dc-woocommerce-multi-vendor 4.2.15 Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "dc-woocommerce-multi-vendor 4.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Cross-Site.Request.Forgery.to.Vendor.Updates MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Missing.Authorization.to.Forged.Vendor.Profile.Deletion.Email.Sending MEDIUM" "dc-woocommerce-multi-vendor 4.2.1 Missing.Authorization.to.Limited.Vendor.Privilege.Escalation/Account.Takeover CRITICAL" "dc-woocommerce-multi-vendor 4.2.0 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 4.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.hover_animation.Parameter MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Missing.Authorization MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.0.26 Missing.Authorization HIGH" "dc-woocommerce-multi-vendor 4.0.24 Missing.Authorization.via.mvx_save_dashpages HIGH" "dc-woocommerce-multi-vendor 4.0.26 Improper.Authorization.on.REST.Routes.via.'save_settings_permission' HIGH" "dc-woocommerce-multi-vendor 3.8.12 Unauthorised.AJAX.Calls HIGH" "dc-woocommerce-multi-vendor 3.8.12 Unauthenticated.LFI MEDIUM" "dc-woocommerce-multi-vendor 3.8.12 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 3.8.4 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 3.7.4 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dc-woocommerce-multi-vendor 3.7.4 Unauthenticated.Arbitrary.Product.Comment MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery MEDIUM" "depicter 3.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.5.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.5.0 Missing.Authorization MEDIUM" "depicter 3.1.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "depicter 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Contributor+).Arbitrary.Nonce.Generation MEDIUM" "depicter 2.0.7 Settings.Update.via.CSRF MEDIUM" "directorypress 3.6.20 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "directorypress 3.6.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "directorypress 3.6.11 Contributor+.SQL.Injection HIGH" "directorypress 3.6.8 Reflected.Cross-Site.Scripting HIGH" "duplicate-variations-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "display-custom-post No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.4.4 Reflected.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.2.2 Admin+.Stored.XSS LOW" "dancepress-trwa No.known.fix Cross-Site.Request.Forgery MEDIUM" "dancepress-trwa 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "dancepress-trwa 2.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "devices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "devices No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "daves-wordpress-live-search No.known.fix Admin+.Stored.XSS LOW" "demomentsomtres-address No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-address No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "date-time-picker-field 2.3 Reflected.Cross-Site.Scripting MEDIUM" "date-time-picker-field 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dans-gcal 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "debounce-io-email-validator 5.6.6 Reflected.Cross-Site.Scripting MEDIUM" "dse-divi-section-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dokan-pro 3.11.0 Unauthenticated.SQL.Injection CRITICAL" "delete-me 3.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dk-pricr-responsive-pricing-table 5.1.11 Author+.Stored.XSS MEDIUM" "dk-pricr-responsive-pricing-table 5.1.8 Admin+.Stored.Cross-Site.Scriping LOW" "dk-pricr-responsive-pricing-table 5.1.7 Contributor+.Stored.XSS MEDIUM" "download-from-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "documentpress-display-any-document-on-your-site No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "display-future-posts No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "dologin 3.8 Missing.Authorization.via.REST.Endpoints MEDIUM" "dologin 3.7.1 Subscriber+.IP.Address.leak MEDIUM" "dologin 3.7 IP.Spoofing MEDIUM" "dologin 3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "divi-builder 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi-builder 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi-builder 4.0.10 Authenticated.Code.Injection MEDIUM" "divi-builder 2.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi-builder 1.2.4 Privilege.Escalation HIGH" "display-widgets 2.7 Backdoored MEDIUM" "donation-thermometer 2.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "digiproveblog No.known.fix Reflected.Cross-Site-Scripting MEDIUM" "directory-pro 1.9.5 Subscriber+.Privilege.Escalation CRITICAL" "demomentsomtres-mailchimp-immediate-send 3.201704281627 Reflected.Cross-Site.Scripting MEDIUM" "duplicator 1.5.10 Full.Path.Disclosure MEDIUM" "duplicator 1.5.7.1 Settings.Removal.via.CSRF MEDIUM" "duplicator 1.3.0 Unauthenticated.RCE CRITICAL" "duplicator 1.5.7.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator 1.4.7 Unauthenticated.Backup.Download HIGH" "duplicator 1.4.7.1 Unauthenticated.System.Information.Disclosure MEDIUM" "duplicator 1.3.28 Unauthenticated.Arbitrary.File.Download HIGH" "duplicator 1.2.42 Unauthenticated.Arbitrary.Code.Execution MEDIUM" "duplicator 1.2.33 Cross-Site.Scripting.(XSS) MEDIUM" "duplicator 1.2.29 Duplicator.<=.1,2,28.–.Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "double-opt-in-for-download 2.1.0 Authenticated.SQL.Injection CRITICAL" "document-emberdder 1.7.9 Subscriber+.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "document-emberdder 1.7.5 Unauthenticated.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "debug 1.11 CSRF MEDIUM" "duplica 0.7 Authenticated.(Subscriber+).Missing.Authorization.to.Users/Posts.Duplicates.Creation MEDIUM" "dont-muck-my-markup No.known.fix Cross-Site.Request.Forgery MEDIUM" "debug-functions-time 1.41 Reflected.Cross-Site.Scripting MEDIUM" "dsgvo-youtube 1.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dn-popup No.known.fix Settings.Update.via.CSRF MEDIUM" "dtc-documents No.known.fix Cross-Site.Request.Forgery MEDIUM" "delete-all-comments-of-website 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "draw-attention 2.0.16 Improper.Access.Control.via.register_cpt MEDIUM" "draw-attention 2.0.12 Subscriber+.Unauthorized.Featured.Image.Modification MEDIUM" "dearpdf-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "duogeek-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dovetail No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "dental-optimizer-patient-generator-app No.known.fix Reflected.XSS HIGH" "dynamic-content-for-elementor 2.12.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-content-for-elementor 1.9.6 Authenticated.RCE CRITICAL" "d-bargain 4.0.0 Admin+.Stored.XSS LOW" "duplicate-post-page-menu-custom-post-type 2.4.0 Subscriber+.Post.Duplication MEDIUM" "dr-affiliate No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "duitku-social-payment-gateway 2.11.7 Missing.Authorization.via.check_duitku_response MEDIUM" "dropbox-folder-share No.known.fix Unauthenticated.Server-Side.Request.Forgery.via.'link' HIGH" "dropbox-folder-share No.known.fix Unauthenticated.Remote.Code.Execution.via.LFI CRITICAL" "disable-right-click-for-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "digital-climate-strike-wp No.known.fix Redirect.to.Malicious.Website.due.to.Compromised.JS.Asset HIGH" "dforms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "domain-check 1.0.17 Reflected.Cross-Site.Scripting MEDIUM" "dl-yandex-metrika No.known.fix Admin+.Stored.XSS LOW" "docket-cache 21.08.02 Reflected.Cross-Site.Scripting HIGH" "datasets-manager-by-arttia-creative No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "disable-update-notifications 2.4.2 Settings.Update.via.CSRF MEDIUM" "display-a-meta-field-as-block 1.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "doofinder-for-woocommerce 2.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "doofinder-for-woocommerce 2.1.1 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "doofinder-for-woocommerce 2.1.8 Reflected.Cross-Site.Scripting HIGH" "delucks-seo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "delucks-seo 2.5.5 Missing.Authorization MEDIUM" "delhivery-logistics-courier No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "disabler 4.0.0 CSRF MEDIUM" "dark-mode 1.7 Stored.XSS MEDIUM" "dynamic-product-categories-design 1.1.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "domain-sharding No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dd-post-carousel 1.4.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "dzs-enable-debug No.known.fix Cross-Site.Request.Forgery MEDIUM" "denk-internet-solutions 6.0.0 Admin+.Stored.XSS LOW" "dino-game 1.2.0 Contributor+.Stored.XSS MEDIUM" "domain-mapping-system 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "domain-mapping-system 1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dw-promobar No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "download-manager 3.3.04 Missing.Authorization MEDIUM" "download-manager 3.3.04 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "download-manager 3.3.04 Unauthenticated.Download.of.Password-Protected.Files MEDIUM" "download-manager 3.3.03 Admin+.Stored.XSS LOW" "download-manager 3.3.00 Contributor+.Stored.XSS LOW" "download-manager 3.2.98 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "download-manager 3.2.99 Admin+.Stored.XSS LOW" "download-manager 3.2.90 Improper.Authorization.via.protectMediaLibrary HIGH" "download-manager 3.2.94 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "download-manager 3.2.87 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "download-manager 3.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm_modal_login_form.Shortcode MEDIUM" "download-manager 3.2.91 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm-all-packages.Shortcode MEDIUM" "download-manager 3.2.85 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.86 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.85 Unauthenticated.File.Download MEDIUM" "download-manager 3.2.83 Unauthenticated.Protected.File.Download.Password.Leak MEDIUM" "download-manager 3.2.71 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.71 Broken.Access.Controls MEDIUM" "download-manager 6.3.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "download-manager 3.2.62 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.60 Reflected.XSS HIGH" "download-manager 3.2.55 Admin+.Arbitrary.File/Folder.Access.via.Path.Traversal MEDIUM" "download-manager 3.2.50 Contributor+.PHAR.Deserialization HIGH" "download-manager 3.2.53 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.51 Contributor+.Arbitrary.File.Deletion HIGH" "download-manager 3.2.49 Clear.Stats.&.Cache.via.CSRF MEDIUM" "download-manager 3.2.49 Multiple.CSRF MEDIUM" "download-manager 3.2.50 Bypass.IP.Address.Blocking.Restriction MEDIUM" "download-manager 3.2.49 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.44 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.44 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.48 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.43 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.39 Unauthenticated.brute.force.of.files.master.key MEDIUM" "download-manager 3.2.35 Sensitive.Information.Disclosure HIGH" "download-manager 3.2.34 Authenticated.SQL.Injection.to.Reflected.XSS MEDIUM" "download-manager 3.2.22 Subscriber+.Stored.Cross-Site.Scripting HIGH" "download-manager 3.2.16 Admin+.Stored.Cross-Site.Scripting LOW" "download-manager 3.2.13 Email.Template.Setting.Update.via.CSRF MEDIUM" "download-manager 3.1.25 .Authenticated.Directory.Traversal MEDIUM" "download-manager 3.1.25 Authenticated.File.Upload MEDIUM" "download-manager 3.1.22 Plugin.Settings.Change.via.CSRF MEDIUM" "download-manager 3.1.23 Unauthorised.Asset.Manager.Usage HIGH" "download-manager 3.1.19 Authenticated.(author+).PHP4.File.Upload.to.RCE CRITICAL" "download-manager 3.1.18 Unauthorised.Download.Duplication MEDIUM" "download-manager 2.9.97 Various.Sanitisation.Issues MEDIUM" "download-manager 2.9.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.61 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-manager 2.9.50 Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.51 Open.Redirect HIGH" "document-data-automation 1.6.2 Cross-Site.Request.Forgery MEDIUM" "disable-dashboard-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "datamentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "defender-security 4.7.3 Missing.Authorization MEDIUM" "defender-security 4.4.2 IP.Address.Spoofing MEDIUM" "defender-security 4.2.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "defender-security 4.2.1 Masked.Login.Area.Security.Feature.Bypass MEDIUM" "defender-security 4.1.0 Protection.Bypass.(Hidden.Login.Page) MEDIUM" "defender-security 2.4.6.1 CSRF.Nonce.Bypasses MEDIUM" "dokan-lite 3.7.6 Unauthenticated.SQLi HIGH" "dokan-lite 3.6.4 Vendor.Stored.Cross-Site.Scripting MEDIUM" "dokan-lite 3.2.1 CSRF.Nonce.Bypasses MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery MEDIUM" "delicious-recipes 1.7.0 Improper.Path.Validation.to.Authenticated.(Subscriber+).Arbitrary.File.Move.and.Read HIGH" "delicious-recipes 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "data-tables-generator-by-supsystic 1.10.37 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.32 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.20 Admin+.Stored.Cross-Site.Scripting LOW" "data-tables-generator-by-supsystic 1.10.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "data-tables-generator-by-supsystic 1.10.0 Authenticated.SQL.Injection CRITICAL" "data-tables-generator-by-supsystic 1.9.92 Authenticated.Stored.XSS MEDIUM" "data-tables-generator-by-supsystic 1.9.92 Insecure.Permissions.on.AJAX.Actions MEDIUM" "data-tables-generator-by-supsystic 1.9.92 CSRF.to.Stored.XSS,.Data.Table.Creations,.Settings.Modification CRITICAL" "digipass No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "delete-all-comments-easily No.known.fix All.Comments.Deletion.via.CSRF MEDIUM" "dx-share-selection 1.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "dtracker No.known.fix Unauthorised.Contract.Creation HIGH" "dtracker No.known.fix Multiple.Unauthenticated.Blind.SQL.Injections HIGH" "debranding No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "debranding No.known.fix Privilege.Escalation HIGH" "dynamic-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "debug-assistant 1.5 Admin+.Stored.XSS LOW" "debug-assistant 1.5 Administrator.Account.Creation.via.CSRF HIGH" "do-that-task No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "doneren-met-mollie 2.10.3 Unauthenticated.Reflected.Cross-Site.Scripting.via.search MEDIUM" "doneren-met-mollie 2.8.5 Unauthorised.CSV.Export.leading.to.Sensitive.Data.Disclosure MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "duplicator-pro 4.5.14.2 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator-pro 4.5.11.1 Unauthenticated.Reflected.XSS HIGH" "duplicator-pro 3.8.7.1 Unauthenticated.Arbitrary.File.Download HIGH" "df-draggable No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "digits 8.4.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "demo-importer-plus 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "divebook No.known.fix Improper.Authorisation.Check MEDIUM" "divebook No.known.fix Unauthenticated.SQL.Injection CRITICAL" "divebook No.known.fix Unauthenticated.Reflected.XSS LOW" "demomentsomtres-wp-export No.known.fix Subscriber+.unauthorized.data.export MEDIUM" "demomentsomtres-wp-export 20200610 Reflected.Cross-Site.Scripting MEDIUM" "domain-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "doofinder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "doctor-listing 1.3.6 Subscriber+.Privilege.Escalation CRITICAL" "disable-comments 1.0.4 disable_comments_settings.php.Comment.Status.Manipulation.CSRF HIGH" "display-admin-page-on-frontend 1.21.1 Reflected.Cross-Site.Scripting MEDIUM" "display-admin-page-on-frontend 1.17.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dvk-social-sharing 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "display-post-metadata 1.5.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "dynamic-widgets 1.6.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-widgets 1.6 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-widgets 1.5.11 Authenticated.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "da-reactions 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "da-reactions 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "da-reactions 3.20.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "digital-lottery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "daily-image No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "disqus-conditional-load 11.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "docollipics-faustball-de 2.1.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "download-theme 1.1.0 Cross-Site.Request.Forgery MEDIUM" "dsdownloadlist No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "dpt-oauth-client No.known.fix CSRF MEDIUM" "dpt-oauth-client No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "deny-all-firewall 1.1.7 CSRF HIGH" "disable-image-right-click No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "dnui-delete-not-used-image-wordpress No.known.fix Deletion.of.images.through.CSRF MEDIUM" "download-monitor 5.0.14 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "download-monitor 5.0.13 Missing.Authorization.to.API.Key.Manipulation MEDIUM" "download-monitor 5.0.10 Missing.Authorization.to.Authenticated.(Subscriber+).Shop.Enable MEDIUM" "download-monitor 4.9.14 Missing.Authorization MEDIUM" "download-monitor 4.9.5 Authenticated.(Admin+).SQL.Injection HIGH" "download-monitor 4.8.2 Admin+.SSRF MEDIUM" "download-monitor 4.5.98 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.5.91 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Reflected.Cross-Site.Scripting MEDIUM" "download-monitor 4.4.7 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Admin+.Stored.Cross-Site.Scripting LOW" "download-monitor 4.4.5 Admin+.SQL.Injection MEDIUM" "download-monitor 1.9.7 Unauthenticated.Downloading.of.Logs MEDIUM" "download-monitor 1.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "download-monitor 1.6.4 Authenticated.Directory.Listing MEDIUM" "download-monitor 3.3.6.2 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "dop-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "duplicate-pp 3.5.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "devbuddy-twitter-feed No.known.fix Admin+.Stored.XSS LOW" "debug-log-manager 2.3.2 Missing.Authorization MEDIUM" "debug-log-manager 2.3.2 Missing.Authorization.via.toggle_debugging MEDIUM" "debug-log-manager 2.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-log-manager 2.3.0 Sensitive.Logs.Exposure MEDIUM" "debug-log-manager 2.2.2 Debug.Log.Clearing.via.CSRF MEDIUM" "debug-log-manager 2.2.2 Subscriber+.Debug.Log.Clearing MEDIUM" "duofaq-responsive-flat-simple-faq No.known.fix Reflected.Cross-Site.Scripting HIGH" "droip No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "droip No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Settings.Change MEDIUM" "disable-user-login 1.3.9 User.Login.Toggle.via.CSRF MEDIUM" "donate-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dyslexiefont No.known.fix CSRF MEDIUM" "dyslexiefont 1.0.0 Authenticated.Cross-Site.Scripting MEDIUM" "delete-custom-fields No.known.fix Cross-Site.Request.Forgery.to.Post.Meta.Deletion MEDIUM" "dynamic-qr-code-generator No.known.fix Reflected.XSS HIGH" "dwnldr 1.01 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ds-cf7-math-captcha 3.0.1 Reflected.XSS HIGH" "dk-pdf 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "daext-autolinks-manager 1.10.05 CSRF MEDIUM" "dominion-domain-checker-wpbakery-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "device-wrapper 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-for-vendors 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-for-vendors 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demon-image-annotation 4.8 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "disable-comments-wpz No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "dynamic-featured-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dfiFeatured.Parameter MEDIUM" "device-theme-switcher No.known.fix Cross-Site.Request.Forgery MEDIUM" "dynamic-post-grid-elementor-addon 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dynamic-to-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "decorator-woocommerce-email-customizer 1.2.8 WooCommerce.Email.Customizer.<.1.2.8.-.Cross-Site.Request.Forgery MEDIUM" "delivery-and-pickup-scheduling-for-woocommerce 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "digirisk 6.1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URL.Parameter.of.the.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slitems.Attribute MEDIUM" "dethemekit-for-elementor 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "dethemekit-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 1.5.5.5 Contributor+.Stored.XSS MEDIUM" "donations-for-woocommerce 1.1.10 Cross-Site.Request.Forgery MEDIUM" "daily-proverb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "default-thumbnail-plus No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "donate-with-qrcode 1.4.5 Stored.Cross-Site.Scripting MEDIUM" "donate-with-qrcode No.known.fix Plugin's.Setting.Update.via.CSRF MEDIUM" "duplicate-wp-page-post 2.8 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-wp-page-post 2.5.7 SQL.Injections.due.to.Duplicated.Snippets HIGH" "dashboard-to-do-list 1.3.0 Missing.Authorization.via.ardtdw_widgetsetup() MEDIUM" "dashboard-to-do-list 1.3.2 Cross-Site.Request.Forgery.via.ardtdw_widgetupdate() MEDIUM" "don8 No.known.fix Admin+.Stored.XSS LOW" "donorbox-donation-form 7.1.7 Admin+.Stored.Cross-Site.Scripting LOW" "dtabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "distance-based-shipping-calculator 2.0.22 Reflected.Cross-Site.Scripting MEDIUM" "distance-based-shipping-calculator No.known.fix Subscriber+.SQL.Injection HIGH" "demo-awesome 1.0.3 Missing.Authorization MEDIUM" "demo-awesome 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "delightful-downloads No.known.fix Unauthenticated.Path.Traversal MEDIUM" "download-media No.known.fix Missing.Authorization.via.generate_link_for_media MEDIUM" "display-medium-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.display_medium_posts.Shortcode MEDIUM" "downloadmanager 3.2.83 Unauthenticated.Password.Protected.File.Bypass MEDIUM" "debug-info No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "duplicate-post 3.2.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "designer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "designer 1.5.0 Contributor+.Local.File.Inclusion HIGH" "donation-button No.known.fix Subscriber+.Broken.Access.Control.leading.to.SMS.Spam MEDIUM" "donation-button No.known.fix Contributor+.Stored.XSS MEDIUM" "digital-river-global-commerce No.known.fix Use.of.Polyfill.io MEDIUM" "definitive-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-plugin 2.2.1 Missing.Authorization.to.Authenticated.(Subscriber+).User.Metadata.and.Comment.Download MEDIUM" "download-plugin 2.0.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-plugin 2.0.0 Subscriber+.Website.Download HIGH" "download-plugin 1.6.1 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "download-zip-attachments No.known.fix Arbitrary.File.Download HIGH" "dh-anti-adblocker 37 Anti.AdBlocker.<.37.-.Settings.Update.via.CSRF MEDIUM" "demomentsomtres-gravity-forms-improvements 201704251008 Reflected.Cross-Site.Scripting MEDIUM" "download-magnet 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "doko-box-builder 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "database-cleaner 1.0.6 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "database-cleaner 0.9.9 Sensitive.Information.Exposure.via.Log.File MEDIUM" "distancr 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-categories No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "database-backup 2.33 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "deal-of-the-day No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dx-auto-save-images No.known.fix CSRF MEDIUM" "display-metadata No.known.fix Contributor+.Stored.XSS MEDIUM" "download-info-page No.known.fix Admin+.Stored.XSS LOW" "demo-my-wordpress 1.1.0 Unauthenticated.Privilege.Escalation CRITICAL" "dl-robotstxt No.known.fix Admin+.Stored.XSS LOW" "dd-roles No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "duplicate-theme No.known.fix CSRF MEDIUM" "documentor-lite No.known.fix Unauthenticated.SQLi HIGH" "download-button-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "directories 1.3.46 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "directories 1.3.46 Authenticated.Self-Reflected.Cross-Site.Scripting LOW" "droit-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "droit-elementor-addons No.known.fix Cross-Site.Request.Forgery MEDIUM" "duplicate-page-or-post 1.5.1 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "dr-widgets-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "drm-protected-video-streaming No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dimage-360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "daily-prayer-time-for-mosques 2024.09.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "daily-prayer-time-for-mosques 2023.10.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "daily-prayer-time-for-mosques 2023.03.18 Settings.Update.via.CSRF MEDIUM" "daily-prayer-time-for-mosques 2023.05.05 Contributor+.Stored.XSS MEDIUM" "daily-prayer-time-for-mosques 2022.03.01 Unauthenticated.SQLi HIGH" "daily-prayer-time-for-mosques 2021.08.10 Admin+.Stored.XSS LOW" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "download-now-for-woocommerce 3.5.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Stored.XSS.via.CSRF HIGH" "devvn-image-hotspot 1.2.6 Authenticated.(Author+).PHP.Object.Injection HIGH" "dd-rating No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "diary-availability-calendar No.known.fix Authenticated.(subscriber+).SQL.Injection HIGH" "delivery-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delivery-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "downloader-tiktok 1.4 Server.Side.Request.Forgery.(SSRF).&.Local.File.Inclusion.(LFI) MEDIUM" "dextaz-ping No.known.fix Admin+.RCE MEDIUM" "dropdown-and-scrollable-text 2.1 Reflected.Cross-Site.Scripting MEDIUM" "dynamictags No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "duplicate-title-validate 1.4 Subscriber+.SQL.Injection HIGH" "dbox-slider-lite No.known.fix Multiple.Authenticated.SQL.injection HIGH" "dx-watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "demomentsomtres-mailchimp-subscribe 3.201706150908 Reflected.Cross-Site.Scripting MEDIUM" "ditty-news-ticker 3.1.47 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.46 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.45 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.43 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.39 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ditty-news-ticker 3.1.36 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.32 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ditty-news-ticker 3.1.25 Missing.Authorization.via.save_ditty_permissions_check MEDIUM" "ditty-news-ticker 3.1.25 Reflected.XSS HIGH" "ditty-news-ticker 3.0.33 Contributor+.Stored.XSS MEDIUM" "ditty-news-ticker 3.0.15 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "drawblog No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "decon-wp-sms No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "delete-old-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "download-plugins-dashboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "download-plugins-dashboard 1.8.8 Cross-Site.Request.Forgery MEDIUM" "download-plugins-dashboard 1.8.6 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "download-plugins-dashboard 1.6.0 Unauthenticated.Stored.XSS MEDIUM" "debug-log-config-tool 1.5 Unauthenticated.Information.Exposure.via.Logs MEDIUM" "debt-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "drozd-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dzs-zoomsounds 6.50 Unauthenticated.Arbitrary.File.Download HIGH" "dzs-zoomsounds 6.05 Unauthenticated.Arbitrary.File.Upload CRITICAL" "dzs-zoomsounds 3.0 Remote.File.Upload CRITICAL" "delete-post-revisions-on-single-click No.known.fix Cross-Site.Request.Forgery MEDIUM" "dropdown-menu-widget No.known.fix Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "dreamgrow-scroll-triggered-box No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "different-home-for-logged-in-logged-out 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "disc-golf-manager No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "dj-email-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "display-terms-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dragfy-addons-for-elementor No.known.fix Missing.Authorization.via.save_settings MEDIUM" "dts-simple-share No.known.fix Admin+.XSS LOW" "dl-verification No.known.fix Admin+.Stored.XSS LOW" "defa-online-image-protector No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "dofollow-case-by-case 3.5.0 Email&URLs.Adding.to.Allowlist.via.CSRF MEDIUM" "dx-delete-attached-media 2.0.6 Settings.Update.via.CSRF MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.6 Limited.Arbitrary.File.Deletion MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.8 Sensitive.Information.Exposure MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.4 Contact.Form.7.<.1.3.7.4.-.Unauthenticated.Arbitrary.File.Upload HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.6 File.Upload.and.File.deletion.via.CSRF MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.5 File.Upload.Size.Limit.Bypass MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.3 Contact.Form.7.<.1.3.6.3.-.Unauthenticated.Stored.XSS MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.5.5 Unauthenticated.Remote.Code.Execution CRITICAL" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.3.3 Unauthenticated.File.Upload.Bypass CRITICAL" "database-peek No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "database-collation-fix 1.2.8 Cross-Site.Request.Forgery MEDIUM" "dynamically-register-sidebars No.known.fix Admin+.Stored.XSS LOW" "down-as-pdf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dsgvo-all-in-one-for-wp 4.7 Cross-Site.Request.Forgery.to.Account.Deletion MEDIUM" "dsgvo-all-in-one-for-wp 4.6 Contributor+.Stored.XSS MEDIUM" "dsgvo-all-in-one-for-wp 4.4 Cross-Site.Request.Forgery MEDIUM" "dsgvo-all-in-one-for-wp 4.2 Admin+.Stored.Cross-Site.Scripting LOW" "dsgvo-all-in-one-for-wp 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "dont-break-the-code No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "drip-feed-content-extended-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drag-n-drop-upload-cf7-pro 5.0.6.4 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.4.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 2.11.1 Contact.Form.7.Standard.<.2.11.1.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 2.11.0 Contact.Form.7.Standard.<.2.11.0.-.Path.Traversal MEDIUM" "drag-n-drop-upload-cf7-pro 5.0.6.3 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.3.-.Path.Traversal MEDIUM" "directorist 8.1 Unauthenticated.User.Information.Exposure MEDIUM" "directorist 7.9.0 Missing.Authorization MEDIUM" "directorist 7.8.5 Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "directorist 7.5.5 Subscriber+.Insecure.Direct.Object.Reference.to.Arbitrary.Post.Deletion MEDIUM" "directorist 7.5.5 Subscriber+.Arbitrary.User.Password.Reset.to.Privilege.Escalation HIGH" "directorist 7.5.4 Admin+.LFI MEDIUM" "directorist 7.4.4 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "directorist 7.4.2.2 Subscriber+.Arbitrary.User.Password.Update.via.IDOR HIGH" "directorist 7.3.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "directorist 7.3.0 Subscriber+.Arbitrary.E-mail.Sending MEDIUM" "directorist 7.2.3 Business.Directory.Plugin.<.7.2.3.-.Admin+.Arbitrary.File.Upload MEDIUM" "directorist 7.0.6.2 CSRF.to.Remote.File.Upload CRITICAL" "dazzlersoft-teams No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "decalog 3.9.1 Authenticated.(Admin+).SQL.injection CRITICAL" "dashylite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dashylite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dupeoff No.known.fix Admin+.Stored.XSS LOW" "drop-in-image-slideshow-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delivery-drivers-manager 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-manager 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "donate-me No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dev-land 3.0.5 Reflected.Cross-Site.Scripting MEDIUM" "different-menus-in-different-pages 2.4.0 Subscriber+.Menu.Duplication MEDIUM" "dw-question-answer-pro 1.3.7 Arbitrary.Comment.Edition.via.IDOR MEDIUM" "dw-question-answer-pro 1.3.7 Multiple.CSRF MEDIUM" "dw-question-answer No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dropdown-multisite-selector 0.9.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "duracelltomi-google-tag-manager 1.15.2 Admin+.Stored.Cross-Site.Scripting LOW" "duracelltomi-google-tag-manager 1.15.1 Reflected.Cross-Site.Scripting MEDIUM" "empty-cart-button-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edd-courses 0.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-courses 0.1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-schema-structured-data-rich-snippets 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "etemplates No.known.fix Unauthenticated.SQL.Injection CRITICAL" "envo-elementor-for-woocommerce 1.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Theme.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Subscriber+.Template.Creation MEDIUM" "easy-settings-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-settings-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-form-builder 3.8.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-form-builder 3.7.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "easy-form-builder 3.4.0 Admin+.Stored.XSS LOW" "easy-call-now-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-call-now-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-youtube-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exchange-addon-authorize-net 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "eventer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Bookings.Export MEDIUM" "eventer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "eventer No.known.fix Missing.Authorization.to.Unauthenticated.Event.Ticket.Download MEDIUM" "eventer 3.9.9 Unauthenticated.SQL.Injection HIGH" "eventer 3.9.8 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "easy-slider-revolution 1.1.0 Author+.Stored.XSS MEDIUM" "easy-pdf-restaurant-menu-upload 1.2 XSS MEDIUM" "easy-custom-js-and-css-pro No.known.fix Reflected.Cross-Site.Scripting HIGH" "ect-social-share No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "erident-custom-login-and-dashboard 3.5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "erident-custom-login-and-dashboard 3.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "easy-popup-show No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-property-listings 3.5.4 Arbitrary.Contact.Deletion.via.CSRF MEDIUM" "easy-property-listings 3.5.4 Missing.Authorization.via.epl_update_listing_coordinates() MEDIUM" "easy-property-listings 3.5.3 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "easy-property-listings 3.5.4 Admin+.Stored.XSS LOW" "easy-property-listings 3.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "easy-property-listings 3.4 Cross-Site.Scripting.(XSS) MEDIUM" "edubin No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "events-widgets-for-elementor-and-the-events-calendar 1.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "ect-homepage-products No.known.fix Reflected.XSS HIGH" "easy-embed-for-youtube-wall 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "easy-paypal-shopping-cart 1.1.11 Contributor+.Stored.XSS MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Stored.XSS MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Arbitrary.File.Upload HIGH" "enable-svg-webp-ico-upload 1.0.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "elastic-email-sender 1.2.7 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.44 Admin+.SQL.Injection MEDIUM" "email-subscribers 5.7.35 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "email-subscribers 5.7.35 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "email-subscribers 5.7.27 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.27.-.Missing.Authorization MEDIUM" "email-subscribers 5.7.26 Unauthenticated.SQL.Injection.via.unsubscribe CRITICAL" "email-subscribers 5.7.24 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.24.-.Unauthenticated.SQL.Injection.via.optin CRITICAL" "email-subscribers 5.7.23 Authenticated.(Subscriber+).SQL.Injection.Vulnerability.via.options[list_id] HIGH" "email-subscribers 5.7.21 Unauthenticated.SQL.Injection.via.hash CRITICAL" "email-subscribers 5.7.18 Missing.Authorization MEDIUM" "email-subscribers 5.7.20 Missing.Authorization.in.handle_ajax_request HIGH" "email-subscribers 5.7.15 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.15.-.Unauthenticated.SQL.Injection CRITICAL" "email-subscribers 5.7.16 Authenticated.(Administrator+).Cross-Site.Scripting.via.CSV.import MEDIUM" "email-subscribers 5.7.14 Missing.Authorization MEDIUM" "email-subscribers 5.7.12 Reflected.Cross-Site.Scripting.via.campaign_id MEDIUM" "email-subscribers 5.6.24 .Admin+.Directory.Traversal CRITICAL" "email-subscribers 5.5.3 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "email-subscribers 5.5.1 Subscriber+.SQLi HIGH" "email-subscribers 5.3.2 Unauthenticated.arbitrary.option.update HIGH" "email-subscribers 5.3.2 Subscriber+.Blind.SQL.injection HIGH" "email-subscribers 4.5.6 Unauthenticated.email.forgery/spoofing HIGH" "email-subscribers 4.5.1 Cross-site.Request.Forgery.in.send_test_email() LOW" "email-subscribers 4.5.1 Authenticated.SQL.injection.in.es_newsletters_settings_callback() MEDIUM" "email-subscribers 4.2.3 Multiple.Issues HIGH" "email-subscribers 4.3.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "email-subscribers 4.1.8 SQL.Injection HIGH" "email-subscribers 4.1.7 Cross-Site.Scripting.(XSS) CRITICAL" "email-subscribers 3.5.0 Cross-Site.Scripting.(XSS) MEDIUM" "email-subscribers 3.4.8 Unauthenticated.Subscriber.Download HIGH" "email-subscribers 2.9.1 Multiple.XSS.&.SQLi MEDIUM" "electric-studio-client-login No.known.fix Admin+.Stored.XSS LOW" "enable-wp-debug-from-admin-dashboard 1.86 Reflected.Cross-Site.Scripting MEDIUM" "extend-filter-products-by-price-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "e-search No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "everlightbox 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "everlightbox 1.1.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-encoder-bundle 2.2.2 Admin+.Stored.XSS LOW" "email-encoder-bundle 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.2 Reflected.Cross.Site.Scripting MEDIUM" "embed-ispring No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "extender-all-in-one-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eyewear-prescription-form 4.0.19 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "elex-woocommerce-google-product-feed-plugin-basic 1.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-social-icons 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "easy-social-icons 3.2.5 Missing.Authorization.via.cnss_save_ajax_order MEDIUM" "easy-social-icons 3.2.1 Admin+.Stored.Cross-Site.Scripting.in.add.icon LOW" "easy-social-icons 3.2.1 Unauthenticated.Arbitrary.Icon.Deletion MEDIUM" "easy-social-icons 3.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easy-social-icons 3.1.4 Admin+.SQL.Injection MEDIUM" "easy-social-icons 3.1.3 Reflected.Cross-Site.Scripting HIGH" "easy-social-icons 3.0.9 Reflected.Cross-Site.Scripting HIGH" "elements-plus 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elements-plus 2.16.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.links MEDIUM" "embed-calendly-scheduling 3.7 Embed.Calendly.<.3,7.Contributor+.Stored.XSS MEDIUM" "e-unlocked-student-result No.known.fix Student.Result.<=.1.0.4.-.Arbitrary.File.Upload.via.CSRF HIGH" "embed-youtube-video No.known.fix Authenticated.SQL.Injection MEDIUM" "emailshroud No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "enqueue-anything No.known.fix Subscriber+.Arbitrary.Asset/Post.Deletion MEDIUM" "easy-tiktok-feed 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-tiktok-feed 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "external-videos No.known.fix Admin+.Stored.XSS LOW" "easy-replace No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "email-posts-to-subscribers No.known.fix Admin+.Stored.XSS LOW" "email-posts-to-subscribers No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "email-posts-to-subscribers No.known.fix Unauthenticated.SQLi HIGH" "endomondowp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edit-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edit-comments No.known.fix Unauthenticated.SQL.Injection HIGH" "easylogo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "external-media-without-import No.known.fix Subscriber+.Blind.SSRF LOW" "external-media-without-import 1.0.1 Reflected.XSS HIGH" "easy-testimonial-manager No.known.fix Authenticated.SQL.Injection MEDIUM" "enhanced-wordpress-contactform 2.3 Admin+.Stored.XSS LOW" "eventify No.known.fix Admin+.Stored.XSS LOW" "elite-notification No.known.fix Missing.Authorization MEDIUM" "event-calendars No.known.fix Unauthenticated.Arbitrary.Calendar.Deletion MEDIUM" "email-on-publish No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "exports-and-reports 0.9.2 Contributor+.CSV.Injection LOW" "eewee-admincustom No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "eewee-admincustom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.1.1 All-in-one.Google.Analytics,.Pixels.and.Product.Feed.Manager.for.WooCommerce.<.7.1.1.-.Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.0 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection.via.ee_syncProductCategory HIGH" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection HIGH" "enhanced-e-commerce-for-woocommerce-store 6.5.4 Reflected.XSS HIGH" "enhanced-e-commerce-for-woocommerce-store 5.2.4 Settings.Update.via.CSRF MEDIUM" "enhanced-e-commerce-for-woocommerce-store 4.6.2 Subscriber+.SQL.Injection HIGH" "easy-menu-manager-wpzest No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "et-core-plugin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "et-core-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload CRITICAL" "et-core-plugin No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Download MEDIUM" "et-core-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "et-core-plugin No.known.fix Missing.Authorization MEDIUM" "easy-tweet-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-coming-soon No.known.fix Admin+.Stored.XSS LOW" "everest-faq-manager-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-justified-gallery 1.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ever-compare 1.2.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "eexamhall No.known.fix CSRF MEDIUM" "easy-textillate No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-textillate 2.02 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-under-construction 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "expire-tags No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "expire-tags No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-call-now No.known.fix Cross-Site.Request.Forgery.via.settings_page MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.13 Reflected.Cross-Site.Scripting MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "editable-table No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "embed-google-fonts No.known.fix Missing.Authorization MEDIUM" "event-calendar-wd 1.1.51 Subscriber+.Event.Creation MEDIUM" "event-calendar-wd 1.1.51 Reflected.Cross-Site.Scripting HIGH" "event-calendar-wd 1.1.46 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.45 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.22 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.0.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "elasticpress 5.1.2 Data.Sync.via.CSRF MEDIUM" "elasticpress 3.5.4 Cross-Site.Request.Forgery MEDIUM" "easy-testimonial-rotator 1.0.19 Admin+.Stored.XSS LOW" "easy-testimonial-rotator 1.0.16 Reflected.Cross-Site.Scripting HIGH" "easy-wp-cookie-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-wp-cookie-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-login-styler No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.10.6 Reflected.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ezyonlinebookings-online-booking-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "external-media-upload 0.5 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 6.4.9 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.event,.location,.and.event_category.Shortcodes MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Missing.Authorization MEDIUM" "events-manager 6.4.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Authenticated(Administator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "events-manager 6.4.6 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 5.9.8 Admin+.SQL.Injection MEDIUM" "events-manager 5.9.8 Cross-Site.Scripting.(XSS) LOW" "events-manager 5.9.7.2 CSV.Injection MEDIUM" "events-manager 5.9.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.8.1.2 Unauthenticated.Stored.XSS CRITICAL" "events-manager 5.6 Cross-Site.Scripting.(XSS).&.Code.Injection MEDIUM" "events-manager 5.5.7.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.7 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.4 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.9 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.2 Multiple.Unspecified.XSS.Vulnerabilities MEDIUM" "events-manager 5.5 Cross-Site.Scripting.(XSS) MEDIUM" "editor-custom-color-palette 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-svg 3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-svg 3.3.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "exchange-addon-stripe 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "embed-power-bi-reports 1.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enable-svg 1.4.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "eupago-gateway-for-woocommerce 3.1.10 CSRF MEDIUM" "ewww-image-optimizer 7.3.0 Cross-Site.Request.Forgery MEDIUM" "ewww-image-optimizer 7.2.1 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log MEDIUM" "ewww-image-optimizer 7.2.1 Sensitive.Information.Exposure MEDIUM" "ewww-image-optimizer 5.9 Cross-Site.Request.Forgery MEDIUM" "enteraddons 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.2.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Events.Card.Widget MEDIUM" "enteraddons 2.2.0 Contributor+.Stored.XSS MEDIUM" "enteraddons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Animation.Title.widget MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Heading.widget MEDIUM" "everest-admin-theme-lite 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-registration-forms No.known.fix Subscriber+.Information.Disclosure.via.Shortcode MEDIUM" "easy-registration-forms No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-registration-forms No.known.fix CSV.Injection MEDIUM" "email-suscripcion No.known.fix Unauthenticated.SQL.Injection HIGH" "enhanced-catalog-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "events-calendar No.known.fix Admin+.Stored.XSS LOW" "extensions-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "extensions-for-elementor 2.0.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-elementor 2.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EE.Events.and.EE.Flipbox.Widget MEDIUM" "extensions-for-elementor 2.0.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "easy-smooth-scroll-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-smooth-scroll-links 2.23.1 Admin+.Stored.Cross-Site.Scripting LOW" "easy-smooth-scroll-links 2.23.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "envira-gallery-lite 1.8.16 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "envira-gallery-lite 1.8.15 Missing.Authorization MEDIUM" "envira-gallery-lite 1.8.15 Author+.Stored.XSS MEDIUM" "envira-gallery-lite 1.8.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "envira-gallery-lite 1.8.7.3 Missing.Authorization.to.Gallery.Modification.via.envira_gallery_insert_images MEDIUM" "envira-gallery-lite 1.8.4.7 Reflected.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.8.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS).Issue MEDIUM" "exportfeed-for-woocommerce-google-product-feed No.known.fix Admin+.SQLi MEDIUM" "elementskit 3.7.9 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "elementskit 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Motion.Text.and.Table.Widgets MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Server-Side.Request.Forgery HIGH" "elementskit 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Price.Menu,.Hotspot,.and.Advanced.Toggle.Widgets HIGH" "elementskit 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'ekit_btn_id' MEDIUM" "elementskit 2.2.0 Contributor+.Stored.XSS MEDIUM" "event-list 0.8.8 Admin+.Stored.Cross-Site.Scripting LOW" "event-list 0.7.10 XSS MEDIUM" "event-list 0.7.9 Authenticated.SQL.Injection HIGH" "elo-rating-shortcode 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eventon 4.7 WordPress.Virtual.Event.Calendar.Plugin.<.4.7.-.Cross-Site.Request.Forgery.via.admin_test_email MEDIUM" "extensive-vc-addon 1.9.1 Unauthenticated.RCE CRITICAL" "easy-real-estate No.known.fix Privilege.Escalation CRITICAL" "easy-real-estate No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "event-tickets 5.18.1.1 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "event-tickets 5.11.0.5 Cross-Site.Request.Forgery MEDIUM" "event-tickets 5.8.3 Improper.Authorization.to.Information.Disclosure MEDIUM" "event-tickets 5.8.2 Missing.Authorization MEDIUM" "event-tickets 5.8.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets 5.6.0 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets 5.3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-tickets 5.2.2 Open.Redirect MEDIUM" "event-tickets 4.10.7.2 CSV.Injection HIGH" "easy-fancybox 2.3.4 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-fancybox 2.3.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "easy-fancybox 1.8.18 Authenticated.Stored.XSS MEDIUM" "eventprime-event-calendar-management 4.0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.via.Ticket.Category.and.Ticket.Type.Name HIGH" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Transaction.Log MEDIUM" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 4.0.4.6 Open.Redirect MEDIUM" "eventprime-event-calendar-management 4.0.4.4 Missing.Authorization.to.Unauthenticated.Private.or.Password-Protected.Events.Disclosure MEDIUM" "eventprime-event-calendar-management 4.0.4.0 Missing.Authorization.via.calendar_event_create() MEDIUM" "eventprime-event-calendar-management 3.5.0 .Subscriber+.Arbitrary.booking.settings.update MEDIUM" "eventprime-event-calendar-management 3.3.5 Unauthenticated.Booking.Price.Manipulation MEDIUM" "eventprime-event-calendar-management 3.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.3 Missing.Authorization.to.Arbitrary.Post.Overwrite MEDIUM" "eventprime-event-calendar-management 3.4.4 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "eventprime-event-calendar-management 3.4.3 Unauthenticated.Booking.Payment.Bypass MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "eventprime-event-calendar-management 3.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Export MEDIUM" "eventprime-event-calendar-management 3.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Attendee.List.Retrieval MEDIUM" "eventprime-event-calendar-management 3.4.0 Improper.Input.Validation.via.save_event_booking MEDIUM" "eventprime-event-calendar-management 3.3.6 Unauthenticated.Event.Access MEDIUM" "eventprime-event-calendar-management 3.3.3 Contributor+.Stored.XSS MEDIUM" "eventprime-event-calendar-management 3.3.6 Booking.Pricing.Bypass MEDIUM" "eventprime-event-calendar-management 3.1.6 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Booking.Creation.via.CSRF MEDIUM" "eventprime-event-calendar-management 3.2.0 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Reflected.HTML.Injection.on.keyword.parameter MEDIUM" "eventprime-event-calendar-management 3.0.6 Reflected.Cross-Site.Scripting HIGH" "eventprime-event-calendar-management 3.0.0 Unauthenticated.Reflected.XSS HIGH" "embed-power-bi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-order-view No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-eu-cookie-law No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-affiliate-links 3.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "easy-affiliate-links 3.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-affiliate-links 3.7.1 Contributor+.Stored.XSS MEDIUM" "embedalbum-pro 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedalbum-pro 1.1.28 Contributor+.Stored.XSS MEDIUM" "easy-set-favicon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eazydocs No.known.fix Contributor+.Local.File.Inclusion HIGH" "eazydocs 2.5.1 Missing.Authorization MEDIUM" "eazydocs 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eazydocs 2.5.0 Admin+.Stored.XSS LOW" "eazydocs 2.4.0 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.6 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.4 Subscriber.+.SQLi HIGH" "eazydocs 2.3.6 Reflected.XSS MEDIUM" "eazydocs 2.3.6 Unauthenticated.OnePage.Document.Update/Publish MEDIUM" "eazydocs 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "easy-modal 2.1.0 Authenticated.SQL.Injection HIGH" "easyjobs 2.4.15 Reflected.Cross-Site.Scripting MEDIUM" "easyjobs 2.4.7 Subscriber+.Arbitrary.Settings.Update MEDIUM" "easyjobs 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-media-library 2.8.10 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "expandable-paywall 2.0.17 Reflected.Cross-Site.Scripting MEDIUM" "expandable-paywall 2.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "echosign 1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ezplayer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-form-builder-by-bitware No.known.fix Unauthorised.AJAX.calls HIGH" "easy-form-builder-by-bitware No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "eprolo-dropshipping 1.7.2 Missing.Authorization MEDIUM" "enhanced-plugin-admin 1.17 CSRF MEDIUM" "event-monster 1.4.4 Information.Exposure.Via.Visitors.List.Export MEDIUM" "event-monster 1.4.4 Unauthenticated.Information.Exposure MEDIUM" "event-monster 1.4.0 Contributor+.PHP.Object.Injection.via.Custom.Meta MEDIUM" "event-monster No.known.fix Admin+.Stored.XSS LOW" "event-monster 1.2.1 Admin+.SQLi MEDIUM" "event-monster 1.2.0 Visitors.Deletion.via.CSRF MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.3 Reflected.Cross-Site.Scripting MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "envialosimple-email-marketing-y-newsletters-gratis No.known.fix Cross-Site.Request.Forgery MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.2 EnvíaloSimple.<.2,2.Unauthenticated.PHP.Object.Injection MEDIUM" "explara-membership No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "everest-tab-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-video-player 1.2.2.11 Contributor+.Stored.XSS MEDIUM" "easy-video-player 1.2.2.3 Contributor+.Stored.XSS MEDIUM" "easy-social-share-buttons3 9.5 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "easy-social-share-buttons3 9.5 Missing.Authorization MEDIUM" "easy-social-share-buttons3 9.5 Reflected.Cross-Site.Scripting MEDIUM" "edd-venmo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eps-301-redirects 2.51 Easy.Redirect.Manager.<.2.51.-.Authenticated.SQL.Injection CRITICAL" "eps-301-redirects 2.45 Easy.Redirect.Manager.<.2.45.-.Authenticated.Arbitrary.Redirect.Injection.and.Modification,.XSS,.and.CSRF CRITICAL" "ere-recently-viewed 2.0 Unauthenticated.PHP.Object.Injection MEDIUM" "exam-matrix No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "easy2map 1.3.0 Local.File.Inclusion CRITICAL" "easy2map 1.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "exchange-rates-widget 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-extra 1.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "envo-extra 1.8.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "envo-extra 1.8.17 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "envo-extra 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-extra 1.8.4 Cross-Site.Request.Forgery MEDIUM" "exchange-addon-easy-ue-vat-taxes 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "ebecas No.known.fix Admin+.Stored.XSS LOW" "easyevent No.known.fix Admin+.Stored.XSS LOW" "exs-widgets 0.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "email-newsletter No.known.fix SQL.Injection CRITICAL" "easy-facebook-like-box 4.1.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.8 Missing.Authorization MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "easy-svg-image-allow No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Title MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "easy-digital-downloads 3.3.5 3.3.4.-.Improper.Authorization.to.Paywall.Bypass LOW" "easy-digital-downloads 3.3.4 Authenticated.(Admin+).PHAR.Deserialization HIGH" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Currency.Settings MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Agreement.Text LOW" "easy-digital-downloads 3.3.1 Missing.Authorization MEDIUM" "easy-digital-downloads 3.3.1 Unauthenticated.SQL.Injection CRITICAL" "easy-digital-downloads 3.2.12 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.12 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.10 Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Shop.Manager+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.6 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.0 Missing.Authorization MEDIUM" "easy-digital-downloads 3.1.1.4.2 Unauthenticated.Privilege.Escalation CRITICAL" "easy-digital-downloads 3.1.0.5 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.1.0.4 Unauthenticated.SQLi HIGH" "easy-digital-downloads 3.0 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "easy-digital-downloads 3.1.0.2 Unauthenticated.CSV.Injection MEDIUM" "easy-digital-downloads 3.0.2 Admin+.PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.11.6 Arbitrary.Payment.Note.Insertion.via.CSRF LOW" "easy-digital-downloads 2.11.6 Admin+.Stored.Cross-Site.Scripting LOW" "easy-digital-downloads 2.11.2.1 Reflected.Cross-Site.Scripting HIGH" "easy-digital-downloads 2.10.3 Unauthorised.Stripe.Disconnect.via.CSRF MEDIUM" "easy-digital-downloads 2.9.16 Stored.XSS MEDIUM" "easy-digital-downloads 2.5.8 PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.3.7 Cross-Site.Scripting.Issue MEDIUM" "easy-digital-downloads 2.3.3 SQL.Injection CRITICAL" "encyclopedia-lexicon-glossary-wiki-dictionary 1.7.61 Reflected.Cross-Site.Scripting MEDIUM" "extra-product-options-for-woocommerce 3.0.7 Missing.Authorization MEDIUM" "extra-product-options-for-woocommerce No.known.fix Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "embed-swagger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-code-snippets No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "easy-code-snippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-code-snippets 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-code-snippets 1.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "ez-form-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "expand-maker 3.2.7 Admin+.PHP.Object.Injection LOW" "editorial-calendar 3.8.3 Contributor+.Stored.XSS MEDIUM" "exchange-addon-custom-url-tracking 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-sticky-sidebar 1.5.9 Unauthenticated.AJAX.Actions.Call MEDIUM" "easy-media-download 1.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-media-download 1.1.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "easy-login-woocommerce 2.7.3 2.7.2.-.Missing.Authorization.to.Arbitrary.Options.Exposure MEDIUM" "easy-login-woocommerce 2.7.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.4 Settings.Reset.via.CSRF MEDIUM" "easy-login-woocommerce 2.3 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.2 Reflected.Cross-Site.Scripting HIGH" "easy-login-woocommerce 1.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "export-users No.known.fix CSV.Injection MEDIUM" "eyes-only-user-access-shortcode No.known.fix Admin+.Stored.XSS LOW" "elfsight-telegram-chat-cc No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-custom-js-and-css No.known.fix Reflected.Cross-Site.Scripting HIGH" "enquiry-quotation-for-woocommerce 2.2.33.34 Authenticated.(Author+).PHP.Object.Injection.in.enquiry_detail.php HIGH" "enquiry-quotation-for-woocommerce 2.2.13 Admin+.Stored.XSS LOW" "enable-shortcodes-inside-widgetscomments-and-experts No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "easy-wp-smtp 2.3.1 Exposure.of.Sensitive.Information.via.the.UI LOW" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Access MEDIUM" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Deletion MEDIUM" "easy-wp-smtp 1.5.2 Admin+.RCE MEDIUM" "easy-wp-smtp 1.5.0 Admin+.PHP.Objection.Injection MEDIUM" "easy-wp-smtp 1.4.3 Debug.Log.Disclosure HIGH" "easy-wp-smtp 1.3.9.1 Unauthenticated.Arbitrary.wp_options.Import MEDIUM" "elements-for-lifterlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elements-for-lifterlms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecpay-logistics-for-woocommerce 1.3.1910240 Unauthenticated.Reflected.XSS MEDIUM" "echoza No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "email-customizer-woocommerce 1.7.2 Multiple.Author+.SQLi MEDIUM" "eroom-zoom-meetings-webinar 1.4.19 Missing.Authorization.to.Information.Exposure MEDIUM" "eroom-zoom-meetings-webinar 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "eroom-zoom-meetings-webinar 1.3.8 Sync.Meetings.via.CSRF MEDIUM" "eroom-zoom-meetings-webinar 1.3.9 Cache.Deletion.via.CSRF MEDIUM" "email-artillery No.known.fix Multiple.Reflected.Cross-Site.Scripting HIGH" "email-artillery No.known.fix Arbitrary.File.Upload MEDIUM" "email-artillery No.known.fix CSRF.to.Stored.XSS HIGH" "email-artillery No.known.fix Multiple.Authenticated.SQL.Injections MEDIUM" "edd-cashapp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elegant-calendar-lite 1.5.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-pie-maintenance-mode No.known.fix Admin+.Stored.XSS LOW" "easy-faqs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-pdf-viewer 2.4.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "embed-pdf-viewer 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.height.and.width.Parameters MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Switcher,.Slider,.and.Iconbox.Widgets MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.tags MEDIUM" "event-post 5.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.events_cal.Shortcode MEDIUM" "event-post 5.9.6 Unauthenticated.Local.File.Inclusion CRITICAL" "event-post No.known.fix Post.Metadata.Update.via.CSRF MEDIUM" "event-post 5.9.5 Missing.Authorization MEDIUM" "event-post 5.9.1 Contributor+.Stored.XSS MEDIUM" "event-tickets-plus 5.9.1 Contributor+.Attendees.Lists.Disclosure LOW" "event-tickets-plus 5.9.1 Contributor+.Arbitrary.Events.Access LOW" "events-manager-pro-extended No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "email-queue 1.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-liveblogs 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "export-post-info 1.2.1 Author+.CSV.Injection MEDIUM" "export-post-info 1.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easy-shortcode-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-form 1.3.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "essential-blocks-pro 1.1.1 Unauthenticated.Object.Injection HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "e2pdf 1.25.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "e2pdf 1.23.00 Missing.Authorization MEDIUM" "e2pdf 1.23.00 Cross-Site.Request.Forgery MEDIUM" "e2pdf 1.20.24 Authenticated(Administrator+).SQL.Injection MEDIUM" "e2pdf 1.20.26 Admin+.Arbitrary.File.Upload HIGH" "e2pdf 1.20.19 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "e2pdf 1.20.20 Admin+.Stored.Cross-Site.Scriping LOW" "e2pdf 1.16.45 Admin+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "edd-recent-purchases No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "eshop No.known.fix Authenticated.Blind.SQL.Injection HIGH" "eshop No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "eshop No.known.fix Reflected.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "eshop 6.3.12 Remote.Code.Execution MEDIUM" "easy-accordion-free 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-accordion-free 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-accordion-free 2.0.22 Admin+.Stored.Cross-Site.Scripting LOW" "easy-blocks-pro No.known.fix Missing.Authorization HIGH" "exchange-addon-invoices 1.4.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-csv-importer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "exchange-addon-manual-purchases 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "essential-grid 3.1.2 Unauthenticated.Private.Post.Disclosure MEDIUM" "essential-grid 3.0.19 Missing.Authorization HIGH" "essential-grid 3.1.1 Reflected.XSS HIGH" "essential-content-types 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "elfsight-pricing-table No.known.fix Cross-Site.Request.Forgery.via.ajax() MEDIUM" "elfsight-pricing-table No.known.fix Missing.Authorization MEDIUM" "events-calendar-for-google 3.0.0 Contributor+.Local.File.Inclusion HIGH" "easy-custom-code 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eu-vat-for-woocommerce 2.12.14 Missing.Authorization MEDIUM" "eu-vat-for-woocommerce 2.12.14 Reflected.Cross-Site.Scripting MEDIUM" "eu-vat-for-woocommerce 3.0.0 Reflected.Cross-Site.Scripting HIGH" "event-espresso-core-reg 4.10.7.p Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "extensions-for-cf7 3.2.1 Authenticated.(Admin+).Sever-Side.Request.Forgery LOW" "extensions-for-cf7 3.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "extensions-for-cf7 2.0.9 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "exclusive-divi No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "expert-invoice No.known.fix Expert.Invoice.<=.1,0,2.-Admin+.Stored.XSS LOW" "explara-events No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-peertube-playlist 1.10 Editor+.Stored.XSS LOW" "eu-cookie-law No.known.fix Admin+.Stored.XSS LOW" "eu-cookie-law 3.1.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "easy-pie-coming-soon 1.0.7.4 Admin+.Stored.XSS LOW" "everest-timeline-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "elevio No.known.fix Cross-Site.Request.Forgery MEDIUM" "embed-comment-images 0.6 Unauthenticated.Stored.XSS MEDIUM" "ezpz-one-click-backup No.known.fix Cross-Site.Scripting.(XSS) CRITICAL" "exchange-addon-table-rate-shipping 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-admin-menu No.known.fix Admin+.Stored.XSS LOW" "extra-privacy-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-maintenance-mode-coming-soon No.known.fix Information.Exposure MEDIUM" "examapp No.known.fix Authenticated.SQL.Injection./.Cross-Site.Scripting HIGH" "event-feed-for-eventbrite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "event-feed-for-eventbrite 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "export-wp-page-to-static-html 2.2.3 Open.Redirect HIGH" "export-wp-page-to-static-html 2.2.0 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "export-wp-page-to-static-html 2.2.0 Cross-Site.Request.Forgery.via.Multiple.AJAX.Actions MEDIUM" "essential-breadcrumbs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "error-log-monitor 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "error-log-monitor 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "error-log-monitor 1.6.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "elementary-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-reminders 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "email-reminders 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "edge-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edge-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "eventon-lite 2.2.17 Admin+.Stored.XSS LOW" "eventon-lite 2.2.16 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Plugin.Settings.Updates HIGH" "eventon-lite 2.2.15 Admin+.Stored.Cross-Site.Scripting.via.event.subtitle LOW" "eventon-lite 2.2.15 Admin+.Stored.XSS LOW" "eventon-lite 2.2.8 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventon-lite 2.2.8 Reflected.XSS HIGH" "eventon-lite 2.2.8 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventon-lite 2.2.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventon-lite 2.2.8 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventon-lite 2.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "eventon-lite 2.2 Admin.+.Stored.HTML.Injection LOW" "eventon-lite 2.2.3 Reflected.Cross.Site.Scripting HIGH" "eventon-lite 2.2 Admin+.Stored.XSS LOW" "eventon-lite 2.1.2 Unauthenticated.Post.Access.via.IDOR HIGH" "eventon-lite 2.1.2 Unauthenticated.Event.Access HIGH" "error-notification No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "export-users-to-csv No.known.fix CSV.Injection HIGH" "email-capture-lead-generation No.known.fix Missing.Authorization MEDIUM" "eg-attachments No.known.fix Reflected.XSS HIGH" "easy-event-calendar No.known.fix Admin+.Stored.XSS LOW" "easy-post-views-count 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-notifier 1.2.1 XSS MEDIUM" "edoc-employee-application No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exchange-addon-easy-us-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "epoll-wp-voting No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "epoll-wp-voting 3.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "epoll-wp-voting 3.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "emag-marketplace-connector 1.0.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "email-customizer-for-woocommerce 2.6.1 Information.Exposure MEDIUM" "exchange-addon-paypal-pro 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easyazon No.known.fix Reflected.Cross-Site.Scripting.via.easyazon-cloaking-locale MEDIUM" "easyazon 5.1.1 Missing.Authorization.on.AJAX.actions MEDIUM" "extreme-blocks 0.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-media-replace 0.2.0 Author+.File.Deletion MEDIUM" "export-woocommerce-customer-list 2.0.69 CSV.Injection LOW" "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic No.known.fix Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "embedder-for-google-reviews 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "easy-table-booking No.known.fix Cross-Site.Request.Forgery MEDIUM" "exchange-addon-2checkout 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easyrotator-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "event-tickets-with-ticket-scanner 2.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.12 Authenticated.(Author+).Remote.Code.Execution HIGH" "event-tickets-with-ticket-scanner 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.8 Admin+.Stored.XSS LOW" "easy-newsletter-signups No.known.fix Admin+.SQLi MEDIUM" "easy-newsletter-signups No.known.fix Missing.Authorization MEDIUM" "easy-newsletter-signups 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecommerce-product-catalog 3.3.44 Cross-Site.Request.Forgery.to.Password.Reset HIGH" "ecommerce-product-catalog 3.3.33 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-product-catalog 3.3.29 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.3.27 Sensitive.Information.Exposure.via.CSV.Files MEDIUM" "ecommerce-product-catalog 3.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecommerce-product-catalog 3.3.26 Products.Deletion.via.CSRF MEDIUM" "ecommerce-product-catalog 3.3.9 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.3.5 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.0.72 Reflected.XSS.via.AJAX MEDIUM" "ecommerce-product-catalog 3.0.72 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.71 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.39 Reflected.Cross-Site.Scripting HIGH" "ecommerce-product-catalog 3.0.18 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.0.18 CSRF.Nonce.Bypass MEDIUM" "ecommerce-product-catalog 2.9.44 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "everest-coming-soon-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ecommerce-addon 1.4 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eventON 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "eventON 4.5.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventON 4.5.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventON 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "eventON 4.5.6 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventON 4.5.5 Reflected.XSS HIGH" "eventON 4.5.5 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventON 4.4.1 Reflected.Cross-Site.Scripting HIGH" "eventON 4.4 Unauthenticated.Event.Access HIGH" "eventON 4.4 Unauthenticated.Post.Access.via.IDOR HIGH" "easy-popup-lightbox-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-media-gallery-pro 1.3.0 CSRF.&.Cross-Site.Scripting.(XSS) MEDIUM" "elementor-pro 3.25.11 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "elementor-pro 3.21.3 Reflected.Cross-Site.Scripting MEDIUM" "elementor-pro 3.21.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authententicated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Widget.SVGZ.File.Upload MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.video_html_tag MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation MEDIUM" "elementor-pro 3.19.3 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementor-pro 3.11.7 Subscriber+.Arbitrary.Options.Update HIGH" "elementor-pro 2.9.4 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor-pro 2.0.10 XSS MEDIUM" "everest-review-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "everest-backup 2.2.14 Unauthenticated.Backup.Download HIGH" "everest-backup 2.2.5 Admin+.Arbitrary.File.Upload MEDIUM" "everest-backup 2.2.0 Sensitive.Information.Exposure.via.Log.File HIGH" "export-import-menus 1.9.2 Missing.Authorization.to.Unauthenticated.Menu.Export MEDIUM" "export-import-menus 1.9.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "easy-prayer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-prayer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-faq-with-expanding-text No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "etsy-shop 3.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "edunext-openedx-integrator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "extra-user-details 0.5.1 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "extra-user-details 0.5.1 Admin+.Stored.XSS LOW" "email-template-customizer-for-woo 1.2.9.2 Shop.manager+.Stored.XSS LOW" "exit-notifier 1.10.6 Reflected.Cross-Site.Scripting MEDIUM" "echo-knowledge-base 11.31.0 Unauthenticated.PHP.Object.Injection.in.is_article_recently_viewed CRITICAL" "easy-post-types No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "easy-post-types No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "easy-post-types No.known.fix Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "enable-svg-uploads No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "event-espresso-decaf 5.0.31.decaf Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 5.0.22.decaf Authenticated.(Subscriber+).Missing.Authorization.to.Limited.Plugin.Settings.Modification MEDIUM" "event-espresso-decaf 4.10.12 Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 4.10.14 CSRF.Bypass MEDIUM" "easy-waveform-player 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-sign-up No.known.fix Contributor+.Stored.XSS MEDIUM" "easy-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-tab-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-tab-manager 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-tab-manager 1.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "endless-posts-navigation 2.2.8 Cross-Site.Request.Forgery MEDIUM" "external-database-based-actions No.known.fix Authenticated.(Subscriber+).Authentication.Bypass HIGH" "ethereumico 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ethereum-ico.Shortcode MEDIUM" "ethereumico 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "ethereumico 2.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eduadmin-booking 5.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "email-my-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-facebook-likebox-premium No.known.fix Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-facebook-likebox-premium 6.2.7 Reflected.Cross-Site.Scripting HIGH" "embedpress 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'provider_name' MEDIUM" "embedpress 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.10 Unauthenticated.Local.File.Inclusion CRITICAL" "embedpress 4.0.5 Missing.Authorization MEDIUM" "embedpress 3.9.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.PDF.Widget.URL MEDIUM" "embedpress 4.0.2 .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.13 Contributor+.PDF.Block.Embedding LOW" "embedpress 3.9.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "embedpress 3.9.12 Missing.Authorization MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Youtube.Block MEDIUM" "embedpress 3.9.9 Missing.Authorization.via.handle_calendly_data MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Attribute MEDIUM" "embedpress 3.9.13 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.'embedpress_doc_custom_color' MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Wistia.Block MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Google.Calendar.Widget.Link MEDIUM" "embedpress 3.9.6 Contributor+.Stored.XSS MEDIUM" "embedpress 3.9.5 Missing.Authorization MEDIUM" "embedpress 3.9.2 Reflected.XSS HIGH" "embedpress 3.9.2 Reflected.XSS MEDIUM" "embedpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "embedpress 3.8.3 Subscriber+.Plugin.Settings.Delete MEDIUM" "embedpress 3.8.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "embedpress 3.8.0 Sensitive.Data.Disclosure MEDIUM" "easy-career-openings No.known.fix jobid.Parameter.SQL.Injection MEDIUM" "eonet-manual-user-approve No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "export-media-urls 2.0 Cross-Site.Request.Forgery MEDIUM" "estatik-mortgage-calculator 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "easy-social-sharebar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "error-log-viewer-wp 1.0.4 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read HIGH" "easy-site-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "email-log 2.4.9 Unauthenticated.Hook.Injection HIGH" "email-log 2.4.8 Reflected.Cross-Site.Scripting HIGH" "email-log 2.4.7 Admin+.SQL.Injection MEDIUM" "easy-watermark 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "easy-watermark 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "enl-newsletter No.known.fix Stored.XSS.via.CSRF HIGH" "enl-newsletter No.known.fix Admin+.SQL.Injection MEDIUM" "enl-newsletter No.known.fix Campaign.Deletion.via.CSRF MEDIUM" "everest-comment-rating-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "estatebud-properties-listings No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "embed-privacy 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-image-collage 1.13.6 Missing.Authorization.to.Authenticated.(Contributor+).Data.Clearance MEDIUM" "elegant-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "emoji-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extended-widget-options 5.1.3 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "esb-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-accordion-block 1.2.5 Missing.Authorization MEDIUM" "easy-team-manager No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "email-tracker 5.3.9 Reflected.Cross-Site.Scripting MEDIUM" "email-tracker 5.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-tracker 5.2.6 Reflected.Cross-Site.Scripting HIGH" "email-tracker 5.2.7 Arbitrary.Email.Entry.Deletion.via.CSRF MEDIUM" "ele-blog No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Deactivation.Submission MEDIUM" "ele-blog No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-real-estate 5.1.9 Cross-Site.Request.Forgery MEDIUM" "essential-real-estate 5.1.7 Missing.Authorization.to.Authenticated.(Contributor+).Information.Exposure MEDIUM" "essential-real-estate 4.4.5 Insecure.Direct.Object.Reference.to.Arbitrary.Attachment.Deletion MEDIUM" "essential-real-estate 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "essential-real-estate 4.4.0 Subscriber+.Stored.XSS HIGH" "essential-real-estate 4.4.0 Subscriber+.Denial.of.Service.via.Arbitrary.Option.Update HIGH" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload HIGH" "essential-real-estate 3.9.6 Reflected.Cross-Site-Scripting MEDIUM" "easy-table 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "easy-table 1.5.3 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "easy-contact-form-solution 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "extensions-leaflet-map 3.4.2 Reflected.XSS HIGH" "events-made-easy No.known.fix Subscriber+.SQLi HIGH" "events-made-easy 2.3.17 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "events-made-easy 2.2.81 Unauthenticated.SQLi HIGH" "events-made-easy 2.2.36 Subscriber+.SQL.Injection HIGH" "events-made-easy 2.2.24 Admin+.Stored.Cross-Site.Scripting LOW" "events-made-easy 1.6.21 CSRF.to.Cross-Site.Scripting.(XSS) HIGH" "events-made-easy 1.5.50 Multi.CSRF.to.Stored.Cross-Site.Scripting.&.Event.Deletion HIGH" "email-subscriber No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "easy-pricing-tables 3.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fontFamily.Attribute MEDIUM" "easy-pricing-tables 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "easy-pricing-tables 3.2.1 Reflected.Cross-Site-Scripting MEDIUM" "easy-pricing-tables 3.1.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.1.3 Arbitrary.Post.Removal.via.CSRF MEDIUM" "ethpress 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "ethpress 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-paypal-donation 1.3.4 Arbitrary.Post.Deletion.via.CSRF HIGH" "easy-paypal-donation 1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "easy-paypal-donation 1.3.1 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Arbitrary.Post.Deletion MEDIUM" "email-header-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-header-footer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-espresso-free 3.1.37.12.L Authenticated.Blind.SQL.Injection HIGH" "elemenda No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "evernote-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "erocket 1.2.5 Admin+.Stored.XSS LOW" "email-templates 1.4.3 Email.Sending.via.CSRF MEDIUM" "external-featured-image-from-bing No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "easy-cookies-policy No.known.fix Broken.Access.Control.to.Stored.Cross-Site.Scripting HIGH" "easy-zillow-reviews 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-zillow-reviews 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "external-url-as-post-featured-image-thumbnail 2.03 Reflected.Cross-Site.Scripting MEDIUM" "easy-cookie-law No.known.fix Settings.Update.via.CSRF MEDIUM" "easy-captcha No.known.fix Reflected.Cross-Site.Scripting HIGH" "easy-captcha No.known.fix Missing.Authorization MEDIUM" "everest-google-places-reviews-lite 2.0.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "embed-documents-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-twitter-feeds No.known.fix Authenticated.(Contributor+).Post.Exposure MEDIUM" "easy-twitter-feeds 1.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "email-form-under-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-countdowner No.known.fix Cross-Site.Request.Forgery MEDIUM" "ezoic-integration 2.8.9 Unauthenticated.Settings.Update.to.Stored.XSS MEDIUM" "ezoic-integration 2.8.9 Admin+.Stored.XSS LOW" "embed-any-document 2.7.2 Author+.Stored.XSS LOW" "exquisite-paypal-donation No.known.fix Admin+.Stored.XSS LOW" "everest-gallery-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "elegant-themes-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enable-accessibility No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enable-accessibility 1.4.1 CSRF MEDIUM" "exclusive-content-password-protect No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "eelv-redirection 1.5.1 Cross-Site.Request.Forgery.to.Arbitrary.Site.Redirect MEDIUM" "easy-paypal-events-tickets 1.2.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "easy-paypal-events-tickets 1.1.2 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "easy-post-to-post-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "events-search-addon-for-the-events-calendar 1.2 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "exmage-wp-image-links 1.0.7 Admin+.Blind.SSRF LOW" "ebay-feeds-for-wordpress 3.4 Admin+.Stored.XSS LOW" "ebay-feeds-for-wordpress 1.2 Cross-Site.Scripting.via.rss_url.Parameter MEDIUM" "easyrecipe No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-contact-form-pro 1.1.1.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easily-generate-rest-api-url No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ean-for-woocommerce 4.9.0 Authenticated.(Shop.Manager+).Arbitrary.Options.Update MEDIUM" "ean-for-woocommerce 4.9.3 Insecure.Direct.Object.Reference.to.Sensitve.Information.Exposure.via.Shortcode MEDIUM" "ean-for-woocommerce 4.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alg_wc_ean_product_meta.Shortcode MEDIUM" "ean-for-woocommerce 4.4.3 Contributor+.Stored.XSS MEDIUM" "ebook-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ebook-store No.known.fix Reflected.Cross-Site.Scripting.via.'step' MEDIUM" "ebook-store No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "ebook-store 5.8002 Admin+.Stored.XSS LOW" "ebook-store 5.785 Reflected.XSS HIGH" "ebook-store 5.78 Unauthenticated.Sensitive.Data.Disclose MEDIUM" "ebook-store 5.78 Admin+.Stored.XSS LOW" "events-addon-for-elementor 2.2.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "events-addon-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 2.2.1 Contributor+.Stored.XSS MEDIUM" "events-addon-for-elementor 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "events-addon-for-elementor 2.1.3 Missing.Authorization MEDIUM" "events-addon-for-elementor 2.1.3 Cross-Site.Request.Forgery MEDIUM" "events-addon-for-elementor 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 1.9.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-address-obfuscation 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "easy-youtube-gallery 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit-lite 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison.Widget MEDIUM" "elementskit-lite 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "elementskit-lite 3.2.1 Unauthenticated.Information.Exposure.via.ekit_widgetarea_content.Function MEDIUM" "elementskit-lite 3.2.0 Missing.Authorization MEDIUM" "elementskit-lite 3.1.3 3.1.2.-.Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.1.1 Contributor+.Local.File.Inclusion.via.Onepage.Scroll.Module HIGH" "elementskit-lite 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "elementskit-lite 3.0.7 Contributor+.Local.File.Inclusion HIGH" "elementskit-lite 3.0.7 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.6 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.5 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "elementskit-lite 2.9.2 Missing.Authorization MEDIUM" "elementskit-lite 2.2.0 Contributor+.Stored.XSS MEDIUM" "ebook-download 1.2 Directory.Traversal HIGH" "export-woocommerce 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.9 Missing.Authorization MEDIUM" "export-woocommerce 2.0.11 Reflected.XSS HIGH" "ekc-tournament-manager 2.2.2 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "ekc-tournament-manager 2.2.2 Delete.Tournaments.via.CSRF MEDIUM" "ekc-tournament-manager 2.2.2 Admin+.Arbitrary.File.Download LOW" "ekc-tournament-manager 2.2.2 Create.Tournaments/Teams.via.CSRF MEDIUM" "easy-form 1.2.1 Admin+.Stored.XSS LOW" "email-verification-for-woocommerce-pro 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "elementor 3.25.10 Contributor+.Stored.XSS.via.Typography.Settings MEDIUM" "elementor 3.25.8 Contributor+.Stored.XSS MEDIUM" "elementor 3.24.6 Contributor+.Information.Exposure.via.get_image_alt LOW" "elementor 3.24.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.the.URL.Parameter.in.Multiple.Widgets MEDIUM" "elementor 3.22.2 Contributor+.Arbitrary.SVG.Download MEDIUM" "elementor 3.21.6 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.20.3 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_image_alt MEDIUM" "elementor 3.19.1 Authenticated(Contributor+).Arbitrary.File.Deletion.and.PHAR.Deserialization HIGH" "elementor 3.18.2 Contributor+.Arbitrary.File.Upload.to.RCE.via.Template.Import HIGH" "elementor 3.16.5 Missing.Authorization.to.Arbitrary.Attachment.Read MEDIUM" "elementor 3.16.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_inline_svg() MEDIUM" "elementor 3.5.5 Iframe.Injection MEDIUM" "elementor 3.13.2 Missing.Authorization MEDIUM" "elementor 3.12.2 Admin+.SQLi MEDIUM" "elementor 3.5.6 DOM.Reflected.Cross-Site.Scripting MEDIUM" "elementor 3.6.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "elementor 3.4.8 DOM.Cross-Site-Scripting MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Column.Element MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Divider.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Icon.Box.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Heading.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Accordion.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Image.Box.Widget MEDIUM" "elementor 3.0.14 SVG.Upload.Allowed.by.Default MEDIUM" "elementor 2.9.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "elementor 2.9.10 Authenticated.Stored.XSS HIGH" "elementor 2.9.8 SVG.Sanitizer.Bypass.leading.to.Authenticated.Stored.XSS MEDIUM" "elementor 2.9.6 Authenticated.Safe.Mode.Privilege.Escalation MEDIUM" "elementor 2.8.5 Authenticated.Reflected.XSS MEDIUM" "elementor 2.7.7 Authenticated.Stored.XSS MEDIUM" "elementor 2.8.4 Cross-Site.Scripting.(XSS) MEDIUM" "elementor 2.7.5 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor 1.8.0 Authenticated.Unrestricted.Editing HIGH" "elastik-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "embed-office-viewer 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "embed-office-viewer 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-ad-manager No.known.fix Admin+.Stored.XSS LOW" "express-pay 1.1.9 Unauthenticated.SQL.Injection.via.type_id HIGH" "evaluate No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "easy-student-results No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-student-results No.known.fix Sensitive.Information.Disclosure.via.REST.API LOW" "exportfeed-list-woocommerce-products-on-ebay-store No.known.fix Admin+.SQL.Injection MEDIUM" "easy-marijuana-age-verify 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-marijuana-age-verify 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "education-addon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "education-addon 1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-side-tab-cta 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ect-add-to-cart-button No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-panorama 1.1.5 Admin+.Stored.XSS LOW" "easy-preloader No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "everest-counter-lite 2.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "exxp-wp No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "email-address-encoder 1.0.24 Cross-Site.Request.Forgery.via.eae_clear_caches() MEDIUM" "email-address-encoder 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eventon-rsvp 2.9.5 Reflected.XSS HIGH" "events-calendar-registration-booking-by-events-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ecab-taxi-booking-manager 1.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "embedstories 0.7.5 Contributor+.Stored.XSS MEDIUM" "etsy-importer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "external-media 1.0.36 Admin+.Stored.XSS LOW" "external-media 1.0.34 Authenticated.Arbitrary.File.Upload CRITICAL" "easy-notify-lite 1.1.33 Contributor+.Stored.XSS MEDIUM" "easy-notify-lite 1.1.30 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "envato-elements 2.0.15 Author+.Server-Side.Request.Forgery MEDIUM" "envato-elements 2.0.11 Contributor+.Arbitrary.File.Upload HIGH" "email-users No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "email-users 4.8.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "email-users 4.8.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "email-users 4.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "erp 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "erp 1.13.1 Authenticated.(Accounting.Manager+).SQL.Injection.via.vendor_id HIGH" "erp 1.13.2 Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Accounting.Manager+).SQL.Injection HIGH" "erp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "erp 1.30.0 Authenticated.(Accounting.Manager+).SQL.Injection.via.id HIGH" "erp 1.12.9 Authenticated.(Accounting.manager+).SQL.Injection HIGH" "erp 1.12.7 Missing.Authorization.via.admin.notice.dismissal MEDIUM" "erp 1.12.4 Admin+.SQL.Injection MEDIUM" "erp 1.12.4 Reflected.Cross-Site.Scripting HIGH" "erp 1.7.5 CSRF.Nonce.Bypasses MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-gallery-slideshow No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-pixels-by-jevnet No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "essential-blocks 5.1.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.7.0 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.13 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.10 Contributor+.DOM-Based.XSS.via.Social.Icons.Block MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.4.10 Missing.Authorization MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.2 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.4.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.2.1 Contributor+.Unauthorised.Actions LOW" "essential-blocks 4.2.1 Subscriber+.Unauthorised.Actions MEDIUM" "essential-blocks 4.4.3 Unauthenticated.Local.File.Inclusion CRITICAL" "essential-blocks 4.2.1 Missing.Authorization.via.AJAX.actions MEDIUM" "essential-blocks 4.2.1 Unauthenticated.Object.Injection HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks 4.0.7 Multiple.Functions.Missing.Authorization.Checks MEDIUM" "email-before-download No.known.fix Cross-Site.Request.Forgery MEDIUM" "email-before-download 6.8 Admin+.SQL.Injection MEDIUM" "email-before-download 4.0 SMTP.Header.Injection MEDIUM" "e-shops-cart2 No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "easy-table-of-contents 2.0.68 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.67.1 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.66 Admin+.Stored.XSS LOW" "ecwid-shopping-cart 6.12.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecwid-shopping-cart 6.12.5 Cross-Site.Request.Forgery MEDIUM" "ecwid-shopping-cart 6.12.5 Arbitrary.Plugin.Settings.Change.via.CSRF MEDIUM" "ecwid-shopping-cart 6.12.4 Missing.Authorization.on.multiple.functions MEDIUM" "ecwid-shopping-cart 6.11.5 Contributor+.Stored.Cross-Site.Scriping MEDIUM" "ecwid-shopping-cart 6.11.4 Import.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.24 Settings.Update.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.23 Insufficient.Access.Control MEDIUM" "easy-caller-with-moceanapi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.24 Authenticated.(Administrator+).SQL.Injection MEDIUM" "email-subscribe 1.2.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.print_email_subscribe_form.Shortcode MEDIUM" "email-subscribe 1.2.21 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.20 Reflected.XSS HIGH" "email-subscribe 1.2.19 .Reflected.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.17 Reflected.XSS HIGH" "etruel-del-post-copies No.known.fix Missing.Authorization MEDIUM" "exchange-addon-membership 1.3.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "educare 1.4.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "educare 1.4.4 Students.&.Result.Management.System.<.1.4.4.-.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "e-signature 1.5.6.8 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "edwiser-bridge 3.0.6 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "edwiser-bridge 3.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "edwiser-bridge 2.0.7 Cross-Site.Request.Forgery MEDIUM" "edwiser-bridge 2.0.7 CSRF.Nonce.Bypass MEDIUM" "error-log-viewer 1.1.3 Directory.Listing.to.Sensitive.Data.Exposure LOW" "error-log-viewer 1.1.2 Arbitrary.Text.File.Deletion.via.CSRF LOW" "error-log-viewer 1.1.2 Admin+.Arbitrary.File.Clearing MEDIUM" "error-log-viewer 1.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "enable-media-replace 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "enable-media-replace 4.1.3 Author+.PHP.Object.Injection MEDIUM" "enable-media-replace 4.0.2 Author+.Arbitrary.File.Upload CRITICAL" "enable-media-replace 4.0.0 Admin+.Path.Traversal LOW" "email-obfuscate-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-testimonials 3.9.3 Contributor+.Stored.XSS MEDIUM" "easy-testimonials 3.9 Reflected.Cross-Site.Scripting MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-testimonials 3.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easy-testimonials 1.37 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "easy-facebook-likebox 6.5.7 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.6 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fb_appid MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.3 Subscriber+.Settings.Update MEDIUM" "easy-facebook-likebox 6.5.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox 6.4.0 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting HIGH" "easy-language-switcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "event-page-templates-addon-for-the-events-calendar 1.6 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "edoc-easy-tables No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "exit-popup-show No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-custom-auto-excerpt 2.5.0 Sensitive.Information.Exposure MEDIUM" "easy-custom-auto-excerpt 2.4.7 XSS MEDIUM" "everse-starter-sites 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "everse-starter-sites 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-svg-upload No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "express-shop 4.0.3 CSRF.Bypass MEDIUM" "easy-courses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eventr No.known.fix Blind.SQL.Injection CRITICAL" "emergency-password-reset 9.0 Cross-Site.Request.Forgery MEDIUM" "emc2-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-wp-cleaner 2.0 Data.Deletion.via.CSRF MEDIUM" "easy-redirect-manager No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "easy-google-map No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ect-product-carousel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.12 Reflected.XSS HIGH" "enhanced-tooltipglossary 4.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.4 Admin+.Stored.XSS LOW" "enhanced-tooltipglossary 4.3.0 Settings.Update.via.CSRF MEDIUM" "enhanced-tooltipglossary 3.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 3.3.5 XSS MEDIUM" "easy-tynt No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-hide-login 1.0.9 Arbitrary.settings.update.via.CSRF MEDIUM" "easy-hide-login 1.0.8 Admin+.Stored.XSS LOW" "event-geek No.known.fix Stored.Cross-site.Scripting.(XSS) MEDIUM" "estatik 4.1.1 Reflected.XSS HIGH" "estatik 4.1.1 Unauthenticated.PHP.Object.Injection HIGH" "estatik 4.1.1 Subscriber+.Arbitrary.Option.Update HIGH" "estatik 2.3.1 Arbitrary.File.Upload HIGH" "easy-social-share-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-widgets 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "element-ready-lite 6.4.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "element-ready-lite 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "element-ready-lite 6.4.3 .Open.Redirect MEDIUM" "element-ready-lite 6.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 5.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ekiline-block-collection 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-twine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embed-docs 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-demo-importer 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "elespare 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Horizontal.Nav.Menu.Widge MEDIUM" "elespare 2.1.3 Missing.Authorization.to.Subscriber+.Arbitrary.Post.Creation MEDIUM" "enweby-variation-swatches-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "extended-search-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "event-registration-calendar-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-registration-calendar-by-vcita 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "event-registration-calendar-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "embed-video-thumbnail 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "easync-booking 1.3.12 Reflected.Cross-Site.Scripting HIGH" "easync-booking 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "easync-booking 1.1.16 Unauthenticated.Arbitrary.File.Upload CRITICAL" "easync-booking 1.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "export-customers-data 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 Cross-Site.Request.Forgery MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 CSRF.Bypass MEDIUM" "everest-forms 3.0.8.1 Admin+.Stored.XSS LOW" "everest-forms 3.0.4.2 Admin+.Stored.XSS LOW" "everest-forms 3.0.3.1 Admin+.Stored.XSS LOW" "everest-forms 2.0.8 Unauthenticated.Server-Side.Request.Forgery.via.font_url HIGH" "everest-forms 2.0.5 Admin+.Stored.XSS LOW" "everest-forms 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 1.5.0 SQL.Injection CRITICAL" "edit-comments-xt No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 6.0.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Author+).Sensitive.Information.Exposure.to.Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.4 Best.Elementor.Templates,.Widgets,.Kits.&.WooCommerce.Builders.<.6.0.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.no_more_items_text.Parameter MEDIUM" "essential-addons-for-elementor-lite 5.9.27 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.22 Contributor+.Stored.Cross-Site.Scripting.via.Twitter.Feed MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Interactive.Circles' MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Several.Widgets MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Dual.Color.Header',.'Event.Calendar',.&.'Advanced.Data.Table' MEDIUM" "essential-addons-for-elementor-lite 5.9.18 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 5.9.15 Contributor+.Store.XSS.via.Widget.URL MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Author+.PHP.Object.Injection MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Unauthenticated.Private/Draft.Posts.Access MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Event.Calendar HIGH" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Data.Table MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Accordion MEDIUM" "essential-addons-for-elementor-lite 5.9.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scritping MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scripting.via.Image.URl MEDIUM" "essential-addons-for-elementor-lite 5.9.3 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.8.9 Authenticated.(Contributor+).Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 5.8.2 Unauthenticated.MailChimp.API.Key.Disclosure MEDIUM" "essential-addons-for-elementor-lite 5.7.2 Unauthenticated.Privilege.Escalation CRITICAL" "essential-addons-for-elementor-lite 5.0.9 Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.0.5 Unauthenticated.LFI CRITICAL" "essential-addons-for-elementor-lite 4.5.4 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-calendar-pro 7.0.2.1 Authenticated.(Administrator+).PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "events-calendar-pro 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "extra-options-favicons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "eveeno 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-text-widget 1.6.6 Admin+.Stored.XSS LOW" "enhanced-text-widget 1.5.8 Subscriber+.Plugin.Installation MEDIUM" "enhanced-text-widget 1.5.8 Plugin.Installation.via.CSRF MEDIUM" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization MEDIUM" "elementinvader-addons-for-elementor 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization.to.Arbitrary.Options.Read MEDIUM" "elementinvader-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementinvader-addons-for-elementor 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Subscriber+.Plugin.Database.Reset MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Unauthenticated.Arbitrary.Instagram.Account.Unlinking MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel 6.2.1 Reflected.Cross-Site.Scripting MEDIUM" "easy2map-photos 1.1.0 SQL.Injection CRITICAL" "easy-appointments 3.11.19 Insufficient.Authorization MEDIUM" "easy-appointments 3.11.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-appointments 3.11.10 Cross-Site.Request.Forgery MEDIUM" "easy-appointments 3.11.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "easy-appointments 1.12.0 Cross-Site.Scripting.(XSS) MEDIUM" "event-countdown-timer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.7.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "exclusive-addons-for-elementor 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.9 Authenticated.(Contibutor+).Stored.Cross-Site.Scripting.via.Card.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.2 Missing.Authorization.to.Post.Duplication MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Expired.Title MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.to.Action MEDIUM" "exclusive-addons-for-elementor 2.6.9.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Covid-19.Stats.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.To.Action.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.2 Arbitrary.Uninstall.Reason.Feedback.via.CSRF MEDIUM" "easy-org-chart No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "exchange-addon-easy-canadian-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "exhibit-to-wp-gallery No.known.fix Reflected.XSS HIGH" "exit-intent-popups-by-optimonk 2.0.5 Account.ID.Update.via.CSRF MEDIUM" "essential-addons-elementor 5.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Lightbox.and.Modal.Widget MEDIUM" "essential-addons-elementor 5.8.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Carousel.Widget MEDIUM" "essential-addons-elementor 5.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'title_html_tag' MEDIUM" "essential-addons-elementor 5.4.9 Unauthenticated.SSRF MEDIUM" "essential-addons-elementor 5.4.9 Reflected.XSS HIGH" "eelv-newsletter No.known.fix Cross-Site.Request.Forgery MEDIUM" "eelv-newsletter 4.6.1 CSRF.&.XSS HIGH" "easy-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-slideshow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "evergreen-content-poster 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "evergreen-content-poster 1.4.3 Missing.Authorization MEDIUM" "evergreen-content-poster 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "evergreen-content-poster 1.4.1 Admin+.Stored.XSS LOW" "emails-blacklist-everest-forms 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "emails-blacklist-everest-forms 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-google-photos-album-easily 2.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "eid-easy-qualified-electonic-signature 3.3.1 Use.of.Polyfill.io MEDIUM" "emails-verification-for-woocommerce 2.9.0 Unauthenticated.SQL.Injection HIGH" "emails-verification-for-woocommerce 2.7.5 Authentication.Bypass HIGH" "emails-verification-for-woocommerce 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "easyappointments 1.3.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ecommerce-two-factor-authentication 1.0.5 Two.Factor.Authentication.<.1.0.5.-.Reflected.Cross-Site.Scripting HIGH" "essential-wp-real-estate No.known.fix Reflected.XSS HIGH" "essential-wp-real-estate No.known.fix Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "export-all-urls 4.6 Reflected.XSS HIGH" "export-all-urls 4.2 Editor+.Stored.XSS MEDIUM" "export-all-urls 4.4 Admin+.Arbitrary.System.File.Removal MEDIUM" "export-all-urls 4.2 Editor+.Stored.Cross-Site.Scripting LOW" "export-all-urls 4.3 Private/Draft.Post/Page.Title.Disclosure.via.CSRF MEDIUM" "export-all-urls 4.2 Reflected.Cross-Site.Scripting MEDIUM" "footer-putter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "favicon-switcher No.known.fix Arbitrary.Settings.Change.via.CSRF MEDIUM" "forms-for-divi 8.1.3 Reflected.Cross-Site.Scripting MEDIUM" "facebook-likebox-widget-and-shortcode 1.2.1 Admin+.Stored.XSS LOW" "fusion-slider No.known.fix Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "fluent-security 1.0.2 Bypass.blocks.by.IP.Spoofing MEDIUM" "flower-delivery-by-florist-one 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flower-delivery-by-florist-one No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fd-elementor-button-plus No.known.fix Contributor+.Stored.XSS MEDIUM" "freshmail-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "freshmail-integration No.known.fix Reflected.XSS HIGH" "freesoul-deactivate-plugins 2.1.4 Cross-Site.Request.Forgery.via.eos_dp_pro_delete_transient MEDIUM" "flexible-shipping-usps 1.10.0 Sensitive.Information.Exposure MEDIUM" "flexible-shipping-usps 1.9.3 Cross-Site.Request.Forgery MEDIUM" "fetch-jft 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "food-store No.known.fix Reflected.Cross-Site.Scripting HIGH" "food-store 1.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "food-store 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "food-store 1.3.7 Unauthorised.AJAX.call.via.CSRF MEDIUM" "faltu-testimonial-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formassembly-web-forms 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "featured-posts-scroll No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fotobook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "floating-contact 2.8 Admin+.Stored.XSS LOW" "form-block 1.0.2 Form.Submission.via.CSRF MEDIUM" "front-editor 4.4.8 Admin+.Stored.XSS LOW" "front-editor 4.4.5 Admin+.Stored.XSS LOW" "front-editor 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "front-editor 3.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formcraft3 3.8.28 Unauthenticated.SSRF MEDIUM" "formcraft3 3.4 Premium.WordPress.Form.Builder.<.3.4.-.Authenticated.Stored.XSS MEDIUM" "fullworks-firewall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-firewall No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fixed-html-toolbar 1.0.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "float-menu 6.0.1 Menu.Deletion.via.CSRF MEDIUM" "float-menu 5.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "float-menu 5.0.2 Reflected.XSS MEDIUM" "float-menu 4.3.1 Arbitrary.Menu.Deletion.via.CSRF MEDIUM" "fast-velocity-minify 2.7.7 Full.Path.Disclosure MEDIUM" "foobox-image-lightbox 2.7.32 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "foobox-image-lightbox 2.7.28 Admin+.Stored.XSS LOW" "foobox-image-lightbox 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foobox-image-lightbox 2.6.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "filedownload No.known.fix Multiple.Issues CRITICAL" "free-product-sample 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "free-product-sample 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontier-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "free-event-banner No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flight-search-widget-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "formcraft-form-builder 1.2.11 Missing.Authorization MEDIUM" "formcraft-form-builder 1.2.8 Missing.Authorization.via.formcraft_nag_update MEDIUM" "formcraft-form-builder 1.2.7 Admin+.Stored.XSS LOW" "formcraft-form-builder 3.9.7 Admin+.SQLi MEDIUM" "formcraft-form-builder 1.2.10 Contributor+.Stored.XSS MEDIUM" "formcraft-form-builder 1.2.6 Admin+.Stored.Cross.Site.Scripting LOW" "formcraft-form-builder 1.2.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "full-site-editing 3.79150 Contributor+.Stored.XSS MEDIUM" "falang 1.3.53 Missing.Authorization.to.Translation.Update.and.Information.Exposure MEDIUM" "falang 1.3.52 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.50 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "falang 1.3.48 Authenticated.(Administrator+).SQL.Injection HIGH" "falang 1.3.40 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.18 Reflected.Cross-Site.Scripting HIGH" "feed-them-social 4.2.1 Cross-Site.Request.Forgery.via.review_nag_check LOW" "feed-them-social 4.0.0 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Subscriber+.Stored.XSS MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 2.9.8.6 Unauthenticated.PHAR.Deserialisation MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feed-them-social 1.7.0 XSS.&.Arbitrary.Shortcode.Execution CRITICAL" "famethemes-demo-importer 1.1.6 Cross-Site.Request.Forgery MEDIUM" "freshing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freshing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-comments-for-wordpress-vuukle 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "feeds-for-youtube 2.2.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "feeds-for-youtube 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "feeds-for-youtube 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "floating-social-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "flyzoo No.known.fix Admin+.Stored.XSS LOW" "fooevents 1.19.21 Improper.Authorization.to.(Contributor+).Arbitrary.File.Upload HIGH" "firework-videos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "full-screen-page-background-image-slideshow No.known.fix Admin+.Stored.XSS LOW" "file-manager-advanced 5.2.14 5.2.13.-.Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.11 Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.9 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion.via.fma_locale MEDIUM" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Limited.File.Upload MEDIUM" "file-manager-advanced 5.2.5 Sensitive.Information.Exposure.via.Directory.Listing MEDIUM" "file-manager-advanced 5.1.1 Admin+.Arbitrary.File/Folder.Access MEDIUM" "frontend-admin 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "frontend-admin 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "far-future-expiry-header 1.5 Plugin's.Settings.Update.via.CSRF MEDIUM" "fl3r-feelbox No.known.fix Unauthenticated.SQLi HIGH" "fl3r-feelbox No.known.fix Settings.Update.via.CSRF.to.Stored.XSS HIGH" "fl3r-feelbox No.known.fix Moods.Reset.via.CSRF MEDIUM" "footer-text No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "favicon-my-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "find-my-blocks 3.4.0 Private.Post.Titles.Disclosure MEDIUM" "foogallery 2.4.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Custom.URL MEDIUM" "foogallery 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Attachment.Fields MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foogallery 2.4.9 Best.WordPress.Gallery.Plugin.–.FooGallery.<.2,4,9.-Admin+.Stored.Cross-Site.Scripting LOW" "foogallery 2.3.2 Reflected.XSS HIGH" "foogallery 2.3.2 Extensions.Mgt.via.CSRF MEDIUM" "foogallery 2.2.44 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.2.41 Reflected.XSS HIGH" "foogallery 2.1.34 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foogallery 2.0.35 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "foogallery 1.9.25 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "foogallery 1.6.17 Subscriber+.Arbitrary.Option.Update CRITICAL" "fudou 5.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "fancybox-for-wordpress 3.3.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fancybox-for-wordpress 3.3.4 3.3.3.-.Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "flog No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "flexible-checkout-fields 4.1.3 Missing.Authorization MEDIUM" "ftp-access No.known.fix Subscriber+.Stored.XSS HIGH" "fwdmsp 8.0 Unauthenticated.Arbitrary.File.Read/Download HIGH" "fs-shopping-cart No.known.fix Authenticated.SQL.Injection HIGH" "fareharbor 3.6.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fareharbor 3.6.7 Admin+.Stored.XSS LOW" "formidable 6.16.2 Reflected.Cross-Site.Scripting.via.Custom.HTML.Form.Parameter MEDIUM" "formidable 6.14.1 Admin+.Stored.XSS LOW" "formidable 6.11.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "formidable 6.8 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 HTML.Injection MEDIUM" "formidable 6.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "formidable 6.2 Unauthenticated.PHP.Object.Injection HIGH" "formidable 6.1 IP.Spoofing MEDIUM" "formidable 5.5.7 Arbitrary.Entry.Deletion.via.CSRF MEDIUM" "formidable 5.0.07 Admin+.Stored.Cross-Site.Scripting LOW" "formidable 4.09.05 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "formidable 4.02.01 Unsafe.Deserialisation CRITICAL" "formidable 2.05.03 Multiple.Vulnerabilities HIGH" "formidable 2.0 Authenticated.Blind.SQL.Injection MEDIUM" "formidable 1.06.03 Arbitrary.File.Upload.via.ofc_upload_image.php CRITICAL" "freshmail-newsletter 1.6 Unauthenticated.SQL.Injection HIGH" "full-page-blog-designer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Cross-Site.Request.Forgery MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fast-custom-social-share-by-codebard 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "fastdup 2.2 Directory.Listing.to.Account.Takeover.and.Sensitive.Data.Exposure HIGH" "fastdup 2.1.8 Sensitive.Information.Exposure.via.Log.File MEDIUM" "feedback-suite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedback-suite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedback-suite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "flash-show-and-hide-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "florapress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "florapress 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flowplayer6-video-player 1.0.5 Contributor+.Stored.XSS MEDIUM" "fancier-author-box No.known.fix Admin+.Stored.XSS LOW" "fast-search-powered-by-solr No.known.fix Admin+.Stored.XSS LOW" "fast-search-powered-by-solr No.known.fix Settings.Update.via.CSRF MEDIUM" "feedburner-optin-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fma-additional-registration-attributes No.known.fix Arbitrary.Field.Deletion.and.Form.Modification.via.CSRF HIGH" "fancy-user-listing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "forumwp 2.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "forumwp 2.1.3 Reflected.Cross-Site.Scripting HIGH" "forumwp 2.1.3 Reflected.Cross-Site.Scripting.via.url.Parameter HIGH" "forumwp 2.1.0 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "fix-my-feed-rss-repair No.known.fix Cross-Site.Request.Forgery MEDIUM" "fare-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "furikake No.known.fix Unauthenticated.Open.Redirect MEDIUM" "files-download-delay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.7 Subscriber+.Settings.Reset MEDIUM" "files-download-delay 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "floating-social-media-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-forms No.known.fix Contact.Form.<=.1.2.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "formidable-registration 2.12 Contributor+.Arbitrary.User.Password.Reset.To.Account.Takeover HIGH" "forms-by-made-it 2.8.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-by-made-it 1.12.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "floatbox-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.orderby MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.id MEDIUM" "float-block No.known.fix Admin+.Stored.XSS.via.Widget LOW" "flamix-bitrix24-and-contact-forms-7-integrations 3.2.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "formforall No.known.fix Contributor+.Stored.XSS MEDIUM" "fma-products-tabs-pro No.known.fix Arbitrary.Tab.Deletion/Edition.via.CSRF HIGH" "favicon-rotator 1.2.11 Reflected.Cross-Site.Scripting MEDIUM" "first-order-discount-woocommerce 1.22 Discount.Update.via.CSRF MEDIUM" "friendstore-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foxyshop 4.8.2 Reflected.Cross-Site.Scripting MEDIUM" "fx-toc No.known.fix Contributor+.Stored.XSS MEDIUM" "fluentforms-pdf 1.1.8 Cross-Site.Scripting MEDIUM" "freshdesk-support 2.4.0 Open.Redirect MEDIUM" "freshdesk-support 1.8 Open.Redirect MEDIUM" "featured-image-generator 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Images.Upload MEDIUM" "fraudlabs-pro-sms-verification 1.10.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fonto 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "faq-builder-ays 1.7.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.3.6 Authenticated.Blind.SQL.Injections HIGH" "faculty-weekly-schedule 1.2.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "fileviewer No.known.fix Arbitrary.File.Upload/Deletion.via.CSRF CRITICAL" "floating-social-bar 1.1.7 Cross-Site.Scripting.(XSS) MEDIUM" "fabrica-reusable-block-instances 1.0.9 Reflected.Cross-Site.Scripting HIGH" "featured-image-pro 5.15 Reflected.XSS HIGH" "flashcounter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "feedzy-rss-feeds 4.4.8 Authenticated(Contributor+).Blind.Server-Side.Request.Forgery.(SSRF) MEDIUM" "feedzy-rss-feeds 4.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Error.Message MEDIUM" "feedzy-rss-feeds 4.4.3 Missing.Authorization.to.Arbitrary.Page.Creation.and.Publication MEDIUM" "feedzy-rss-feeds 4.4.3 Authenticated(Contributor+).SQL.Injection HIGH" "feedzy-rss-feeds 4.4.2 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "feedzy-rss-feeds 4.1.1 Contributor+.Stored.XSS MEDIUM" "feedzy-rss-feeds 3.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feedzy-rss-feeds 3.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "formzu-wp 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formzu-wp 1.6.7 Contributor+.Stored.XSS.via.id MEDIUM" "fs-product-inquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "fs-product-inquiry No.known.fix Reflected.XSS HIGH" "fg-prestashop-to-woocommerce 4.47.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "fast-wp-speed No.known.fix Reflected.XSS HIGH" "forms-to-klaviyo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-select-control-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "font-awesome 4.3.2 Contributor+.Stored.XSS MEDIUM" "fediverse-embeds 1.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "featured-content-gallery No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "feature-comments 1.2.5 wp-admin/admin-ajax.php.Comment.Status.Manipulation.CSRF MEDIUM" "featured-product-by-category-name No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "front-end-only-users 3.2.25 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.79.262 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.79.262 Missing.Authorization MEDIUM" "fulltext-search 1.69.234 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fulltext-search 1.70.236 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.69.234 Missing.Authorization MEDIUM" "fulltext-search 1.60.213 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WPFTS.Live.Search.Widget MEDIUM" "flattr No.known.fix Admin+.Stored.XSS LOW" "fancy-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "font-awesome-4-menus No.known.fix Contributor+.Stored.XSS MEDIUM" "font-awesome-4-menus No.known.fix Admin+.Stored.XSS LOW" "fetch-tweets No.known.fix Reflected.Cross-Site.Scripting HIGH" "flexmls-idx 3.14.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.API.parameters MEDIUM" "flexmls-idx 3.14.23 Reflected.Cross-Site.Scripting MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Cross-Site.Request.Forgery MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.0 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.17.0 Unauthenticated.Arbitrary.File.Deletion HIGH" "featured-products-first-for-woocommerce 1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "featured-products-first-for-woocommerce 1.9.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fantastic-elasticsearch No.known.fix Reflected.XSS HIGH" "filestack-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "floating-action-buttons 1.0.1 Missing.Authorization MEDIUM" "forms-ada-form-builder No.known.fix Unauthenticated.Reflected.XSS HIGH" "fat-event-lite No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "fat-event-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fat-event-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "floating-div No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "floating-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "football-leagues-by-anwppro 0.16.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "fluent-smtp 2.2.81 Cross-Site.Request.Forgery MEDIUM" "fluent-smtp 2.2.83 Unauthenticated.PHP.Object.Injection HIGH" "fluent-smtp 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fluent-smtp 2.2.3 Stored.XSS.via.Email.Logs HIGH" "fluent-smtp 2.0.1 Authenticated.Stored.XSS LOW" "faq-and-answers 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fontmeister No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flipping-cards 1.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "final-user-wp-frontend-user-profiles 1.2.2 Subscriber+.Privilege.Escalation CRITICAL" "fullworks-pricing-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-pricing-tables No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fullworks-directory No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-directory No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formsite 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "faqs No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "forms-to-zapier No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "forms-to-zapier 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "forms-to-zapier 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "front-end-pm 11.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "front-end-pm 11.3.8 Reflected.Cross-Site.Scripting MEDIUM" "front-end-pm 11.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flying-press 3.9.7 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "ferma-ru-net-checkout No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "falcon 2.8.4 Missing.Authorization MEDIUM" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "float-to-top-button No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "friendly-functions-for-welcart 1.2.5 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "forty-four No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "floating-tiktok-button 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "floating-social-media-icon No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fattura24 6.2.8 Reflected.Cross-Site.Scripting HIGH" "floating-links 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "floating-links 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-manager-advanced-shortcode 2.5.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "file-manager-advanced-shortcode 2.4.1 Authenticated.(Contributor+).Directory.Traversal HIGH" "file-manager-advanced-shortcode No.known.fix Unauthenticated.Remote.Code.Execution.through.shortcode CRITICAL" "fv-wordpress-flowplayer 7.5.48.7212 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fv-wordpress-flowplayer 7.5.47.7212 Authenticated.(Subscriber+).SQL.Injection.via.exclude.Parameter HIGH" "fv-wordpress-flowplayer 7.5.46.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Subscriber+).Server-side.Request.Forgery MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Contributor+).Arbitrary.Redirect MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.39.7212 Insufficient.Input.Validation.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Arbitrary.Usermeta.Update MEDIUM" "fv-wordpress-flowplayer 7.5.35.7212 Reflected.XSS HIGH" "fv-wordpress-flowplayer 7.5.31.7212 Settings.Toggle.via.CSRF MEDIUM" "fv-wordpress-flowplayer 7.5.19.727 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.18.727 Author+.SQLi HIGH" "fv-wordpress-flowplayer 7.5.3.727 Reflected.Cross-Site.Scripting HIGH" "fv-wordpress-flowplayer 7.4.38.727 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "fv-wordpress-flowplayer 7.3.19.727 SQL.Injection CRITICAL" "fv-wordpress-flowplayer 7.3.14.727 Unauthenticated.Stored.XSS MEDIUM" "fv-wordpress-flowplayer 7.3.15.727 CSV.Export CRITICAL" "fv-wordpress-flowplayer 7.3.15.727 SQL.Injection MEDIUM" "fancy-elementor-flipbox 2.5.2 Contributor+.Stored.XSs.via.Fancy.Elementor.Flipbox.Widget MEDIUM" "formfacade 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.3.7 Reflected.Cross-Site.Scripting HIGH" "formfacade 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.2.2 Contributor+.Stored.XSS MEDIUM" "fusion 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "filter-portfolio-gallery No.known.fix Arbitrary.Gallery.Deletion.via.CSRF MEDIUM" "font-farsi No.known.fix Administrator+.Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Admin+.Stored.XSS.in.Settings LOW" "font-farsi No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "formilla-live-chat 1.3.1 Admin+.Stored.XSS LOW" "formaloo-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "faq-manager-with-structured-data 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "faq-manager-with-structured-data 5.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "footer-flyout-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fixed-ip-logins 1.0 Reflected.Cross-Site.Scripting MEDIUM" "flashnews-fading-effect-pearlbells No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Cross-Site.Request.Forgery MEDIUM" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formbuilder No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "formbuilder 1.08 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "formbuilder 1.0.8 Multiple.Authenticated.SQL.Injection MEDIUM" "fotomoto No.known.fix Reflected.XSS HIGH" "forym No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "free-shipping-label 2.6.11 Reflected.Cross-Site.Scripting MEDIUM" "feedbackscout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedbackscout No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "folders-pro 3.0.3 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders-pro 3.0.3 Authenticated(Author+).Arbitrary.File.Upload.via.handle_folders_file_upload HIGH" "fast-checkout-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-checkout-for-woocommerce 1.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foogallery-premium 2.4.27 Authenticated.(Contributor+).Directory.Traversal HIGH" "foogallery-premium 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery-premium 2.4.6 Contributor+.Stored.XSS MEDIUM" "filter-gallery 0.1.6 Admin+.Stored.XSS LOW" "filter-gallery 0.0.7 Unauthorised.AJAX.Calls HIGH" "form-to-chat 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.5.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "form-data-collector 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "focus-on-reviews-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flowfact-wp-connector 2.1.8 Reflected.XSS HIGH" "flexible-shipping-ups 3.0.0 Missing.Authorization.to.Plugin.API.key.reset MEDIUM" "flexible-shipping-ups 2.2.5 Cross-Site.Request.Forgery MEDIUM" "foyer No.known.fix Content.Injection.via.Improper.Access.Control MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Subscriber+.Plugin.Installation MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Plugin.Installation.via.CSRF MEDIUM" "forminator 1.38.3 Reflected.XSS.via.Title.Parameter HIGH" "forminator 1.38.3 Admin+.Stored.XSS LOW" "forminator 1.36.1 Unauthenticated.Arbitrary.Quiz.Submissions.Update MEDIUM" "forminator 1.36.0 Missing.Authorization.to.Authenticated.(Contributor+).Form.Update.and.Creation HIGH" "forminator 1.36.0 Draft.Custom.Form.Creation.via.CSRF MEDIUM" "forminator 1.36.0 Draft.Quiz.Creation.via.CSRF MEDIUM" "forminator 1.34.1 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.2 HubSpot.Developer.API.Key.Sensitive.Information.Exposure HIGH" "forminator 1.15.4 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.29.3 Admin+.SQL.Injection MEDIUM" "forminator 1.29.3 Contributor+.Stored.Cross-Site.Scripting.via.forminator_form.Shortcode MEDIUM" "forminator 1.29.1 Unauthenticated.Stored.XSS HIGH" "forminator 1.29.1 Reflected.Cross-Site.Scripting HIGH" "forminator 1.28.0 Admin+.Arbitrary.File.Upload MEDIUM" "forminator 1.27.0 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.25.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.24.4 Reflected.XSS HIGH" "forminator 1.24.1 Unauthenticated.Race.Condition.on.poll.vote MEDIUM" "forminator 1.15.4 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.14.12 Unauthenticated.Stored.XSS HIGH" "forminator 1.14.8.1 CSRF.Nonce.Bypasses MEDIUM" "forminator 1.13.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "forminator 1.6 Authenticated.Multiple.Vulnerabilities MEDIUM" "fintelligence-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "floating-button 6.0.1 Cross-Site.Request.Forgery.via.process_bulk_action MEDIUM" "floating-button 5.3.1 Reflected.XSS MEDIUM" "find-any-think No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "formidable-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "flexible-captcha No.known.fix Contributor+.Stored.XSS MEDIUM" "free-stock-photos-foter No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "fluent-crm 2.8.45 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluent-crm 2.8.0 Marketing.Automation.For.WordPress..<.2.8.0.-.Unauthenticated.Subscriptions.Update MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Missing.Authorization MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "facebook-by-weblizar 2.8.5 CSRF.&.XSS HIGH" "feed-comments-number No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "featured-image-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-image-toolkit No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "flo-launch 2.4.1 Missing.Authentication.Allow.Full.Site.Takeover CRITICAL" "flexible-shipping 4.24.16 Missing.Authorization MEDIUM" "flexible-shipping 4.11.9 Reflected.Cross-Site.Scripting MEDIUM" "fx-private-site No.known.fix Sensitive.Information.Exposure MEDIUM" "fw-integration-for-emailoctopus No.known.fix Contributor+.Stored.XSS MEDIUM" "fsflex-local-fonts No.known.fix Admin+.Stored.Cross-Site-Scripting LOW" "facebook-messenger-customer-chat 1.6 Authenticated.Options.Change.to.Chat.Takeover HIGH" "facebook-messenger-customer-chat 1.3 CSRF HIGH" "feed-changer 0.3 Admin+.Stored.XSS LOW" "filebird 6.3.4 Missing.Authorization MEDIUM" "filebird 5.6.4 Author+.Users.Folder.Deletion LOW" "filebird 5.6.4 Author+.Stored.XSS MEDIUM" "filebird 5.6.1 Admin+.Stored.XSS MEDIUM" "filebird 4.7.4 Unauthenticated.SQL.Injection HIGH" "fg-joomla-to-wordpress 4.21.0 Sensitive.Information.Exposure MEDIUM" "full-customer 3.1.26 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "full-customer 3.1.23 Reflected.Cross-Site.Scripting MEDIUM" "full-customer 3.1.13 Unauthenticated.Stored.Cross-Site.Scripting.via.License.Plan.Parameter HIGH" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Health.Check.Disclosure MEDIUM" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Arbitrary.Plugin.Installation HIGH" "fuse-social-floating-sidebar 5.4.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "fuse-social-floating-sidebar 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "f4-improvements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "f4-improvements 1.8.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.2.7 Unauthenticated.Stored.XSS.via.Form.Subject HIGH" "fluentform 5.2.1 Admin+.Stored.XSS LOW" "fluentform 5.1.20 Form.Manager+.Stored.XSS LOW" "fluentform 5.1.19 .Missing.Authorization.to.Authenticated.(Subscriber+).Mailchimp.Integration.Modification MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Welcome.Screen.Fields MEDIUM" "fluentform 5.1.16 Contributor+.PHP.Object.Injection MEDIUM" "fluentform 5.1.17 Unauthenticated.Settings.Update MEDIUM" "fluentform 5.1.17 Contributor+.Stored.XSS MEDIUM" "fluentform 5.1.17 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "fluentform 5.1.14 Subscriber+.Stored.XSS MEDIUM" "fluentform 5.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.7 Admin+.Stored.Cross-Site.Scripting.via.imported.form.title MEDIUM" "fluentform 5.0.9 Insecure.Direct.Object.Reference MEDIUM" "fluentform 5.0.0 SQL.Injection MEDIUM" "fluentform 4.3.25 Contributor+.Stored.XSS.via.Custom.HTML.Form.Field MEDIUM" "fluentform 4.3.13 CSV.Injection LOW" "fluentform 3.6.67 Cross-Site.Request.Forgery.(CSRF) HIGH" "fontawesomeio-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flo-forms 1.0.43 Missing.Authorization MEDIUM" "flo-forms 1.0.42 Subscriber+.Test.Email.Sending MEDIUM" "flo-forms 1.0.41 Admin+.Stored.XSS LOW" "flo-forms 1.0.36 Authenticated.Options.Change.to.Stored.XSS CRITICAL" "flexi 4.20 Guest.Submit.<.4.20.-.Reflected.Cross-Site.Scripting MEDIUM" "fg-drupal-to-wp 3.71.0 Sensitive.Information.Exposure MEDIUM" "fg-drupal-to-wp 3.68.0 Cross-Site.Request.Forgery.via.ajax_importer MEDIUM" "frontend-checklist No.known.fix Admin+.Stored.XSS LOW" "frontend-checklist No.known.fix Admin+.Stored.XSS.via.Items LOW" "file-upload-types 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "full-circle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fundpress 2.0.7 Unauthenticated.PHP.Object.Injection HIGH" "fossura-tag-miner 1.1.5 Cross-Site.Request.Forgery.(CSRF).&.XSS HIGH" "fluid-responsive-slideshow 2.2.7 CSRF.&.XSS HIGH" "flickr-picture-backup No.known.fix Unauthenticated.File.Upload CRITICAL" "flickr-justified-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "flickr-justified-gallery 3.4.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "free-google-fonts 3.0.1 Reflected.XSS HIGH" "floating-action-button 1.2.2 Cross-Site.Request.Forgery MEDIUM" "full-screen-menu-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "fast-video-and-image-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fastly 1.2.26 Missing.Authorization MEDIUM" "fastly 1.2.26 Missing.Authorization.via.AJAX.actions MEDIUM" "fancy-product-designer 6.4.4 Unauthenticated.SQL.Injection HIGH" "fancy-product-designer 6.4.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting LOW" "fancy-product-designer 6.1.8 Reflected.Cross.Site.Scripting HIGH" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting.via.Product.Title LOW" "fancy-product-designer 6.1.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Site.Options.Modification HIGH" "fancy-product-designer 4.7.6 Arbitrary.File.Upload.via.CSRF HIGH" "fancy-product-designer 4.7.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.6.9 Unauthenticated.Arbitrary.File.Upload.and.RCE CRITICAL" "fancy-product-designer 4.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.15 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fullworks-slack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-slack No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "facebook-wall-and-social-integration 1.11 Admin+.Stored.Cross-Site.Scripting LOW" "forms-3rdparty-post-again No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formcraft No.known.fix Arbitrary.File.Deletion CRITICAL" "file-away No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "fd-elementor-imagebox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "file-renaming-on-upload 2.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "favicon-by-realfavicongenerator 1.3.23 Reflected.Cross-Site.Scripting MEDIUM" "favicon-by-realfavicongenerator 1.3.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "flexi-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "fastbook-responsive-appointment-booking-and-scheduling-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fat-rat-collect 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "free-wp-booster-by-ads-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "form-to-sheet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-to-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fp-rss-category-excluder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-faqs 0.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "finance-calculator-with-application-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "friends 3.2.2 Missing.Authorization MEDIUM" "friends 2.8.6 Authenticated.(Admin+).Blind.Server-Side.Request.Forgery MEDIUM" "frontpage-manager No.known.fix Cross-Site.Request.Forgery.via.admin_page MEDIUM" "facebook-conversion-pixel 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.2 CSRF.to.Stored.Cross-Site.Scripting HIGH" "facebook-conversion-pixel 2.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "fathom-analytics 3.1.0 Admin+.Stored.XSS LOW" "fathom-analytics 3.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "funnel-builder 3.4.7 Missing.Authorization.to.Authenticated.(Contributor+).Settings.Update MEDIUM" "funnel-builder 3.4.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "funnel-builder 2.14.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "facebook-button-plugin 2.74 Unauthenticated.Password.Protected.Post.Read MEDIUM" "facebook-button-plugin 2.54 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "fileorganizer 1.1.5 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "fileorganizer 1.1.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "fileorganizer 1.0.8 Sensitive.Information.Exposure.via.Directory.Listing HIGH" "fileorganizer 1.0.7 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "fileorganizer 1.0.3 Admin+.Arbitrary.File.Access MEDIUM" "featured-image-from-url 4.8.3 Missing.Authorization MEDIUM" "featured-image-from-url 4.8.2 Missing.Authorization MEDIUM" "featured-image-from-url 4.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fifu_input_url MEDIUM" "featured-image-from-url 4.5.4 Contributor+.Stored.XSS MEDIUM" "featured-image-from-url 4.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "featured-image-from-url 4.0.0 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "formlift 7.5.18 Unauthenticated.SQL.Injection CRITICAL" "folders 3.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "folders 3.0.1 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders 3.0.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.User.First.Name.and.Last.Name MEDIUM" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload.in.handle_folders_file_upload HIGH" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "featured-image-caption 0.8.11 Contributor+.Stored.XSS MEDIUM" "formget-contact-form No.known.fix Contributor+.Stored.XSS MEDIUM" "for-the-visually-impaired No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "flat-preloader 1.5.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "flat-preloader 1.5.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "flexible-woocommerce-checkout-field-editor No.known.fix Missing.Authorization MEDIUM" "fat-services-booking No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fat-services-booking No.known.fix Unauthenticated.SQL.Injection HIGH" "filester 1.8.7 Missing.Authorization.to.Authenticated.(Subscriber+).Filebird.Plugin.Installation MEDIUM" "filester 1.8.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "filester 1.8.6 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "filester 1.8.3 Authenticated.Plugin.Settings.Update HIGH" "filester 1.8.1 Admin+.Stored.Cross-Site.Scripting LOW" "filester 1.8.1 Admin+.Remote.Code.Execution MEDIUM" "filester 1.8 Remote.Code.Execution.via.CSRF CRITICAL" "full-width-responsive-slider-wp 1.1.8 Reflected.XSS HIGH" "five-star-ratings-shortcode 1.2.48 Reflected.Cross-Site.Scripting MEDIUM" "five-star-ratings-shortcode 1.2.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "form-vibes 1.4.13 Missing.Authorization.in.Multiple.Functions MEDIUM" "form-vibes 1.4.11 Authenticated.(Subscriber+).SQL.Injection.via.fv_export_data HIGH" "form-vibes 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "form-vibes 1.4.6 Admin+.SQLi MEDIUM" "form-vibes 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fscf-sms 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "flatpm-wp 3.1.05 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flatpm-wp 3.0.13 Reflected.Cross-Site.Scripting HIGH" "freemage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freemage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freemage No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "frontend-registration-contact-form-7 No.known.fix Authenticated.(Editor+).Privilege.Escalation HIGH" "flash-album-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "flash-album-gallery 4.25 Full.Path.Disclosure MEDIUM" "flash-album-gallery No.known.fix admin/news.php.want2Read.Parameter.Traversal.Arbitrary.File.Access HIGH" "flash-album-gallery 2.72 "s".Cross-Site.Scripting HIGH" "full-picture-analytics-cookie-notice 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "full-picture-analytics-cookie-notice 3.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-gallery No.known.fix Reflected.Cross-Site.Scripting.via.post_id MEDIUM" "file-gallery 1.8.5.4 Contributor+.Stored.XSS MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "faq-for-woocommerce 1.6.4 WooCommerce.Product.FAQ.<.1.6.4.-.Reflected.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "feedwordpress 2024.0428 Unauthenticated.Draft.Access MEDIUM" "feedwordpress 2022.0123 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "feedwordpress 2015.0514 XSS.&.SQL-Injection MEDIUM" "fitness-trainer 1.4.1 Subscriber+.Privilege.Escalation CRITICAL" "fast-tube No.known.fix Reflected.XSS HIGH" "flowpaper-lite-pdf-flipbook 2.0.4 Contributor+.Stored.XSS MEDIUM" "flowpaper-lite-pdf-flipbook 2.0.0 Contributor+.Stored.XSS MEDIUM" "favorites 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "favorites 2.3.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "futurio-extra 2.0.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.header_size.tag MEDIUM" "futurio-extra 2.0.14 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "futurio-extra 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "futurio-extra 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Text.Block.Widget MEDIUM" "futurio-extra 1.9.1 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "futurio-extra 1.6.3 Subscriber+.User.Email.Address.Disclosure MEDIUM" "futurio-extra 1.6.3 Authenticated.SQL.Injection MEDIUM" "fontsampler 0.14.3 CSRF.to.Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "fontific No.known.fix Cross-Site.Request.Forgery.via.ajax_fontific_save_all HIGH" "featured-page-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fatal-error-notify 1.5.3 Subscriber+.Test.Error.Email.Sending MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forms-for-campaign-monitor 2.8.16 Unauthenticated.Full.Path.Disclosure MEDIUM" "forms-for-campaign-monitor 2.8.14 Reflected.Cross-Site.Scripting HIGH" "fin-accounting-for-woocommerce 4.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forget-about-shortcode-buttons 2.1.3 CSRF MEDIUM" "forget-about-shortcode-buttons 1.1.2 XSS MEDIUM" "flipbox-builder No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "flying-twitter-birds No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fusion-builder 3.11.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "fusion-builder 3.11.13 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "fusion-builder 3.11.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fusion_button.Shortcode MEDIUM" "fusion-builder 3.11.2 Cross.Site.Scripting.(XSS).vulnerability.in.the.User.Register.element HIGH" "fusion-builder 3.6.2 Unauthenticated.SSRF HIGH" "final-tiles-grid-gallery-lite 3.6.0 Contributor+.Stored.XSS MEDIUM" "final-tiles-grid-gallery-lite 3.5.8 Reflected.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "final-tiles-grid-gallery-lite 3.5.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.4.19 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "final-tiles-grid-gallery-lite 3.3.57 Subscriber+.Arbitrary.Option.Update CRITICAL" "flightlog No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "fullscreen-galleria 1.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feather-login-page 1.1.6 Cross-Site.Request.Forgery.via.saveData() MEDIUM" "feather-login-page 1.1.4 CSRF MEDIUM" "feather-login-page 1.1.2 Missing.Authorization.to.Non-Arbitrary.User.Deletion HIGH" "feather-login-page 1.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "flickr-rss No.known.fix XSS.and.CSRF HIGH" "foobox-image-lightbox-premium 2.7.28 Admin+.Stored.XSS LOW" "fs-poster No.known.fix Cross-Site.Request.Forgery MEDIUM" "fast-index 1.10 Reflected.Cross-Site.Scripting MEDIUM" "football-pool 2.11.10 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.12.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.11.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.6.5 Multiple.XSS MEDIUM" "frontend-post-submission-manager-lite 1.2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "finpose No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formidablepro-2-pdf 3.11 Subscriber+.SQLi HIGH" "forcefield 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "forcefield 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "font-awesome-more-icons No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "flynsarmy-iframe-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "flat-ui-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.flatbtn.Shortcode MEDIUM" "favicon-generator 2.1 Arbitrary.File.Deletion.via.CSRF HIGH" "favicon-generator 2.1 Arbitrary.File.Upload.via.CSRF HIGH" "favicon-generator 2.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion CRITICAL" "fish-and-ships 1.6 Reflected.Cross-Site.Scripting MEDIUM" "form-maker 1.15.33 .Admin+.Stored.XSS LOW" "form-maker 1.15.31 Admin+.Stored.XSS LOW" "form-maker 1.15.28 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "form-maker 1.15.31 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "form-maker 1.15.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.27 Reflected.Cross-Site.Scripting HIGH" "form-maker 1.15.26 Admin+.Stored.XSS MEDIUM" "form-maker 1.15.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.25 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "form-maker 1.15.24 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.23 Sensitive.Information.Exposure MEDIUM" "form-maker 1.15.22 CSRF.to.limited.RCE MEDIUM" "form-maker 1.15.21 Captcha.Bypass HIGH" "form-maker 1.15.19 Reflected.XSS HIGH" "form-maker 1.15.19 Unauthenticated.Stored.XSS CRITICAL" "form-maker 1.15.20 Unauthenticated.Arbitrary.File.Upload MEDIUM" "form-maker 1.15.6 Admin+.SQLI LOW" "form-maker 1.14.12 Admin+.Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.13.60 Authenticated.Stored.XSS HIGH" "form-maker 1.13.40 Authenticated.Reflected.XSS HIGH" "form-maker 1.13.36 Authenticated.SQL.Injection HIGH" "form-maker 1.13.3 Authenticated.SQL.Injection HIGH" "form-maker 1.13.5 Cross-Site.Request.Forgery.(CSRF).to.LFI MEDIUM" "form-maker 1.12.24 CSV.Injection MEDIUM" "file-manager 6.5.8 Authenticated.(Subscriber+).Limited.JavaScript.File.Upload MEDIUM" "file-manager 6.5.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager 6.5.6 6.5.5.-.Unauthenticated.Remote.Code.Execution.via.Race.Condition HIGH" "file-manager 6.3 Admin+.Arbitrary.OS.File/Folder.Access.+.Path.Traversal MEDIUM" "file-manager 5.2.3 Subscriber+.Arbitrary.File.Creation/Upload/Deletion CRITICAL" "file-manager 5.0.2 Information.Disclosure HIGH" "forms-to-sendinblue No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "free-download-manager No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "facebook-comment-by-vivacity No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "funnelforms-free No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Upload MEDIUM" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "funnelforms-free 3.4.2 Form.Deletion/Duplication.via.CSRF MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Deletion MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.New.Category.Creation MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Post.Modification MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Enable/Disable.Dark.Mode MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Update MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Test.Email.Sending MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4 Funnelforms.Free.<.3,4.Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "funnelforms-free 3.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "fws-ajax-contact-form No.known.fix Contributor+.Stored.XSS MEDIUM" "freemind-wp-browser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "facebook-like-send-button 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "facebook-like-send-button 1.2 Admin+.Stored.XSS LOW" "fancy-roller-scroller 1.4.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "find-duplicates No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "floating-awesome-button 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "floating-awesome-button 1.5.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "font-organizer No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "first-graders-toolbox 1.0.2 Plugins.Deactivation.via.CSRF MEDIUM" "foundation-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "facebook-fan-page-widget 2.1 Admin+.Stored.XSS LOW" "food-and-drink-menu 2.4.17 Missing.Authorization.to.Menu.Creation MEDIUM" "food-and-drink-menu 2.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "food-and-drink-menu 2.4.11 Unauthenticated.PHP.Object.Injection HIGH" "food-and-drink-menu 2.4.7 .Cross-Site.Request.Forgery MEDIUM" "food-and-drink-menu 2.2.1 Unauthenticated.PHP.Object.Injection HIGH" "funnel-builder-pro 3.5.0 Funnel.Kit.Funnel.Builder.PRO.<.3,5,0.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.allow_iframe_tag_in_post MEDIUM" "fluid-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "floating-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "filr-protection 1.2.5 Editor+.Stored.XSS LOW" "filr-protection 1.2.3.6 Author+.RCE.via.file.upload.with.phar.ext CRITICAL" "filr-protection 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "filr-protection 1.2.2.1 Secure.Document.Library.<.1.2.2.1.-.Subscriber+.AJAX.Calls CRITICAL" "filr-protection 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-wp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-wp No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "flaming-forms No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flaming-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "flaming-forms No.known.fix Reflected.XSS HIGH" "facebook-pagelike-widget 6.4 Admin+.Stored.XSS LOW" "fontsy No.known.fix Multiple.Unauthenticated.SQLi HIGH" "frontend-uploader No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "fifthsegment-whitelist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "font-awesome-integration No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fluent-support 1.8.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "fluent-support 1.8.1 Insufficient.Authorization.on.Email.Verification MEDIUM" "fluent-support 1.7.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "fluent-support 1.5.8 Admin+.SQLi MEDIUM" "food-recipes 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "food-recipes 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-image-adder No.known.fix Unauthenticated.Remote.File.Upload CRITICAL" "fancy-facebook-comments 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "fancy-facebook-comments 1.2.15 Contributor+.Stored.XSS MEDIUM" "fancy-facebook-comments 1.2.11 Contributor+.Stored.XSS MEDIUM" "foopeople No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foopeople No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foobar-notifications-lite 2.1.32 Reflected.Cross-Site.Scripting MEDIUM" "foobar-notifications-lite 2.1.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "filebird-document-library 2.0.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "free-facebook-reviews-and-recommendations-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "fv-descriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "facebook-for-woocommerce 1.9.15 CSRF.allowing.Option.Update HIGH" "find-your-reps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "follow-me No.known.fix Stored.XSS.via.CSRF MEDIUM" "fruitcake-horsemanager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "fence-url No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "frontend-dashboard 2.2.5 Authenticated.(Subscriber+).Arbitrary.Function.Call HIGH" "frontend-dashboard 2.2.4 Frontend.Dashboard.<.2,2,4.- MEDIUM" "frontend-dashboard 2.2.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formscrm 3.6 Reflected.Cross-Site.Scripting MEDIUM" "feed-instagram-lite 1.0.0.29 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "feedfocal 1.3.0 Unauthenticated.Tracking.Code.Update MEDIUM" "fullworks-anti-spam 1.3.10 Reflected.Cross-Site.Scripting MEDIUM" "fullworks-anti-spam 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "folder-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexible-coupons 1.10.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "find-and-replace-all No.known.fix Arbitrary.Replacement.via.CSRF HIGH" "find-and-replace-all 1.3 Reflected.Cross.Site.Scripting MEDIUM" "formafzar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "furnob-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "forms-gutenberg No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-gutenberg 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "formello 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "flash-video-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "fullworks-ice-ide-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-ice-ide-integration No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fitness-calculators 2.0.9 Admin+.Stored.XSS LOW" "fitness-calculators 1.9.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.(XSS) HIGH" "facebook-page-feed-graph-api 1.9.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "go-fetch-jobs-wp-job-manager 1.8.4.5 Reflected.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-wp-job-manager 1.7.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "go-viral No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "go-viral 1.8.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gf-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "goolytics-simple-google-analytics 1.1.2 Simple.Google.Analytics.<.1.1.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_unset_default_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_delete_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_set_default_card MEDIUM" "guten-free-options No.known.fix Reflected.XSS HIGH" "giveaways-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "giveaways-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "google-cse No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "google-cse No.known.fix Admin+.Stored.XSS LOW" "google-image-sitemap No.known.fix Map.generation.through.CSRF MEDIUM" "gourl-bitcoin-payment-gateway-paid-downloads-membership 1.4.14 Shell.Upload HIGH" "gestion-pymes No.known.fix Admin+.Stored.XSS LOW" "guest-author 2.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "guest-author 2.4 Contributor+.Stored.XSS MEDIUM" "google-mobile-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "geoflickr 1.4 Reflected.Cross-Site.Scripting MEDIUM" "get-your-number No.known.fix Admin+.Stored.XSS LOW" "grid-shortcodes 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grid-shortcodes 1.1.1 Contributor+.Stored.XSS MEDIUM" "google-language-translator 6.0.12 Google.Language.Translator.<.6.0.12.-.Admin+.Stored.Cross-Site.Scripting LOW" "google-language-translator 6.0.10 Authenticated.Cross-Site.Scripting.(XSS) LOW" "google-language-translator 6.0.10 Authenticated.(author+).Cross-Site.Scripting.(XSS) MEDIUM" "google-language-translator 5.0.06 XSS MEDIUM" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_do_shortcode().Function HIGH" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_ajax_get_logs.Function HIGH" "gamipress 7.2.2 Unauthenticated.SQL.Injection.via.orderby.Parameter HIGH" "gamipress 7.1.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_get_user_earnings HIGH" "gamipress 6.8.9 Broken.Access.Control LOW" "gamipress 6.8.6 Cross-Site.Request.Forgery MEDIUM" "gamipress 6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gamipress 6.8.7 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "gamipress 2.5.7.1 Unauthenticated.SQLi HIGH" "gf-infusionsoft 1.1.5 Reflected.Cross-Site.Scripting HIGH" "gtg-advanced-blocks No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gsheetconnector-ninja-forms-pro 1.5.2 Reflected.XSS HIGH" "gutentor 3.4.4 Contributor+.Stored.XSS MEDIUM" "gutentor 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "gutentor 3.3.6 Gutenberg.Blocks.-.Page.Builder.for.Gutenberg.Editor.<.3.3.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutentor 3.3.6 Contributor+.Stored.XSS MEDIUM" "gutentor 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "green-wp-telegram-bot-by-teplitsa No.known.fix Telegram.Bot.for.WP.<=.1.3.-.Telegram.Bot.Token.Disclosure HIGH" "gdpr-personal-data-reports No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-books-showcase 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-books-showcase 1.3.1 Contributor+.Stored.XSS MEDIUM" "get-post-content-shortcode No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.post_content.Shortcode MEDIUM" "guten-post-layout 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "grand-media 1.20.0 Admin+.Stored.Cross-Site.Scripting LOW" "grand-media 1.18.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "gsheetconnector-ninja-forms 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-ninja-forms 1.2.7 Reflected.XSS HIGH" "gsheetconnector-ninja-forms 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "giphypress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gamipress-reset-user 1.0.1 Reset.User.<=.1.0.0.-.GamiPress.User.Data.Removal.via.CSRF MEDIUM" "geo-mashup 1.13.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.geo_mashup_visible_posts_list.Shortcode MEDIUM" "geo-mashup 1.13.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.12 Reflected.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-mashup 1.10.4 Unspecified.Cross-Site.Scripting.(XSS) CRITICAL" "gsheetconnector-wpforms 3.4.6 Reflected.XSS HIGH" "google-shortlink 1.5.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "get-post-custom-taxonomy-term-shortcode No.known.fix CSRF.Bypass NONE" "gravity-forms-pdf-extended 6.3.1 Reflected.Cross-Site.Scripting MEDIUM" "getwid 2.1.12 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "getwid 2.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getwid 2.0.11 Missing.Authentication.to.MailChimp.API.key.update MEDIUM" "getwid 2.0.11 Missing.Authorization.to.Google.API.key.update MEDIUM" "getwid 2.0.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'Countdown' MEDIUM" "getwid 2.0.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Block.Content MEDIUM" "getwid 2.0.5 Captcha.Bypass MEDIUM" "getwid 2.0.5 Missing.Authorization.to.Recaptcha.API.Key.Modification MEDIUM" "getwid 2.0.3 Unauthenticated.Arbitrary.Email.Sending.to.Admin MEDIUM" "getwid 1.8.4 Subscriber+.SSRF MEDIUM" "gwolle-gb 4.7.2 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 2.5.4 Cross-Site.Scripting.(XSS) MEDIUM" "gwolle-gb 2.1.1 Cross-Site.Request.Forgery.(CSRF) CRITICAL" "graphcomment-comment-system 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "gmaps-for-visual-composer-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gift-certificate-creator 1.1 Stored.XSS MEDIUM" "gf-freshdesk 1.2.9 Reflected.Cross-Site.Scripting HIGH" "genealogical-tree 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "genealogical-tree 2.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "glass No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "gmap-point-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gulri-slider 3.5.9 Reflected.Cross-Site.Scripting MEDIUM" "gold-addons-for-elementor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).License.Activation/Deactivation MEDIUM" "gold-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gift-up 2.22 Settings.Update.via.CSRF MEDIUM" "gift-up 2.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "graph-lite No.known.fix Missing.Authorization MEDIUM" "gp-premium 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "gutenslider 5.10.2 Reflected.Cross-Site.Scripting MEDIUM" "gutenslider 5.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gutenslider 5.2.0 Contributor+.Stored.XSS MEDIUM" "gs-instagram-portfolio No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Injection MEDIUM" "gs-instagram-portfolio 1.4.5 Contributor+.Stored.XSS MEDIUM" "gpx-viewer 2.2.10 Subscriber+.Arbitrary.File.Creation HIGH" "gyta-buyback 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "gyta-buyback 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "grid-view-gallery No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "gecka-terms-thumbnails No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "google-analytics-opt-out 2.3.5 Admin+.Stored.XSS LOW" "gravity-forms-sms-notifications 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "gt3-photo-video-gallery 2.7.7.25 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.25.-.Reflected.Cross-Site.Scripting MEDIUM" "gt3-photo-video-gallery 2.7.7.22 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.22.-.Authenticated.(Author+).Cross-Site.Scripting MEDIUM" "google-apps-login 3.4.5 Admin+.Stored.XSS LOW" "gotowp No.known.fix Contributor+.Stored.XSS MEDIUM" "gs-testimonial 3.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-testimonial 1.9.7 Contributor+.Stored.XSS MEDIUM" "gs-testimonial 1.9.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "geodatasource-country-region-dropdown 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "generateblocks 1.8.3 Contributor+.Arbitrary.Draft/Private.Post.Access LOW" "generateblocks 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "google-sitemap-generator 4.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "google-sitemap-generator 4.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "geo-targetly-geo-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-jobengine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "go-fetch-jobs-jobengine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "genesis-columns-advanced 2.0.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gianism 5.2.1 Admin+.Stored.XSS LOW" "goqsmile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-adsense-and-hotel-booking No.known.fix Open.Proxy CRITICAL" "get-cash 3.2 Reflected.Cross-Site.Scripting MEDIUM" "google-calendar-events 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "google-calendar-events 3.2.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "google-calendar-events 3.2.5 Cross-Site.Request.Forgery.via.duplicate_feed MEDIUM" "google-calendar-events 3.2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "geodirectory 2.3.85 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.71 Missing.Authorization.via.geodirectory_rated() MEDIUM" "geodirectory 2.3.62 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "geodirectory 2.3.49 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'gd_single_tabs'.Shortcode MEDIUM" "geodirectory 2.3.29 Authenticated(Administrator+).SQL.Injection MEDIUM" "geodirectory 2.3.29 Authenticated.(Administrator+).SQL.Injection.via.orderby HIGH" "geodirectory 2.2.24 Admin+.SQLi MEDIUM" "geodirectory 2.2.22 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "geodirectory 2.1.1.3 Authenticated.(admin+).Stored.Cross-Site.Scripting.(XSS) MEDIUM" "gfirem-fields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-fields No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-fields No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "game-server-status No.known.fix Admin+.SQL.Injection MEDIUM" "game-server-status No.known.fix Contributor+.SQL.Injection HIGH" "game-server-status No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "galleria No.known.fix Cross-Site.Request.Forgery MEDIUM" "gwa-autoresponder No.known.fix Unauthenticated.SQL.Injection HIGH" "gallery-videos 2.4.3 Authenticated.(Administrator+).SQL.Injection HIGH" "gallery-videos 2.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-videos 2.2.6 Admin+.SQLi MEDIUM" "gallery-videos 1.7.7 Admin+.Stored.XSS LOW" "giveasap 2.46.1 CSRF MEDIUM" "giveasap 2.46.1 Reflected.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.XSS LOW" "giveasap 2.45.1 Editor+.Stored.Cross-Site.Scripting MEDIUM" "giveasap 2.42.1 Unauthorised.AJAX.Calls.via.Freemius HIGH" "giveasap 2.36.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "gs-portfolio 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-portfolio 1.6.1 Contributor+.Stored.XSS MEDIUM" "google-visualization-charts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-captcha 1.28 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gd-rating-system 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.extra_class.Parameter MEDIUM" "gd-rating-system 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "gd-rating-system 3.5.1 Unauthenticated.Stored.Cross-Site.Scripting.via.IP MEDIUM" "gd-rating-system 2.3.1 Multiple.Vulnerabilities HIGH" "gd-rating-system 2.1 XSS MEDIUM" "golf-tracker No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "gmap-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goodlayers-core 2.1.3 Subscriber+.Stored.XSS.via.SVG.Upload HIGH" "goodlayers-core 2.0.10 Contributor+.Stored.XSS MEDIUM" "goodlayers-core 2.0.8 Reflected.Cross-Site.Scripting.via.'font-family' MEDIUM" "gplus-comments No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-caldera-forms 1.3 Access.Code.Update.via.CSRF MEDIUM" "gallery-images 2.0.6 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "gold-price-chart-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "gettext-override-translations 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "goauth No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goauth 2.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "garden-gnome-package 2.4.0 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "garden-gnome-package 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "garden-gnome-package 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gallery-metabox No.known.fix Subscriber+.Unauthorized.Data.Access MEDIUM" "gallery-metabox No.known.fix Gallery.Removal.via.CSRF MEDIUM" "gallery-images-ape No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-images-ape No.known.fix Contributor+.Stored.XSS MEDIUM" "global-elementor-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.button.link MEDIUM" "google-document-embedder No.known.fix Authenticated.(Contributor+).Blind.Server.Side.Request.Forgery MEDIUM" "google-document-embedder 2.6.2 CSRF.&.XSS MEDIUM" "google-document-embedder 2.6.1 XSS MEDIUM" "greencon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gravity-forms-toolbar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gd-mylist No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gs-woo-variation-swatches 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "ghactivity No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gf-constant-contact 1.0.6 Reflected.Cross-Site.Scripting HIGH" "gallery-bank 4.0.19 Reflected.Cross-Site.Scripting MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Gallery.Description MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Media.Upload.Module MEDIUM" "gallery-bank 3.0.330 Authenticated.Blind.SQL.Injection MEDIUM" "gs-team-members 2.2.4 Contributor+.Stored.XSS MEDIUM" "gs-team-members 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "gs-team-members 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gsheetconnector-for-elementor-forms-pro 1.0.5 Reflected.XSS HIGH" "gf-insightly 1.0.7 Reflected.Cross-Site.Scripting HIGH" "glossary-by-codeat 2.2.27 Unauthenticated.Full.Path.Disclosure MEDIUM" "glossary-by-codeat 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "glossary-by-codeat 2.1.28 Contributor+.Stored.XSS MEDIUM" "glossary-by-codeat 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geotagged-media No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geotagged-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.7.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.7.0 Author+.SQL.Injection MEDIUM" "gallery-plugin 4.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "glomex-oembed 0.9.2 Contributor+.Stored.XSS MEDIUM" "gd-security-headers 1.7.1 Admin+.SQLi MEDIUM" "gd-security-headers 1.7 Reflected.XSS HIGH" "ghost 1.5.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ghost 0.5.6 Unrestricted.Export.Download MEDIUM" "giveaway No.known.fix Authenticated.SQL.Injection HIGH" "gamipress-link 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-and-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "godaddy-email-marketing-sign-up-forms 1.1.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "gn-publisher 1.5.6 Reflected.XSS HIGH" "gift-cards-for-woocommerce-pro 2.9.2 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "gf-zoho 1.1.6 Reflected.Cross-Site.Scripting HIGH" "gmace No.known.fix Arbitrary.File.Creation/Deletion/Update.via.CSRF HIGH" "gmace No.known.fix Admin+.Path.Traversal MEDIUM" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.8.4 Arbitrary.Post.Deletion.and.Plugin's.Settings.Update.via.CSRF MEDIUM" "gmap-embed 1.8.1 Subscriber+.Arbitrary.Post.Deletion.and.Plugin's.Settings.Update MEDIUM" "gmap-embed 1.8.1 Subscriber+.Map.Creation/Update/Deletion MEDIUM" "gmap-embed 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "gmw-premium-settings 3.1 Admin+.Arbitrary.File.Upload MEDIUM" "gsheetconnector-gravity-forms 1.3.5 Access.Code.Update.via.CSRF MEDIUM" "google-maps-travel-route No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "gm-woo-product-list-widget No.known.fix Reflected.XSS HIGH" "google-plus-share-and-plusone-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "gdpr-cookie-compliance 4.12.5 License.Update/Deactivation.via.CSRF MEDIUM" "groundhogg 3.7.3.6 Authenticated.(Author+).Arbitrary.File.Upload.via.gh_big_file_upload.Function HIGH" "groundhogg 3.7.3.4 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Cross-Site.Request.Forgery MEDIUM" "groundhogg 2.7.11.11 Admin+.Stored.XSS LOW" "groundhogg 2.7.11.1 CSRF MEDIUM" "groundhogg 2.7.11.1 Admin+.SQLi MEDIUM" "groundhogg 2.7.10 Disable.All.Plugins.via.CSRF MEDIUM" "groundhogg 2.7.10 Ticket.Creation.via.CSRF MEDIUM" "groundhogg 2.7.10 Lack.of.Authorization.for.Non-Arbitrary.File.upload MEDIUM" "groundhogg 2.7.10 Contributor+.Stored.XSS MEDIUM" "groundhogg 2.7.10 Privilege.Escalation.via.CSRF HIGH" "groundhogg 2.7.9.4 Admin+.SQLi MEDIUM" "groundhogg 1.3.11.8 Authenticated.SQL.Injection HIGH" "google-typography No.known.fix Missing.Authorization MEDIUM" "gallery-with-thumbnail-slider 6.1 Contributor+.Stored.XSS MEDIUM" "graphina-elementor-charts-and-graphs 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "graphina-elementor-charts-and-graphs 1.8.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "greenshift-animation-and-page-builder-blocks 9.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Server-Side.Request.Forgery.and.Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 9.9.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "greenshift-animation-and-page-builder-blocks 9.8 Missing.Authorization MEDIUM" "greenshift-animation-and-page-builder-blocks 9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 7.6.3 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "greenshift-animation-and-page-builder-blocks 4.3 Reflected.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0.0 Author+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0 Contributor+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 4.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "greenshift-animation-and-page-builder-blocks 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravity-file-ajax-upload-free No.known.fix Arbitrary.File.Upload CRITICAL" "g-meta-keywords No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gotmls 4.23.56 Unauthenticated.Remote.Code.Execution CRITICAL" "gotmls 4.21.83 Reflected.Cross-Site.Scripting MEDIUM" "gotmls 4.20.96 Reflected.Cross-Site.Scripting LOW" "gotmls 4.20.94 Admin+.Reflected.Cross-Site.Scripting LOW" "gtmetrix-for-wordpress 0.4.8 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "gtmetrix-for-wordpress 0.4.6 Reflected.Cross-Site.Scripting HIGH" "gtmetrix-for-wordpress 0.4.6 Reflected.XSS HIGH" "gamipress-vimeo-integration 1.0.9 Contributor+.Stored.XSS MEDIUM" "google-one 1.3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gallery-lightbox-slider 1.0.0.41 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gp-unique-id 1.5.6 Unauthenticated.Form.Submission.Unique.ID.Modification LOW" "gallery-album No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "gallery-album No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Unauthenticated.Stored.XSS HIGH" "gallery-album No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-album No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "gallery-album 2.0.2 Reflected.XSS HIGH" "gallery-album 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "gallery-album 1.2.1 Admin+.SQLi MEDIUM" "gum-elementor-addon 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Price.Table.and.Post.Slider.Widgets MEDIUM" "gum-elementor-addon 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta.Widget MEDIUM" "gou-wc-account-tabs 1.0.1.9 Missing.Authorization MEDIUM" "giga-messenger-bots No.known.fix Reflected.XSS HIGH" "globe-gateway-e4 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "google-analytics-for-wordpress 8.22.0 Missing.Authorization MEDIUM" "google-analytics-for-wordpress 8.14.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.12.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.9.1 Stored.Cross-Site.Scripting.via.Google.Analytics MEDIUM" "generatepress-premium 2.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Meta MEDIUM" "google-docs-rsvp-guestlist No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gravity-forms-multiple-form-instances 1.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "gps-plotter No.known.fix Admin+.Stored.XSS LOW" "gs-woocommerce-products-slider 1.5.9 Contributor+.Stored.XSS MEDIUM" "gsheetconnector-forminator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-org-chart No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gmo-social-connection No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gd-bbpress-attachments 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "gd-bbpress-attachments 4.4 Admin+.Stored.XSS LOW" "gtm-server-side 2.1.20 Reflected.Cross-Site.Scripting MEDIUM" "gf-salesforce-crmperks 1.2.6 Reflected.Cross-Site.Scripting HIGH" "git-sync No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "glorious-sites-installer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glorious-sites-installer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "genesis-style-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gboy-custom-google-map No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "google-maps-advanced No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "greenshiftwoo 1.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "gdpr-consent-manager 1.0.1 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "genesis-blocks 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sharing.Block.Attributes MEDIUM" "genesis-blocks 3.1.4 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "gf-hubspot 1.0.9 Reflected.Cross-Site.Scripting HIGH" "gallery-image-gallery-photo 1.1.6 Grid.Gallery.<.1.1.6.-.Admin+.Stored.Cross-Site.Scripting LOW" "gdpr-cookie-consent 3.6.6 Missing.Authorization.to.Authenticated.(Subscriber+).Whitelist.Script MEDIUM" "gdpr-cookie-consent 3.3.0 Unauthenticated.Stored.Cross-Site.Scripting.via.Client-IP.header HIGH" "gdpr-cookie-consent 3.1.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "gg-woo-feed 1.2.7 Missing.Authorization MEDIUM" "gg-woo-feed No.known.fix Unauthenticated.Settings.Update MEDIUM" "google-website-translator 1.4.12 Google.Website.Translator.<.1.4.12.-.Authenticated.(Admin+).PHP.Object.Injection CRITICAL" "guardgiant No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guardgiant 2.2.6 Admin+.SQLi MEDIUM" "google-places-reviews 2.0.0 Admin+.Stored.Cross.Site.Scripting LOW" "gerryworks-post-by-mail No.known.fix Contributor+.Privilege.Escalation HIGH" "gsheetconnector-easy-digital-downloads 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-easy-digital-downloads 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_prompts HIGH" "gpt3-ai-content-generator 1.8.97 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_ai_forms HIGH" "gpt3-ai-content-generator 1.8.97 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "gpt3-ai-content-generator 1.8.90 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gpt3-ai-content-generator 1.8.67 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.8.13 Cross-Site.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.3 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "gpt3-ai-content-generator 1.7.38 Reflected.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.4.38 Subscriber+.Arbitrary.Post.Content.Update MEDIUM" "gs-envato-portfolio 1.4.0 Contributor+.Stored.XSS MEDIUM" "greeklish-permalink 3.5 Unauthenticated.Post.Slug.Update MEDIUM" "goods-catalog No.known.fix Contributor+.Stored.XSS MEDIUM" "googleanalytics 2.5.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gallery-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getyourguide-ticketing 1.0.4 Admin+.Stored.XSS LOW" "gym-management 67.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gym-management 67.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "gravatarlocalcache No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "generate-dummy-posts No.known.fix Missing.Authorization MEDIUM" "glofox-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "giveaways-contests-by-promosimple No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "give 3.19.4 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.3 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.0 Reflected.XSS HIGH" "give 3.16.4 Unauthenticated.PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "give 3.16.2 Unauthenticated.PHP.Object.Injection CRITICAL" "give 3.16.2 Authenticated.(GiveWP.Manager+).SQL.Injection.via.order.Parameter MEDIUM" "give 3.16.0 Cross-Site.Request.Forgery MEDIUM" "give 3.16.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "give 3.14.0 Missing.Authorization.to.Limited.Information.Exposure MEDIUM" "give 3.14.2 Unauthenticated.PHP.Object.Injection.to.RCE CRITICAL" "give 3.14.2 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.File.Deletion MEDIUM" "give 3.14.0 Missing.Authorization.to.Unauthenticated.Event.Settings.Update MEDIUM" "give 3.14.0 Insecure.Direct.Object.Reference.to.Authenticated.(GiveWP.Worker+).Arbitrary.Post.Actions MEDIUM" "give 3.12.1 Reflected.Cross-Site.Scripting MEDIUM" "give 3.11.0 Contributor+.Stored.XSS MEDIUM" "give 3.5.0 Authenticated.(GiveWP.Manager+).PHP.Object.Injection HIGH" "give 3.7.0 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "give 3.6.0 Contributor+.Stored.XSS MEDIUM" "give 3.4.0 Reflected.Cross-Site.Scripting HIGH" "give 3.3.0 Contributor+.Stored.XSS MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.Stripe.Integration.Deletion MEDIUM" "give 2.33.2 Missing.Authorization.via.handleBeforeGateway MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.installation MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.deactivation MEDIUM" "give 2.33.1 Donation.Plugin.<.2.33.1.-.Authenticated(Give.Manager+).Privilege.Escalation HIGH" "give 2.25.3 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Contributor+.Arbitrary.Content.Deletion MEDIUM" "give 2.25.2 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Author+.Stored.Cross-Site.Scripting MEDIUM" "give 2.25.2 Admin+.Server-Side.Request.Forgery MEDIUM" "give 2.25.2 Contributor+.Stored.XSS MEDIUM" "give 2.24.1 Unauthenticated.SQLi HIGH" "give 2.24.0 Contributor+.Stored.XSS MEDIUM" "give 2.21.0 Manager+.Arbitrary.File.Access.via.Export MEDIUM" "give 2.21.0 Manager+.Arbitrary.File.Creation.via.Export HIGH" "give 2.21.3 DoS.via.CSRF LOW" "give 2.21.3 Admin+.Stored.Cross-Site.Scripting LOW" "give 2.21.0 Reflected.Cross-Site.Scripting MEDIUM" "give 2.21.0 Donor.Information.Disclosure MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Donation.Forms.Dashboard HIGH" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Import.Tool MEDIUM" "give 2.17.3 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "give 2.12.0 Admin+.Stored.XSS MEDIUM" "give 2.10.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "give 2.10.0 Reflected.Cross.Site.Scripting.(XSS) HIGH" "give 2.5.10 Multiple.Issues HIGH" "give 2.5.5 Authentication.Bypass HIGH" "give 2.5.1 SQL.Injection CRITICAL" "give 2.4.7 Stored.XSS MEDIUM" "give 2.3.1 Cross-Site.Scripting.(XSS) MEDIUM" "google-listings-and-ads 2.8.7 Information.Disclosure.via.Publicly.Accessible.PHP.Info.File MEDIUM" "gamipress-button 1.0.8 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "get-a-quote-button-for-woocommerce 1.5 Unauthenticated.Arbitrary.Shortcode.Execution.via.fire_contact_form HIGH" "gatormail-smart-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gracemedia-media-player No.known.fix Local.File.Inclusion.(LFI) CRITICAL" "greenshiftquery 3.9.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "google-map-professional No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "google-map-professional No.known.fix Reflected.XSS HIGH" "geolocator No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "goqmieruca No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gigpress No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "gigpress No.known.fix Subscriber+.SQLi HIGH" "gigpress 2.3.28 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gigpress 2.3.11 Authenticated.XSS.&.Blind.SQLi HIGH" "grid-kit-premium 2.2.0 Multiple.Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "gravity-forms-sticky-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-sticky-list No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravity-forms-sticky-list No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "google-pagespeed-insights 4.0.7 Multiple.CSRF MEDIUM" "google-pagespeed-insights 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "global-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gs-pinterest-portfolio 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-pinterest-portfolio 1.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shorcode MEDIUM" "gs-pinterest-portfolio 1.8.1 Missing.Authorization.via._update_shortcode MEDIUM" "gwyns-imagemap-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-action-after No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-action-after No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "giveaway-boost No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection LOW" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection MEDIUM" "google-analyticator 6.4.9.6 Multiple.Cross-Site.Scripting.(XSS) HIGH" "google-analyticator 6.4.9.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "gs-projects 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goal-tracker-ga 1.0.11 Reflected.Cross-Site.Scripting MEDIUM" "good-reviews-wp 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Review.URL MEDIUM" "gAppointments No.known.fix Admin+.Stored.XSS LOW" "gAppointments 1.10.0 Reflected.Cross-Site.Scripting HIGH" "gallery-photo-gallery 5.7.1 Administrator+.HTML.Injection MEDIUM" "gallery-photo-gallery 5.5.3 Reflected.Cross-Site.Scripting MEDIUM" "gallery-photo-gallery 5.2.7 CSRF MEDIUM" "gallery-photo-gallery 5.1.4 Reflected.XSS HIGH" "gallery-photo-gallery 5.1.7 Reflected.XSS MEDIUM" "gallery-photo-gallery 4.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gallery-photo-gallery 4.4.4 Responsive.Image.Gallery.<.4.4.4.-.Authenticated.Blind.SQL.Injections HIGH" "gallery-photo-gallery 1.0.1 SQL.Injection CRITICAL" "gf-multi-uploader No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "gallery-for-ultimate-member 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "gallery-for-ultimate-member 1.1.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "gamepress No.known.fix Reflected.Cross-Site.Scripting HIGH" "gixaw-chat No.known.fix Stored.XSS.via.CSRF HIGH" "gutensee 1.0.7 Contributor+.Stored.XSS MEDIUM" "get-custom-field-values 4.1 Admin+.Stored.XSS LOW" "get-custom-field-values 4.0 Contributors+.Arbitrary.Post.Metadata.Access MEDIUM" "get-custom-field-values 4.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "grid-plus No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.via.grid_plus_load_by_category HIGH" "grid-plus 1.3.3 Subscriber+.Grid.Layout.Creation/Deletion/Update MEDIUM" "grid-plus 1.3.4 Subscriber+.Local.File.Inclusion MEDIUM" "grid-plus 1.3.5 Reflected.XSS HIGH" "google-sitemap-plugin 3.0.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gsearch-plus No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "g-business-reviews-rating 5.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "google-news-sitemap No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "genki-pre-publish-reminder No.known.fix Stored.XSS.&.RCE.via.CSRF HIGH" "g-auto-hyperlink No.known.fix Admin+.SQL.Injection MEDIUM" "graphicsly No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "good-bad-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "geounit-maps 0.0.7 Reflected.Cross-Site.Scripting MEDIUM" "google-maps-widget 4.25 Admin+.Stored.XSS LOW" "genoo 6.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ga-for-wp 2.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ga-for-wp 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gc-testimonials No.known.fix Contributor+.Stored.XSS MEDIUM" "geo-request No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-request No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "geoportail-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geoportail-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gaxx-keywords No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting HIGH" "gdpr-data-request-form 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gtranslate 3.0.4 Admin+.Stored.XSS LOW" "gtranslate 2.9.9 CSRF.to.Account.Takeover HIGH" "gtranslate 2.9.7 Reflected.Cross-Site.Scripting LOW" "gtranslate 2.8.65 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gtranslate 2.8.52 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "greenwallet-gateway 1.0.2 Reflected.Cross.Site.Scripting.in.checkout.page MEDIUM" "glossy No.known.fix Reflected.XSS HIGH" "gwebpro-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "get-a-quote-for-woocommerce No.known.fix Unauthenticated.Quote.PDF.and.CSV.Download MEDIUM" "gumroad No.known.fix Contributor+.Stored.XSS MEDIUM" "get-directions 2.16.2 Reflected.Cross-Site.Scripting MEDIUM" "get-directions 2.15.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "great-quotes No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "guestofy-restaurant-reservations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guestofy-restaurant-reservations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-site-kit 1.8.0 Privilege.Escalation.to.gain.Search.Console.Access CRITICAL" "guest-author-affiliate 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "guest-author-affiliate 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gallery-by-supsystic 1.15.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-by-supsystic 1.15.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Arbitrary.Image.Adding.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "generate-child-theme 2.0.1 Cross-Site.Request.Forgery.via.process_create_form() MEDIUM" "generate-child-theme 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "go-dash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "goftino 1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "gf-dynamics-crm 1.0.8 Reflected.Cross-Site.Scripting HIGH" "grid-accordion-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gwp-histats No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "get-site-to-phone-by-qr-code No.known.fix Stored.XSS.via.CSRF MEDIUM" "goodlms 2.1.5 Unauthenticated.SQL.Injection CRITICAL" "googmonify No.known.fix CSRF.&.XSS MEDIUM" "goanimate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "greek-namedays-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gf-custom-style No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gutenverse 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.1 Contributor+.Stored.XSS MEDIUM" "goodbarber 1.0.24 Settings.Update.via.CSRF MEDIUM" "gsheetconnector-gravityforms-pro 4.3.6 Access.Code.Update.via.CSRF MEDIUM" "go-social No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gradient-text-widget-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "guild-armory-roster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "generic-elements-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-compliance No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "generate-pdf-using-contact-form-7 3.6 Admin+.Stored.Cross-Site.Scripting LOW" "gdreseller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gdreseller No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "googledrive-folder-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gutenberg 18.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Template.Part.Block MEDIUM" "gutenberg 18.01 18.0.0.-.Unauthenticated.&.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Avatar.Block MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS.via.Navigation.Links.Block MEDIUM" "gutenberg 14.3.1 Multiple.Stored.XSS LOW" "gutenberg 12.7.2 Prototype.Pollution.via.Gutenberg’s.wordpress/url.package MEDIUM" "gutenberg 12.7.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gistpress 3.0.2 Authenticated.Stored.XSS MEDIUM" "gravityforms 2.9.2 Unauthenticated.Stored.Cross-Site.Scripting.via.'alt'.parameter HIGH" "gravityforms 2.9.2 2.9.1.3.-.Unauthenticated.Stored.Cross-Site.Scripting.via.'style_settings'.parameter MEDIUM" "gravityforms 2.7.5 Reflected.XSS HIGH" "gravityforms 2.7.4 Unauthenticated.PHP.Object.Injection HIGH" "gravityforms 2.4.9 Hashed.Password.Leakage LOW" "glorious-services-support 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "glorious-services-support 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "goldstar No.known.fix Missing.Authorization MEDIUM" "google-analytics-dashboard-for-wp 8.2.0 Missing.Authorization MEDIUM" "google-analytics-dashboard-for-wp 7.14.2 Contributor+.Stored.XSS MEDIUM" "google-analytics-dashboard-for-wp 7.12.1 Contributor+.Stored.XSS MEDIUM" "gocodes No.known.fix Authenticated.XSS.&.Blind.SQL.Injection HIGH" "gallery-factory-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "gseor No.known.fix Authenticated.SQL.Injection MEDIUM" "gf-block-ips 1.0.2 Cross-Site.Request.Forgery MEDIUM" "gs-dribbble-portfolio 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gm-woocommerce-quote-popup 3.1 Arbitrary.Enquiry.Deletion.via.CSRF MEDIUM" "gm-woocommerce-quote-popup 3.1 Admin+.Stored.XSS LOW" "gm-woocommerce-quote-popup 3.1 Cross-Site.Request.Forgery MEDIUM" "gm-woocommerce-quote-popup 3.1 Unauthenticated.Stored.XSS HIGH" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gregs-high-performance-seo 1.6.2 Reflected.XSS MEDIUM" "gutenkit-blocks-addon 2.1.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "grey-owl-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getresponse 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "gnucommerce 1.4.2 XSS MEDIUM" "gnucommerce 0.5.7-beta XSS MEDIUM" "gallery-from-files No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gallery-from-files No.known.fix Unauthenticated.RCE CRITICAL" "global-multisite-search No.known.fix CSRF.Bypass MEDIUM" "google-maps-anywhere No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "google-map-shortcode No.known.fix Settings.Update.via.CSRF MEDIUM" "google-map-shortcode No.known.fix Reflected.XSS HIGH" "google-map-shortcode No.known.fix Contributor+.Stored.XSS HIGH" "gsheetconnector-for-elementor-forms 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-for-elementor-forms 1.0.7 Reflected.XSS HIGH" "global-income-stats-from-freemius No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-income-stats-from-freemius No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "global-income-stats-from-freemius No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gallery-categories 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gtpayment-donation No.known.fix Stored.XSS.via.CSRF HIGH" "goon-plugin-control 1.2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "goon-plugin-control 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "genki-announcement No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geo-my-wp 4.5.1 Missing.Authorization.via.get_field_options_ajax MEDIUM" "geo-my-wp 4.5 Admin+.Arbitrary.File.Upload MEDIUM" "geo-my-wp 4.5.0.4 Reflected.Cross-Site.Scripting MEDIUM" "geo-my-wp 4.5.0.2 Unauthenticated.LFI.to.RCE/PHAR.Deserialization CRITICAL" "geo-my-wp 4.2 Cross-Site.Request.Forgery MEDIUM" "geo-my-wp 4.0.3 Authenticated(Administrator+).SQL.Injection MEDIUM" "geo-my-wp 4.0.1 Contributor+.Stored.XSS MEDIUM" "gsheetconnector-wpforms-pro 2.5.7 Reflected.XSS HIGH" "gdy-modular-content 0.9.93 Reflected.Cross-Site.Scripting MEDIUM" "google-maps-v3-shortcode No.known.fix Contributor+.XSS MEDIUM" "gap-hub-user-role No.known.fix Cross-Site.Request.Forgery MEDIUM" "gs-coach 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-logo-slider 3.7.1 Settings.Update.via.Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.6.9 Admin+.Stored.XSS LOW" "gs-logo-slider 3.5.2 Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.3.8 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "gs-facebook-comments 1.7.4 Missing.Authorization.via.wpfc_allow_comments() MEDIUM" "gallerio No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "google-map-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "genie-wp-favicon No.known.fix Arbitrary.Favicon.Change.via.CSRF MEDIUM" "gd-mail-queue 4.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "gnu-mailman-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.12 Cross-Site.Request.Forgery MEDIUM" "google-maps-easy 1.11.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "google-maps-easy 1.10.1 Admin+.Stored.Cross-Site.Scripting LOW" "google-maps-easy 1.9.32 Reflected.Cross-Site.Scripting MEDIUM" "gift-voucher 4.4.5 Author+.Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gift-voucher 4.4.1 Cross-Site.Request.Forgery MEDIUM" "gift-voucher 4.3.3 Subscriber+.SQLi HIGH" "gift-voucher 4.1.8 Unauthenticated.Blind.SQL.Injection HIGH" "gutenify 1.4.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "getresponse-integration No.known.fix Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.32 Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.21 API.Key.Update.via.CSRF MEDIUM" "ganohrs-toggle-shortcode 0.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-picasa-albums-viewer 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "gravitate-qa-tracker No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "guruwalk-affiliates No.known.fix Admin+.Stored.XSS LOW" "gs-behance-portfolio 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "gfirem-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-advance-search No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "genesis-simple-love No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gantry No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guest-author-name 4.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce 4.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gift-message-for-woocommerce 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "gift-message-for-woocommerce 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-analytics-top-posts-widget 1.5.7 Reflected.XSS MEDIUM" "gdpr-compliance-cookie-consent 1.3 CSRF MEDIUM" "geocache-stat-bar-widget No.known.fix Admin+.Stored.XSS LOW" "gmb-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gutenium No.known.fix Contributor+.Stored.XSS MEDIUM" "gdpr-compliance-by-supsystic No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "htaccess 1.8.2 CSRF.to.edit..htaccess HIGH" "htaccess 1.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "hummingbird-performance 3.9.2 Cross-Site.Request.Forgery MEDIUM" "hummingbird-performance 3.9.2 Missing.Authorization MEDIUM" "hummingbird-performance 3.7.4 Missing.Authorization MEDIUM" "hummingbird-performance 3.4.2 Unauthenticated.Path.Traversal HIGH" "hummingbird-performance 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "hipaatizer 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hub2word No.known.fix Subscriber+.Arbitrary.Options.Update CRITICAL" "ht-slider-for-elementor 1.4.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "html2wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "html2wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "html2wp No.known.fix Subscriber+.Arbitrary.File.Deletion HIGH" "hello-in-all-languages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "horizontal-scrolling-announcement No.known.fix Authenticated.(subscriber+).Blind.SQL.Injection HIGH" "horizontal-scrolling-announcement No.known.fix Horizontal.scrolling.announcement.for.WordPress.<=.9,2.Contributor+.Stored.XSS MEDIUM" "hm-testimonial 1.5 Reflected.Cross-Site.Scripting MEDIUM" "hm-testimonial 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "htaccess-redirect No.known.fix Reflected.Cross-Site.Scripting HIGH" "header-footer-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-virtual-classroom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "heat-trackr 1.01 XSS MEDIUM" "ht-builder 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hestia-nginx-cache 2.4.1 Missing.Authorization MEDIUM" "hide-links No.known.fix Unauthenticated.Shortcode.Execution MEDIUM" "hybrid-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hash-form 1.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Form.Style.Creation MEDIUM" "hash-form 1.2.0 Drag.&.Drop.Form.Builder.<.1.2.0.-.Unauthenticated.Limited.File.Upload MEDIUM" "hash-form 1.1.1 Unauthenticated.Arbitrary.File.Upload.to.Remote.Code.Execution CRITICAL" "hash-form 1.1.1 Unauthenticated.PHP.Object.Injection HIGH" "hero-maps-pro No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hostfact-bestelformulier-integratie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hs-brand-logo-slider No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "homepage-product-organizer-for-woocommerce No.known.fix Subscriber+.SQLi HIGH" "hooked-editable-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hooked-editable-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hits-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "html5-mp3-player-with-mp3-folder-feedburner-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "hotjar-connecticator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hotjar-connecticator No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "h5p-css-editor No.known.fix Reflected.Cross-Site.Scripting HIGH" "hashthemes-demo-importer 1.1.2 Improper.Access.Control.to.Blog.Reset HIGH" "happy-scss-compiler No.known.fix Compile.SCSS.to.CSS.automatically.<=.1.3.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "hm-multiple-roles 1.9 Reflected.Cross-Site.Scripting MEDIUM" "hm-multiple-roles 1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hm-multiple-roles 1.3 Arbitrary.Role.Change CRITICAL" "hide-my-wp 5.3.02 Reflected.Cross-Site.Scripting.via.URL MEDIUM" "hide-my-wp 5.2.02 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.0.20 IP.Address.Spoofing MEDIUM" "holler-box 2.3.3 Admin+.Stored.XSS LOW" "holler-box 2.1.4 Admin+.SQL.Injection MEDIUM" "happy-elementor-addons-pro 2.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons-pro 2.8.1 Reflected.XSS HIGH" "happy-elementor-addons-pro 1.17.0 Contributor+.Stored.XSS MEDIUM" "header-footer-elementor 1.6.47 Contributor+.Stored.XSS.via.Page.Title.Widget MEDIUM" "header-footer-elementor 1.6.46 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "header-footer-elementor 1.6.44 Authenticated.(Contributor+).Information.Disclosure.via.Shortcode MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Site.Title.Widget MEDIUM" "header-footer-elementor 1.6.26.1 Contributor+.Stored.XSS MEDIUM" "header-footer-elementor 1.6.27 Authenticated.(Author+).HTML.Injection MEDIUM" "header-footer-elementor 1.6.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.5.8 Header,.Footer.&.Blocks.Template.<.1.5.8.-.Contributor+.Stored.XSS MEDIUM" "host-analyticsjs-local 4.7.15 Unauthenticated.Settings.Update MEDIUM" "host-analyticsjs-local 4.1.9 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "hide-category-by-user-role-for-woocommerce 2.2 Subscriber+.Arbitrary.Content.Deletion MEDIUM" "heart-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hueman-addons No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "hqtheme-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hqtheme-extra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.IP.Spoofing MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.Post/Page.Content.Disclosure MEDIUM" "hdw-player-video-player-video-gallery No.known.fix Cross-Site.Scripting MEDIUM" "handsome-testimonials 2.1.1 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "hr-management 1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "hoo-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.8 Cross-Site.Request.Forgery MEDIUM" "hercules-core 6.7 Missing.Authorization.to.Settings.Update MEDIUM" "hercules-core 6.5 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "highlight-search-terms-results 1.04 Reflected.Cross-Site.Scripting MEDIUM" "html5-video-player 2.5.36 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.heading.Parameter MEDIUM" "html5-video-player 2.5.35 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "html5-video-player 2.5.33 Missing.Authorization.in.multiple.functions.via.h5vp_ajax_handler MEDIUM" "html5-video-player 2.5.32 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "html5-video-player 2.5.31 Missing.Authorization MEDIUM" "html5-video-player 2.5.27 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.25 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.19 Subscriber+.Stored.XSS HIGH" "highlight-focus No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "hurrytimer 2.11.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Publication MEDIUM" "hurrytimer 2.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "http-headers 1.19.0 Admin+.SSRF MEDIUM" "http-headers 1.19.0 Admin+.Stored.XSS LOW" "http-headers 1.18.11 Admin+.Remote.Code.Execution MEDIUM" "http-headers 1.18.8 Admin+.SQL.Injection MEDIUM" "headline-analyzer 1.3.4 Cross-Site.Request.Forgery MEDIUM" "headline-analyzer 1.3.2 Missing.Authorization.via.REST.APIs MEDIUM" "history-log-by-click5 1.0.13 Admin+.Time-Based.Blind.SQL.Injection MEDIUM" "honeypot 2.1.14 Reflected.XSS HIGH" "honeypot 1.5.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "hq-rental-software No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "hover-video-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hotlink2watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "hyve-lite 1.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "hunk-companion 1.9.0 Unauthenticated.Plugin.Installation CRITICAL" "hunk-companion 1.8.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "help-scout No.known.fix Missing.Authorization MEDIUM" "hitpay-payment-gateway No.known.fix Information.Exposure.via.Log.Files MEDIUM" "hiweb-migration-simple No.known.fix hiWeb.Migration.Simple.<=.2,0,0,1.Reflected.Cross-Site.Scripting HIGH" "html5-mp3-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injecton HIGH" "html5-mp3-player-with-playlist 2.8.0 Full.Path.Disclosure.(FPD) MEDIUM" "happy-elementor-addons 3.15.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison MEDIUM" "happy-elementor-addons 3.12.4 Missing.Authorization MEDIUM" "happy-elementor-addons 3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.3 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "happy-elementor-addons 3.11.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.PDF.View.Widget MEDIUM" "happy-elementor-addons 3.11.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gradient.Heading.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Accordion MEDIUM" "happy-elementor-addons 3.10.9 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Event.Calendar.Widget MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Stack.Group.Widget MEDIUM" "happy-elementor-addons 3.10.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.6 Contributor+.Stored.XSS.via.HTML.Tags MEDIUM" "happy-elementor-addons 3.10.5 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Photo.Stack.Widget MEDIUM" "happy-elementor-addons 3.10.5 Incorrect.Authorization.to.Information.Exposure MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Page.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Calendy MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Meta.Widget MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Archive.Title.Widget MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Missing.Authorization.via.add_row_actions MEDIUM" "happy-elementor-addons 3.10.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons 3.10.0 Contributor+.SSRF LOW" "happy-elementor-addons 3.8.3 Cross-Site.Request.Forgery MEDIUM" "happy-elementor-addons 2.24.0 Contributor+.Stored.XSS MEDIUM" "hd-quiz 1.8.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "hd-quiz 1.8.4 Authenticated.Stored.XSS MEDIUM" "header-image-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hash-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hash-elements 1.4.8 Missing.Authorization.to.Unauthenticated.Draft.Post.Title.Exposure MEDIUM" "hash-elements 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter.in.Multiple.Widgets MEDIUM" "hash-elements 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "horizontal-scrolling-announcements 2.5 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "host-php-info No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Disclosure HIGH" "hana-flv-player No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "hal 2.2 Admin+.Stored.Cross-Site.Scripting LOW" "highlight 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "highlight 0.9.3 Authenticated.Stored.Cross-Site.Scripting LOW" "haxcan No.known.fix Arbitrary.File.Access MEDIUM" "haxcan No.known.fix CSRF.Bypass MEDIUM" "hm-logo-showcase 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "hm-logo-showcase 1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "heureka 1.1.0 Cross-Site.Request.Forgery MEDIUM" "html5-responsive-faq No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "html5-audio-player 2.2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.2.22 Best.WordPress.Audio.Player.Plugin.<.2.2.22.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "html5-audio-player 2.1.12 Contributor+.Stored.XSS MEDIUM" "html5-audio-player 2.1.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "hpbtool No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Secret.URL.Disclosure MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Arbitrary.Settings.Update.via.CSRF MEDIUM" "header-footer-code-manager 1.1.35 Snippets.Activation/Deactivation/Deletion.via.CSRF MEDIUM" "header-footer-code-manager 1.1.24 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.17 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.14 Admin+.SQL.Injections MEDIUM" "hk-filter-and-search 2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "hk-filter-and-search No.known.fix Contributor+.Local.File.Inclusion HIGH" "hungarian-pickup-points-for-woocommerce 1.9.0.3 Multiple.CSRF MEDIUM" "http-auth 1.0.0 Settings.Update.via.CSRF MEDIUM" "horoscope-and-tarot 1.3.1 Contributor+.Stored.XSS MEDIUM" "helpful 4.5.26 Information.Disclosure MEDIUM" "helpful 4.5.15 Votes.Tampering MEDIUM" "helpful 4.4.59 Admin+.Stored.Cross-Site.Scripting LOW" "hack-me-if-you-can No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "html5-maps 1.7.1.5 Arbitrary.Settings.Update.via.CSRF MEDIUM" "html5-maps 1.6.5.7 CSRF.&.XSS HIGH" "hreflang-manager-lite 1.07 Cross-Site.Request.Forgery MEDIUM" "http-https-remover 3.2.4 Subscriber+.Plugin.Installation MEDIUM" "http-https-remover 3.2.4 Plugin.Installation.via.CSRF MEDIUM" "handl-utm-grabber 2.6.5 Authenticated.Option.Change.via.CSRF HIGH" "ht-easy-google-analytics 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ht-easy-google-analytics 1.2.0 Missing.Authorization.to.Unauthenticated.GA4.Email.Update MEDIUM" "ht-easy-google-analytics 1.0.7 Plugin.Activation.via.CSRF MEDIUM" "hotspots No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "helpdeskwp No.known.fix Editor+.Stored.XSS LOW" "helloasso 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.11 Missing.Authorization.to.Authenticated.(Contributor+).Limited.Options.Update MEDIUM" "helloasso 1.1.11 Missing.Authorization MEDIUM" "helloasso 1.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "how-to-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "horizontal-line-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "house-manager No.known.fix Reflected.XSS HIGH" "history-collection No.known.fix Arbitraty.File.Download HIGH" "hebrewdates 2.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "homey-login-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "halfdata-optin-downloads No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "https-links-in-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "homepage-pop-up No.known.fix CSRF MEDIUM" "homepage-pop-up No.known.fix Admin+.Stored.XSS LOW" "helloprint 2.0.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "helloprint 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "hmapsprem 2.2.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "header-footer-code 1.2 Admin+.Stored.XSS LOW" "header-footer-code 1.2 Admin+.Stored.XSS.via.CSS.Styles LOW" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hello-world 2.2.0 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "hello-event-widgets-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-menu-lite 1.2.2 Cross-Site.Request.Forgery MEDIUM" "hostinger 1.9.8 Unauthenticated.Maintenance.Mode.Toggle MEDIUM" "hover-effects 2.1.1 Admin+.LFI MEDIUM" "hotjar 1.0.16 Admin+.Stored.XSS MEDIUM" "hypercomments No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "host-webfonts-local 5.7.10 Unauthenticated.Directory.Deletion.&.Stored.XSS HIGH" "host-webfonts-local 4.5.12 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "host-webfonts-local 4.5.4 Subscriber+.Arbitrary.File/Folder.Deletion CRITICAL" "host-webfonts-local 4.5.4 Unauthenticated.Path.Traversal.in.REST.API MEDIUM" "hyperlink-group-block 1.17.6 Contributor+.Stored.XSS MEDIUM" "hurrakify 8.0.1 Unauthenticated.Server-Side.Request.Forgery HIGH" "html-forms 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "html-forms 1.3.34 Bulk.Delete.via.CSRF MEDIUM" "html-forms 1.3.33 Admin+.Stored.XSS LOW" "html-forms 1.3.30 Admin+.Stored.XSS LOW" "html-forms 1.3.25 Admin+.SQLi MEDIUM" "hb-audio-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "heateor-social-login 1.1.36 Authentication.Bypass HIGH" "heateor-social-login 1.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.33 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "heateor-social-login 1.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.31 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "health-check 1.6.0 CSRF MEDIUM" "health-check 1.2.4 Missing.Authorization.Checks MEDIUM" "hl-twitter No.known.fix Admin+.Stored.XSS.via.Widget LOW" "hl-twitter No.known.fix Settings.Update.via.CSRF MEDIUM" "hl-twitter No.known.fix Unlink.Twitter.Account.via.CSRF MEDIUM" "hitsteps-visitor-manager 5.87 Admin+.Stored.XSS LOW" "hitsteps-visitor-manager 5.87 Arbitrary.Settings.Update.via.CSRF MEDIUM" "honeypot-for-wp-comment No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "honeypot-for-wp-comment No.known.fix Directory.Traversal.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "hrm 2.2.6 Multiple.Issues HIGH" "happiness-reports-for-help-scout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hide-my-site No.known.fix Unauthenticated.Information.Exposure MEDIUM" "helpie-faq 1.28 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.9 Reflected.XSS MEDIUM" "helpie-faq 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "helpie-faq 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "html5-soundcloud-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "hacklog-downloadmanager No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "happyforms 1.26.3 Admin+.Stored.XSS LOW" "happyforms 1.26.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "happyforms 1.25.11 Missing.Authorization MEDIUM" "happyforms 1.25.10 Reflected.Cross-Site.Scripting MEDIUM" "happyforms 1.22.0 Contributor+.Stored.XSS MEDIUM" "hermit No.known.fix Unauthenticated.SQLi HIGH" "hermit No.known.fix Arbitrary.Cache/Source.Deletion.&.Source.Creation.via.CSRF MEDIUM" "hermit No.known.fix Subscriber+.SQLi HIGH" "hermit No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "hotscot-contact-form 1.3 Admin+.SQL.Injection MEDIUM" "hover-image No.known.fix CSRF MEDIUM" "hive-support 1.1.7 Missing.Authorization MEDIUM" "hive-support 1.1.3 Cross-Site.Request.Forgery MEDIUM" "hive-support 1.1.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hive-support 1.1.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ht-portfolio 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "htaccess-file-editor 1.0.20 Unauthenticated.Information.Exposure MEDIUM" "htaccess-file-editor 1.0.19 Missing.Authorization MEDIUM" "hls-player 1.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "h5p 1.15.8 Contributor+.Stored.XSS MEDIUM" "hostel 1.1.5.3 Reflected.XSS HIGH" "hostel 1.1.5.4 Cross-Site.Request.Forgery MEDIUM" "hostel 1.1.5.2 Admin+.Stored.XSS LOW" "hostel 1.1.4 Unauthenticated.Stored.XSS MEDIUM" "hcaptcha-for-forms-and-more 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7-hcaptcha.Shortcode MEDIUM" "hq60-fidelity-card No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hm-cool-author-box-widget 2.9.5 Reflected.Cross-Site.Scripting MEDIUM" "hide-admin-bar-based-on-user-roles 3.5.0 Reflected.Cross-Site.Scripting MEDIUM" "hide-admin-bar-based-on-user-roles 3.1.0 Settings.Update.via.CSRF MEDIUM" "hide-admin-bar-based-on-user-roles 3.0.0 Subscriber+.Settings.Update MEDIUM" "hero-banner-ultimate No.known.fix Author+.Local.File.Inclusion HIGH" "hero-banner-ultimate 1.4 Contributor+.Stored.XSS MEDIUM" "header-enhancement 1.5 Unauthorised.Plugin's.Setting.Change MEDIUM" "hms-testimonials 2.0.11 CSRF MEDIUM" "ht-team-member 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.htteamember.Shortcode MEDIUM" "html5-lyrics-karaoke-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hot-linked-image-cacher No.known.fix Image.upload/cache.abuse.via.CSRF LOW" "hire-me-widget 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "hire-me-widget 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "houzez-theme-functionality 3.2.3 Functionality.<.3.2.3.-.Authenticated.(Seller+).SQL.Injection HIGH" "hola-free-video-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "horizontal-scroll-image-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-comments 1.6.2 Contributor+.Stored.XSS MEDIUM" "hotel-listing 1.3.7 Subscriber+.Privilege.Escalation CRITICAL" "hotel-listing 1.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "houzez-crm 1.4.3 Authenticated.(Seller+).SQL.Injection HIGH" "ht-mega-for-elementor 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block_css.and.inner_css MEDIUM" "ht-mega-for-elementor 2.6.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.template_id MEDIUM" "ht-mega-for-elementor 2.5.8 Authenticated.(Contributor+).JSON.File.Directory.Traversal MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Player.Widget.Settings MEDIUM" "ht-mega-for-elementor 2.5.3 Subscriber+.Options.Update HIGH" "ht-mega-for-elementor 2.5.3 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.&.Popover.Widget MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Justify MEDIUM" "ht-mega-for-elementor 2.4.8 Missing.Authorization.to.Information.Exposure MEDIUM" "ht-mega-for-elementor 2.4.7 Unauthenticated.Order.Data.Disclosure HIGH" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Image.Grid.Widget MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.size MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.Lightbox.Widget MEDIUM" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.4.9 Contributor+.Stored.XSS.via.Accordion/FAQ MEDIUM" "ht-mega-for-elementor 2.4.4 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Directory.Traversal HIGH" "ht-mega-for-elementor 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleTag MEDIUM" "ht-mega-for-elementor 2.4.5 Contributor+.Stored.Cross-Site.Scripting.via.Post.Carousel.Widget MEDIUM" "ht-mega-for-elementor 2.3.4 Arbitrary.Plugin/Theme.Activation.via.CSRF MEDIUM" "ht-mega-for-elementor 2.3.9 Reflected.Cross-Site.Scripting HIGH" "ht-mega-for-elementor 1.5.7 Absolute.Addons.for.Elementor.Page.Builder.<.1.5.7.-.Contributor+.Stored.XSS MEDIUM" "huurkalender-wp 1.6.0 Contributor+.Stored.XSS MEDIUM" "hide-shipping-method-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "hide-shipping-method-for-woocommerce 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "hide-shipping-method-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hdw-tube No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hot-random-image 1.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hd-quiz-save-results-light 0.6 Missing.Authorization MEDIUM" "ht-contactform 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-contactform 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hack-info 3.18 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ht-event No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.HT.Event:.Sponsor MEDIUM" "ht-event 1.4.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "houzez-login-register 3.3.0 Subscriber+.Privilege.Escalation.via.Account.Takeover HIGH" "insert-php-code-snippet 1.3.7 Cross-Site.Request.Forgery.to.Code.Snippet.Activate/Deactivate/Deletion MEDIUM" "insert-php-code-snippet 1.3.5 Admin+.Stored.XSS LOW" "inpost-gallery 2.1.4.3 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.inpost_gallery_get_shortcode_template MEDIUM" "inpost-gallery 2.1.4.2 Reflected.XSS HIGH" "inpost-gallery 2.1.4.1 Unauthenticated.LFI.to.RCE CRITICAL" "integrar-getnet-con-woo 0.0.5 Unauthenticated.Authorization.Bypass HIGH" "inactive-logout 3.2.3 Missing.Authorization MEDIUM" "inactive-logout 3.2.3 Cross-Site.Request.Forgery MEDIUM" "ip2location-country-blocker 2.38.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ip2location-country-blocker 2.34.3 Cross-Site.Request.Forgery MEDIUM" "ip2location-country-blocker 2.33.4 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log.File MEDIUM" "ip2location-country-blocker 2.26.9 Admin+.Stored.Cross-Site.Scripting LOW" "ip2location-country-blocker 2.26.5 Subscriber+.Arbitrary.Country.Ban MEDIUM" "ip2location-country-blocker 2.26.6 Arbitrary.Country.Ban.via.CSRF MEDIUM" "ip2location-country-blocker 2.26.5 Ban.Bypass MEDIUM" "ithemelandco-woo-report 1.5.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "ithemelandco-woo-report 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-elementor-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ipages-flipbook-pro 1.4.3 Reflected.Cross-Site.Scripting HIGH" "inline-click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ithemes-exchange 1.12.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "increase-sociability No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "insert-post-ads No.known.fix Missing.Authorization MEDIUM" "inline-svg-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "interactive-polish-map 1.2.1 Admin+.Stored.XSS LOW" "ideal-interactive-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "impreza 8.18 Reflected.Cross-Site.Scripting MEDIUM" "imagements No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "idbbee No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "if-menu 0.19.2 Missing.Authorization.to.License.Key.Update MEDIUM" "include-me 1.2.2 Authenticated.Remote.Code.Execution.(RCE).via.LFI.log.poisoning HIGH" "image-hover-effects-with-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id,.oxi_addons_f_title_tag,.and.content_description_tag.Parameters MEDIUM" "image-hover-effects-with-carousel 3.0 Reflected.XSS HIGH" "intimate-io-cryptocurrency-payments No.known.fix CSRF.Bypass MEDIUM" "icon-widget 1.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "icon-widget 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "image-watermark 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Watermark.Modification MEDIUM" "internal-link-shortcode No.known.fix Unauthenticated.SQL.Injection HIGH" "intelligence No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "imageboss 3.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "ia-map-analytics-basic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instabot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "image-vertical-reel-scroll-slideshow 9.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "image-vertical-reel-scroll-slideshow No.known.fix Admin+.Stored.XSS LOW" "imbachat-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "invoicing 2.8.12 Missing.Authorization.via.column_subscription() MEDIUM" "invoicing 2.3.4 Authenticated.Stored.XSS HIGH" "i-plant-a-tree 1.7.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "i-plant-a-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integrate-google-drive 1.3.94 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.9 Missing.Authorization.to.Unauthenticated.Settings.Modification.and.Export CRITICAL" "integrate-google-drive 1.3.4 Subscriber+.Settings.Update MEDIUM" "integrate-google-drive 1.3.5 Cross-Site.Request.Forgery MEDIUM" "integrate-google-drive 1.3.3 Open.Redirect.via.state MEDIUM" "integrate-google-drive 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "integrate-google-drive 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inventorypress No.known.fix Author+.Stored.XSS MEDIUM" "isee-products-extractor 2.1.4 .Reflected.Cross-Site.Scripting HIGH" "imagemagick-engine 1.7.11 Administrator+.OS.Command.Injection MEDIUM" "imagemagick-engine 1.7.6 PHAR.Deserialization.via.CSRF HIGH" "imagemagick-engine 1.7.6 Command.Injection.via.CSRF HIGH" "iq-block-country 1.2.20 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "iq-block-country 1.2.13 Admin+.Arbitrary.File.Deletion.via.Zip.Slip MEDIUM" "iq-block-country 1.2.12 Admin+.Stored.Cross-Site.Scripting LOW" "iq-block-country 1.1.20 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "ip-loc8 No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "images-optimize-and-upload-cf7 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "instant-chat-wp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "idpay-contact-form-7 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "interactive-world-maps 2.5 Reflected.Cross-Site.Scripting MEDIUM" "integration-for-gravity-forms-and-pipedrive 1.0.7 Reflected.Cross-Site.Scripting HIGH" "idealien-category-enhancements No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "if-so 1.9.2.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "if-so 1.8.0.4 Admin+.Stored.XSS LOW" "if-so 1.8.0.4 Reflected.XSS MEDIUM" "if-so 1.8.0.3 Contributor+.Shortcode.Stored.XSS MEDIUM" "if-so 1.7.1.1 Missing.Authorization MEDIUM" "if-so 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ilc-thickbox No.known.fix Settings.update.via.CSRF MEDIUM" "image-gallery-box-by-crudlab No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "improved-sale-badges 4.4.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "image-horizontal-reel-scroll-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "image-horizontal-reel-scroll-slideshow 13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "image-horizontal-reel-scroll-slideshow 13.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "iphone-webclip-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ink-official No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "instawp-connect 0.1.0.45 Authentication.Bypass.to.Admin CRITICAL" "instawp-connect 0.1.0.39 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.39 Missing.Authorization.to.Unauthenticated.API.setup/Arbitrary.Options.Update/Administrative.User.Creation CRITICAL" "instawp-connect 0.1.0.25 Missing.Authorization MEDIUM" "instawp-connect 0.1.0.23 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.9 Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "instawp-connect 0.1.0.10 Missing.Authorization.to.Sensitive.Information.Dislcosure MEDIUM" "instawp-connect 0.1.0.10 Authenticated.(Subscriber+).SQL.Injection HIGH" "instawp-connect 0.1.0.9 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "instawp-connect 0.1.0.9 Cross-Site.Request.Forgery.via.create_file_db_manager MEDIUM" "instawp-connect 0.0.9.19 Unauthenticated.Data.Modification CRITICAL" "internal-link-flow-topical-authority-topical-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "infinite-scroll No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "ifeature-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "image-hover-effects-ultimate 9.8.5 Admin+.Stored.XSS LOW" "image-hover-effects-ultimate 9.7.2 Authenticated.Arbitrary.Options.Change HIGH" "image-hover-effects-ultimate 9.8.0 Authenticated.Stored.XSS MEDIUM" "image-hover-effects-ultimate 9.7.2 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-ultimate 9.7.1 Reflected.Cross-Site.Scripting HIGH" "image-hover-effects-ultimate 9.7.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "intelly-posts-footer-manager 2.2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "instagrate-to-wordpress 1.3.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "insert-headers-and-footers 2.0.13.1 Reflected.XSS HIGH" "insert-headers-and-footers 2.0.9 Arbitrary.Log.File.Deletion.via.CSRF MEDIUM" "insert-headers-and-footers 2.0.7 Contributor+.WPCode.Library.Auth.Key.Update/Deletion LOW" "imagemagick-sharpen-resized-images No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Admin+.Stored.XSS LOW" "integracao-rd-station 5.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integracao-rd-station 5.2.1 Multiple.CSRF MEDIUM" "imdb-widget 1.0.9 Local.File.Inclusion.(LFI) HIGH" "ithemes No.known.fix New-Password.Requirements.Not.Enforced.Until.second.Login HIGH" "images-asynchronous-load 1.06 Reflected.Cross-Site.Scripting MEDIUM" "i2-pro-cons No.known.fix Contributor+.Stored.XSS MEDIUM" "improved-variable-product-attributes 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "interact-quiz-embed 3.1 Contributor+.Stored.XSS MEDIUM" "icon-widget-with-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "importify 1.0.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "idsk-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idsk-toolkit No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ithemes-mobile 1.2.8 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "image-hover-effects-visual-composer-extension 5.0 Contributor+.Stored.XSS MEDIUM" "iframe-to-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iteras No.known.fix Cross-Site.Request.Forgery MEDIUM" "internallink-audit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "instagram-slider-widget 2.2.5 Missing.Authorization MEDIUM" "instagram-slider-widget 2.0.7 Admin+.Stored.XSS.via.Feeds LOW" "instagram-slider-widget 2.0.6 Admin+.Stored.XSS.via.API.Key LOW" "instagram-slider-widget 2.0.5 Subscriber+.Stored.XSS.via.Feeds HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.API.Key.Update.to.Stored.XSS HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.Feed.Deletion MEDIUM" "instagram-slider-widget 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "instagram-slider-widget 1.8.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "instant-images 6.1.1 Author+.Arbitrary.Options.Update HIGH" "instant-images 5.2.0 Author+.SSRF LOW" "instant-images 4.4.0.1 Authenticated.Stored.XSS.&.XFS MEDIUM" "ip-blacklist-cloud No.known.fix Admin+.Stored.XSS LOW" "ip-blacklist-cloud No.known.fix Admin+.SQLi MEDIUM" "ip-blacklist-cloud 3.43 Admin+.Arbitrary.File.Disclosure MEDIUM" "iframe 5.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "iframe 5.1 Contributor+.Stored.XSS MEDIUM" "iframe 4.9 Contributor+.Stored.XSS LOW" "iframe 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'iframe'.Shortcode MEDIUM" "iframe 4.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "idcrm-contacts-companies 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-for-divi 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-for-divi 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ibryl-switch-user No.known.fix Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "icons-with-links-widget No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "insert-estimated-reading-time No.known.fix Admin+.Stored.XSS LOW" "instant-css 1.2.2 Theme/CSS/Minify/Preprocessor.Data.Update.via.CSRF MEDIUM" "instant-css 1.1.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "image-hover-effects-ultimate-visual-composer 2.6.1 Authenticated.Arbitrary.Options.Update HIGH" "independent-analytics 1.25.1 Reflected.Cross-Site.Scripting MEDIUM" "ics-calendar 10.12.0.2 Authenticated(Contributor+).Directory.Traversal.via._url_get_contents MEDIUM" "iksweb 3.8 Admin+.Stored.XSS LOW" "inavii-social-feed-for-elementor 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "icestats No.known.fix Cross-Site.Request.Forgery MEDIUM" "integration-for-szamlazz-hu-gravity-forms 1.2.7 Multiple.CSRF MEDIUM" "inactive-user-deleter 1.60 Cross-Site.Request.Forgery MEDIUM" "indeed-affiliate-pro 4.0 Authenticated.Stored.XSS MEDIUM" "include-lottie-animation-for-elementor 1.10.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-map-pro-lite No.known.fix CSRF.to.Stored.XSS MEDIUM" "image-map-pro-lite No.known.fix Subscriber+.Stored.XSS MEDIUM" "iws-geo-form-fields No.known.fix Geo.Form.Fields.<=.1.0.-.Unauthenticated.SQLi HIGH" "insert-or-embed-articulate-content-into-wordpress 4.3000000024 Author+.Arbitrary.File.Upload CRITICAL" "insert-or-embed-articulate-content-into-wordpress No.known.fix Iframe.Injection LOW" "insert-or-embed-articulate-content-into-wordpress No.known.fix Author+.Upload.to.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.3000000023 Contributor+.Stored.XSS MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000021 Reflected.Cross-Site.Scripting MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000016 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.29991 Authenticated.Arbitrary.Folder.Deletion.and.Rename MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.2999 Unauthenticated.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.2997 Subscriber+.Arbitrary.Option.Update CRITICAL" "invite-anyone 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "invite-anyone 1.3.19 Unauthenticated.PHP.Object.Injection CRITICAL" "invite-anyone 1.3.16 Multiple.Issues MEDIUM" "intelliwidget-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "imageseo 3.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "imageseo 2.0.8 Settings.Update.via.CSRF LOW" "ipblocklist No.known.fix CSRF MEDIUM" "instagram-for-wordpress No.known.fix Contributor+.Stored.XSS MEDIUM" "import-legacy-media No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "image-gallery 1.3.0 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Post.Title.Update MEDIUM" "image-mapper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "increase-upload-file-size-maximum-execution-time-limit 3.0 Reflected.Cross-Site.Scripting MEDIUM" "interactive-world-map 3.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-world-map 3.4.4 Reflected.Cross-Site.Scripting HIGH" "interactive-world-map 3.4.4 CSRF MEDIUM" "image-carousel-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "itempropwp No.known.fix Admin+.Stored.XSS LOW" "insert-pages 3.7.5 Contributor+.Stored.XSS MEDIUM" "insert-pages 3.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "insert-pages 3.7.0 Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "insert-pages 3.2.4 Directory.Traversal CRITICAL" "ithemes-sync 3.0.1 Stored.Cross-Site.Scripting.via.packages MEDIUM" "ithemes-sync 2.1.14 Cross-Site.Request.Forgery.and.Missing.Authorization.via.'hide_authenticate_notice' MEDIUM" "ibtana-ecommerce-product-addons 0.2.4 Ecommerce.Product.Addons.<.0.2.4.-.Reflected.Cross-Site.Scripting HIGH" "ibtana-visual-editor 1.2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "ibtana-visual-editor 1.2.3.4 WordPress.Website.Builder.<.1.2.3.4.-.Unauthenticated.reCAPTCHA.Settings.Update MEDIUM" "ibtana-visual-editor 1.2.2.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ibtana-visual-editor 1.1.8.8 Contributor+.Stored.XSS.via.Shortcode HIGH" "ibtana-visual-editor 1.1.4.9 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "icons-enricher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "institutions-directory 1.3.1 Subscriber+.Privilege.Escalation CRITICAL" "iubenda-cookie-law-solution 3.3.3 Subscriber+.Privileges.Escalation.to.Admin HIGH" "ipanorama-pro 1.6.22 Reflected.Cross-Site.Scripting HIGH" "incredible-font-awesome No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integrate-automate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integrate-automate 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-csv-files No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "invoice-payment-for-woocommerce 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "ifolders 1.5.1 Admin+.XSS MEDIUM" "internal-links 2.24.4 Cross-Site.Request.Forgery MEDIUM" "internal-links 2.23.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "internal-links 2.23.3 Reflected.Cross-Site.Scripting MEDIUM" "internal-links 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "icegram 3.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.32 Author+.Stored.XSS MEDIUM" "icegram 3.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.25 Missing.Authorization MEDIUM" "icegram 3.1.25 Missing.Authorization.to.Unauthenticated.Message.Duplication MEDIUM" "icegram 3.1.22 Contributor+.Campaign.Status.Toggle./.Duplication LOW" "icegram 3.1.19 Cross-Site.Request.Forgery.via.save_campaign_preview MEDIUM" "icegram 3.1.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Message MEDIUM" "icegram 3.1.12 Reflected.XSS HIGH" "icegram 2.1.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "icegram 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "icegram 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "icegram 1.10.29 CSRF.to.Stored.XSS MEDIUM" "icegram 1.9.19 Cross-Site.Request.Forgery.(CSRF).&.XSS MEDIUM" "integration-of-capsule-crm-for-contact-form-7 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "integration-of-capsule-crm-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "iframe-popup No.known.fix Admin+.Stored.XSS LOW" "infolinks-ad-wrap No.known.fix Settings.Update.via.CSRF MEDIUM" "imagelinks-pro 1.5.3 Reflected.Cross-Site.Scripting HIGH" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload_img_file' HIGH" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload' HIGH" "inspirational-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "indigitall-web-push-notifications 3.2.3 Admin+.Stored.XSS LOW" "infinite-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "import-export-for-woocommerce No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "import-users-to-mailchimp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "iconize No.known.fix Authenticated.(Admin+).Remote.Code.Execution HIGH" "indeed-job-importer No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "icegram-rainmaker 1.3.15 Missing.Authorization MEDIUM" "icegram-rainmaker 1.3.9 Contributor+.Stored.XSS MEDIUM" "import-social-statistics 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "import-social-statistics No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-social-statistics No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "imagenius No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-export No.known.fix Directory.Traversal CRITICAL" "igniteup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "igniteup 3.4.1 Multiple.Issues HIGH" "instantio 1.2.6 CSRF.Bypass MEDIUM" "imagerecycle-pdf-image-compression 3.1.17 Reflected.Cross-Site.Scripting MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Cross-Site.Request.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.11 Reflected.XSS HIGH" "imagerecycle-pdf-image-compression 3.1.12 Reflected.XSS HIGH" "issues-tracker 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "issues-tracker 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "intergeo-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "intergeo-maps 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.28.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.29.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.17.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "image-source-control-isc 2.3.1 Contributor+.Arbitrary.Post.Meta.Value.Change MEDIUM" "ics-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "innovs-hr-manager No.known.fix Employee.Creation.via.CSRF MEDIUM" "innovs-hr-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "import-users-from-csv 1.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "inquiry-cart No.known.fix Stored.XSS.via.CSRF HIGH" "image-alt-text 3.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Image.Alt.Text.Update MEDIUM" "instagram-widget-by-wpzoom 2.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Instagram.Image.Deletion MEDIUM" "image-upload-for-bbpress 1.1.19 Cross-Site.Request.Forgery.via.hm_bbpui_admin_page MEDIUM" "ignitiondeck 1.10.0 Missing.Authorization MEDIUM" "image-classify No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "image-hover-effects-addon-for-elementor 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.eihe_link.Parameter MEDIUM" "image-hover-effects-addon-for-elementor 1.4.2 Elementor.Addon.<.1.4.2.-.Authenticated(Contributor+).DOM-based.Stored.Cross-Site.Scripting.via.Image.Hover.Effects.Widget MEDIUM" "image-hover-effects-addon-for-elementor 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'eihe_align' MEDIUM" "image-hover-effects-addon-for-elementor 1.3.4 Elementor.Addon.<.1.3.4.-.Contributor+.Stored.XSS MEDIUM" "improved-include-page No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "imagelinks-interactive-image-builder-lite 1.6.0 Admin+.SQLi MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.4 Contributor+.Stored.XSS MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.3 Reflected.Cross-Site.Scripting HIGH" "idonate 2.0.0 Admin+.Stored.XSS LOW" "ichart 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "interactive-geo-maps 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "interactive-geo-maps 1.5.11 Editor+.Stored.XSS LOW" "interactive-geo-maps 1.5.9 Contributor+.Stored.XSS MEDIUM" "interactive-geo-maps 1.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "indieweb-post-kinds 1.3.1.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "interactive-image-map-builder 1.1 Admin+.Stored.XSS LOW" "iloveimg 1.0.6 iLoveIMG.<.1.0.6.-.Admin+.PHP.Object.Injection HIGH" "integration-for-billingo-gravity-forms 1.0.4 Multiple.CSRF MEDIUM" "imdb-info-box No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "insta-gallery 4.4.0 Missing.Authorization MEDIUM" "insta-gallery 2.4.8 CSRF.&.Missing.Authorisation.Checks HIGH" "iconic-woothumbs 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "iwp-client 1.13.1 Unauthenticated.Limited.Directory.Traversal.to.Arbitrary..txt.File.Reading MEDIUM" "iwp-client 1.12.3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "iwp-client 1.12.1 Unauthenticated.Sensitive.Information.Exposure HIGH" "iwp-client 1.9.4.5 Authentication.Bypass CRITICAL" "ipushpull 2.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "infusionsoft 1.5.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "infusionsoft 1.5.10 1.5.10.Arbitrary.File.Upload MEDIUM" "import-external-images No.known.fix CSRF MEDIUM" "image-magnify No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iamport-payment No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-uk-map 3.4.9 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "ithemes-security-pro 6.8.4 Hide.Backend.Bypass MEDIUM" "infogram No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integration-dynamics 1.3.24 Contributor+.RCE.and.Arbitrary.File.Read CRITICAL" "integration-dynamics 1.3.18 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "image-over-image-vc-extension 3.0 Contributor+.Stored.XSS MEDIUM" "inline-tweets No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "image-optimizer-wd 1.0.27 Admin+.Path.Traversal MEDIUM" "image-optimizer-wd 1.0.27 Reflected.Cross-Site.Scripting HIGH" "image-map-pro 6.0.21 Missing.Authorization.to.Authenticated.(Contributor+).Map.Project.Add/Update/Delete MEDIUM" "image-map-pro 6.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-map-pro 5.6.9 Cross-Site.Scripting HIGH" "image-map-pro 5.6.9 Cross-Site.Request.Forgery MEDIUM" "image-widget 4.4.11 Admin+.Stored.XSS LOW" "ip-metaboxes No.known.fix Admin+.Stored.XSS LOW" "ip-metaboxes No.known.fix Unauthenticated.Reflected.XSS HIGH" "import-eventbrite-events 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "image-tag-manager No.known.fix Reflected.Cross-Site.Scripting.via.default_class MEDIUM" "instalinker 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ipages-flipbook 1.5.2 Missing.Authorization MEDIUM" "ipages-flipbook 1.5.0 Authenticated.(Administrator+).SQL.Injection HIGH" "ipages-flipbook 1.4.7 Contributor+.Stored.XSS MEDIUM" "ipages-flipbook 1.4.3 Reflected.Cross-Site.Scripting HIGH" "interactive-medical-drawing-of-human-body 2.6 Admin+.Stored.XSS LOW" "internal-link-building-plugin No.known.fix CSRF MEDIUM" "internal-link-building-plugin No.known.fix Admin+.Stored.XSS LOW" "ims-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "indexisto No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "infographic-and-list-builder-ilist 5.0.0 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "infographic-and-list-builder-ilist 4.7.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Title.Update MEDIUM" "infographic-and-list-builder-ilist 4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infographic-and-list-builder-ilist 4.3.8 iList.<.4.3.8.-.Unauthenticated.SQL.Injection HIGH" "image-protector No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "imagemapper No.known.fix Subscriber+.Arbitrary.Post.Deletion MEDIUM" "imagemapper No.known.fix Stored.XSS.via.CSRF HIGH" "imagemapper No.known.fix Contributor+.Stored.XSS MEDIUM" "imagemapper No.known.fix Settings.Update.via.CSRF MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.2.1 Cross-Site.Request.Forgery MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.1.1 Reflected.Cross-Site.Scripting HIGH" "immotoolbox-connect 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "iworks-pwa 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "integration-for-szamlazzhu-woocommerce 5.6.3.3 Multiple.CSRF MEDIUM" "ip-address-blocker No.known.fix IP.Spoofing MEDIUM" "ip-address-blocker No.known.fix Cross-Site.Request.Forgery MEDIUM" "inline-google-spreadsheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "iva-business-hours-pro No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "inline-footnotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intelly-related-posts 3.8.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.7.0 Reflected.XSS HIGH" "intelly-related-posts 3.4.0 Tracking.Toggle.via.CSRF MEDIUM" "intelly-related-posts 3.6.0 Subscriber+.Password.Protected.Post.Read MEDIUM" "intelly-related-posts 3.5.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.0.5 Admin+.Cross-Site.Scripting LOW" "insight-core No.known.fix Subscriber+.PHP.Object.Injection.&.Stored.XSS MEDIUM" "inline-call-to-action-builder-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "icons-font-loader 1.1.5 Authenticated(Administrator+).Arbitrary.File.Upload MEDIUM" "icons-font-loader 1.1.2.1 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "insert-php 2.5.1 Woody.code.snippets.–.Insert.Header.Footer.Code,.AdSense.Ads.<.2,5,1.-Authenticated.(Contributor+).Remote.Code.Execution CRITICAL" "insert-php No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "insert-php 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "insert-php 2.3.10 Arbitrary.Settings.Update.via.CSRF MEDIUM" "insert-php 2.3.10 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "insert-php 2.2.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "insert-php 2.2.6 Arbitrary.Post.Deletion MEDIUM" "insert-php 2.2.5 Multiple.issues.leading.to.RCE HIGH" "iframe-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "import-spreadsheets-from-microsoft-excel 10.1.5 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "import-spreadsheets-from-microsoft-excel 10.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-regenerate-select-crop 7.3.1 Sensitive.Information.Exposure MEDIUM" "image-slider-widget 1.1.127 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "image-slider-widget 1.1.123 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "import-xml-feed 2.1.6 Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "import-xml-feed 2.1.5 Unauthenticated.RCE CRITICAL" "import-xml-feed 2.1.4 Admin+.Arbitrary.File.Upload MEDIUM" "import-xml-feed 2.0.3 Authenticated.Server-side.Request.Forgery.(SSRF) MEDIUM" "iframe-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Cross-Site.Request.Forgery MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Authenticated.(Subscriber+).Missing.Authorization MEDIUM" "i-recommend-this 3.9.0 Admin+.Stored.XSS LOW" "i-recommend-this No.known.fix CSRF MEDIUM" "i-recommend-this 3.8.2 Authenticated.SQL.Injection HIGH" "ip-vault-wp-firewall 2.1 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "ip-vault-wp-firewall 2.1 WP.Firewall.<.2.1.-.Admin+.Stored.XSS LOW" "ipanorama-360-virtual-tour-builder-lite 1.8.4 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.2 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.1 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "ipanorama-360-virtual-tour-builder-lite 1.8.0 Authenticated.(Admin+).SQL.injection HIGH" "ipanorama-360-virtual-tour-builder-lite 1.6.30 Contributor+.Stored.XSS MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.6.22 Reflected.Cross-Site.Scripting HIGH" "ilab-media-tools 4.5.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ilab-media-tools 4.5.21 Reflected.Cross-Site.Scripting MEDIUM" "ilab-media-tools 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "icalendrier 1.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iks-menu 1.11.2 Reflected.Cross-Site.Scripting MEDIUM" "iks-menu 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "invitation-code-content-access 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "icdsoft-reseller-store 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "inpost-for-woocommerce 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "index-wp-mysql-for-speed 1.4.18 Admin+.Reflected.XSS HIGH" "internal-link-builder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "icustomizer 1.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "image-hover-effects 5.6 Caption.Settings.Update.via.CSRF MEDIUM" "image-hover-effects 5.5 Admin+.Stored.XSS LOW" "indeed-membership-pro 12.8 Reflected.Cross-Site.Scripting HIGH" "indeed-membership-pro 12.8 Unauthenticated.PHP.Object.Injection HIGH" "indeed-membership-pro 12.8 Unauthenticated.Privilege.Escalation CRITICAL" "import-holded-products-woocommerce 2.0 Reflected.Cross-Site.Scripting MEDIUM" "import-holded-products-woocommerce 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ideapush 8.72 Missing.Authorization.to.Board.Term.Deletion MEDIUM" "ideapush 8.71 Cross-Site.Request.Forgery MEDIUM" "ideapush 8.69 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.66 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ideapush 8.61 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.58 Subscriber+.Memory.Tab/Routine/Taxonomy.Creation MEDIUM" "ideapush 8.53 Admin+.Stored.XSS LOW" "image-gallery-with-slideshow No.known.fix Multiple.XSS.and.SQL.Injection CRITICAL" "iflychat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iflychat 4.7.0 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "idx-broker-platinum 3.2.3 Contributor+.Stored.XSS MEDIUM" "idx-broker-platinum 3.0.6 Reflected.Cross-Site.Scripting HIGH" "idx-broker-platinum 2.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).via.unprotected.'idx_update_recaptcha_key'.AJAX MEDIUM" "idx-broker-platinum 2.6.2 Authenticated.Post.Creation,.Modification,.and.Deletion MEDIUM" "indeed-learning-pro No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "iq-testimonials No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "image-hover-effects-css3 No.known.fix Admin+.Stored.XSS LOW" "information-for-help 0.0.3 Reflected.Cross-Site.Scripting MEDIUM" "instant-appointment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "instant-appointment No.known.fix Unauthenticated.SQL.Injection HIGH" "insertify No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "import-users-from-csv-with-meta 1.27.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "import-users-from-csv-with-meta 1.27.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.9 Unauthenticated.Information.Exposure MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.6 Missing.Authorization MEDIUM" "import-users-from-csv-with-meta 1.26.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "import-users-from-csv-with-meta 1.24.7 Missing.Authorization.via.fire_cron.REST.endpoint MEDIUM" "import-users-from-csv-with-meta 1.24.4 Contributor+.Stored.XSS MEDIUM" "import-users-from-csv-with-meta 1.24.3 Admin+.Arbitrary.File.Read/Deletion MEDIUM" "import-users-from-csv-with-meta 1.20.5 Subscriber+.CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.19.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "import-users-from-csv-with-meta 1.16.3.6 CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.15.0.1 Unauthorised.Authenticated.Users.Export LOW" "import-users-from-csv-with-meta 1.14.2.2 CSRF.leading.to.attachment.deletion.&.Path.Traversal HIGH" "import-users-from-csv-with-meta 1.14.1.3 XSS MEDIUM" "import-users-from-csv-with-meta 1.14.0.3 XSS.and.CSRF HIGH" "import-users-from-csv-with-meta 1.12.1 Import.Cross-Site.Scripting.(XSS) MEDIUM" "information-reel 10.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "ider-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instagram-feed 2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "incoming-links 0.9.10b referrers.php.XSS MEDIUM" "import-shopify-to-woocommerce 1.1.13 Import.Shopify.to.WooCommerce.<.1.1.13.-.Admin+.Arbitrary.File.Access MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.5 Authenticated.(Author+).Stored.Cross-Site.Scritping.via.Bookmark.URL MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Bookmarks MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.13.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.12.1 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "invitation-based-registrations No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "internal-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "internal-comments 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "infusionsoft-landing-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "infility-global 2.9.9 Reflected.XSS HIGH" "infility-global 2.9.9 Reflected.XSS.via.set_type.Parameter HIGH" "infility-global 2.9.9 Subscriber+.Plugin.Settings.Update MEDIUM" "issuu-panel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "integrate-firebase 0.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "images-to-webp 1.9 Authenticated.Local.File.Inclusion LOW" "images-to-webp 1.9 Multiple.Cross.Site.Request.Forgery.(CSRF) MEDIUM" "include-mastodon-feed 1.9.6 Contributor+.Stored.XSS MEDIUM" "inbound-brew No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inbound-brew No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inbound-brew No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ibuildapp No.known.fix Reflected.XSS HIGH" "inline-tweet-sharer 2.6 Admin+.Stored.XSS LOW" "include-fussball-de-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intuitive-custom-post-order 3.1.5 Admin+.SQLi LOW" "intuitive-custom-post-order 3.1.4 Arbitrary.Menu.Order.Update.via.CSRF MEDIUM" "intuitive-custom-post-order 3.1.4 Subscriber+.Arbitrary.Menu.Order.Update MEDIUM" "indeed-wp-superbackup 2.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "indeed-wp-superbackup 2.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "indeed-wp-superbackup 2.4 Missing.Authorization MEDIUM" "indeed-wp-superbackup 2.4 Missing.Authorization.to.Unauthenticated.Back-Up.File.Download HIGH" "indeed-wp-superbackup 2.4 Reflected.Cross-Site.Scripting MEDIUM" "indeed-wp-superbackup 2.4 Migrate.for.WordPress.<.2.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "justified-gallery 1.8.0b1 Reflected.Cross-Site.Scripting MEDIUM" "justified-gallery 1.7.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "justified-gallery 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jquery-validation-for-contact-form-7 5.3 Arbitrary.Options.Update.via.CSRF HIGH" "js-support-ticket 2.8.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "js-support-ticket 2.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "js-support-ticket 2.8.7 Unauthenticated.PHP.Code.Injection.to.Remote.Code.Execution CRITICAL" "js-support-ticket 2.8.4 Missing.Authorization MEDIUM" "js-support-ticket 2.8.2 Unauthenticated.SQL.Injection.via.email.and.trackingid CRITICAL" "js-support-ticket 2.7.8 Best.Help.Desk.&.Support.<.2.7.8.-.Subscriber+.Ticket.Manipulation.via.IDOR MEDIUM" "js-support-ticket 2.7.2 CSRF MEDIUM" "js-support-ticket 2.0.6 CSRF HIGH" "jet-tabs 2.2.3.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jet-theme-core 2.2.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "joomdev-wp-pros-cons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jtrt-responsive-tables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jtrt-responsive-tables 4.1.2 JTRT.Responsive.Tables.<.4,1,2.–.Authenticated.SQL.Injection HIGH" "justified-image-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "journey-analytics 1.0.13 Unauthorised.AJAX.call.via.CSRF MEDIUM" "jibu-pro No.known.fix Stored.XSS MEDIUM" "jt-express 2.0.15 Reflected.Cross-Site.Scripting.via.[placeholder] MEDIUM" "jquery-reply-to-comment No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "jf3-maintenance-mode 2.1.0 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "jvm-rich-text-icons 1.2.4 Subscriber+.Arbitrary.File.Upload HIGH" "jvm-rich-text-icons 1.2.7 Subscriber+.Arbitrary.File.Deletion HIGH" "jquery-collapse-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic 1.8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "jquery-collapse-o-matic 1.8.3 Contributor+.Stored.XSS MEDIUM" "js-jobs 2.0.1 Multiple.CSRF MEDIUM" "js-jobs 2.0.1 Missing.Authorization MEDIUM" "js-jobs 2.0.1 Subscriber+.Stored.XSS HIGH" "js-jobs 1.1.9 Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "js-jobs 1.0.7 CSRF HIGH" "job-board-vanilla No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jb-horizontal-scroller-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jiangqie-official-website-mini-program 1.1.1 Authenticated.SQL.Injection CRITICAL" "jiangqie-free-mini-program No.known.fix Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "jigoshop-exporter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "job-board 1.1.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "job-board 1.0.1 Admin+.Stored.XSS LOW" "jw-player-7-for-wp No.known.fix Missing.Authorization MEDIUM" "jet-search 3.5.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jm-twitter-cards 14.1.0 Password.Protected.Post.Access MEDIUM" "jetpackcrm-ext-woo-connect 2.13 Unauthorized.Invoice.Disclosure LOW" "juicer 1.11 Contributor+.Stored.XSS MEDIUM" "jonradio-private-site 3.1.0 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "jonradio-private-site 3.0.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "joomsport-sports-league-results-management 5.6.18 Reflected.Cross-Site.Scripting.via.page HIGH" "joomsport-sports-league-results-management 5.6.4 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.5.7 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.2.8 Unauthenticated.SQLi HIGH" "joomsport-sports-league-results-management 5.2.6 Admin+.SQLi MEDIUM" "joomsport-sports-league-results-management 5.1.8 Unauthenticated.PHP.Object.Injection MEDIUM" "joomsport-sports-league-results-management 3.4 SQL.Injection CRITICAL" "joy-of-text No.known.fix Missing.Authorization MEDIUM" "joy-of-text No.known.fix Settings.Update.via.CSRF MEDIUM" "joy-of-text 2.3.1 Unauthenticated.SQLi HIGH" "js-css-script-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "jquery-t-countdown-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tminus.Shortcode MEDIUM" "jquery-t-countdown-widget 2.3.24 Contributor+.Stored.XSS MEDIUM" "jivochat 1.3.5.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "job-postings 2.7.8 Contributor+.Stored.XSS MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting.via.job-search MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "job-postings 2.7.4 Contributor+.Stored.XSS MEDIUM" "job-postings 2.5.11 Admin+.Stored.XSS LOW" "job-postings 2.6.0 Author+.Stored.XSS MEDIUM" "job-board-manager 2.1.60 Cross-Site.Request.Forgery MEDIUM" "job-board-manager No.known.fix Missing.Authorization MEDIUM" "job-board-manager 2.1.59 Subscriber+.Stored.XSS HIGH" "jupiterx-core 4.8.8 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "jupiterx-core 4.8.8 Authenticated.(Contributor+).SVG.Upload.to.Local.File.Inclusion.(Remote.Code.Execution) HIGH" "jupiterx-core 4.8.6 Missing.Authorization.to.Authenticated.Library.Sync MEDIUM" "jupiterx-core 4.8.6 Missing.Authorization.to.Unauthenticated.Popup.Template.Export MEDIUM" "jupiterx-core 4.7.8 Limited.Unauthenticated.Authentication.Bypass.to.Account.Takeover HIGH" "jupiterx-core 4.6.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 3.3.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 3.4.3 Unauthenticated.Privilege.Escalation CRITICAL" "jupiterx-core 4.6.9 Unauthenticated.Arbitrary.File.Download HIGH" "jupiterx-core 2.0.8 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiterx-core 2.0.7 Information.Disclosure,.Modification,.and.Denial.of.Service MEDIUM" "jupiterx-core 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "jigoshop-store-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jemployee No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "jc-ajax-search-for-woocommerce 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "job-manager No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "job-manager No.known.fix .Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "job-manager 0.7.25 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "justrows-free No.known.fix Reflected.XSS HIGH" "job-board-light 1.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jlayer-parallax-slider-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jch-optimize 4.2.1 Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "jch-optimize 3.2.3 Admin+.Stored.XSS LOW" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.sg_content_template MEDIUM" "jeg-elementor-kit 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.6.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "jeg-elementor-kit 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Tabs.and.JKit.-.Accordion.Widgets MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Elementor.Widget.URL.Custom.Attributes MEDIUM" "jeg-elementor-kit 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Banner MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonial MEDIUM" "jeg-elementor-kit 2.6.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.5.7 Unauthenticated.Settings.Update MEDIUM" "jeg-elementor-kit 2.5.7 Subscriber+.Authorization.Bypass MEDIUM" "joli-faq-seo 1.3.3 Cross-Site.Request.Forgery MEDIUM" "joli-faq-seo 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "joli-faq-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jp-staticpagex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "jazz-popups No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "jh-404-logger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "jetgridbuilder 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "jeeng-push-notifications 2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "job-portal No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jetwidgets-for-elementor 1.0.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "jetwidgets-for-elementor 1.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_type.and.id.Parameters MEDIUM" "jetwidgets-for-elementor 1.0.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Button.URL MEDIUM" "jetwidgets-for-elementor 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Box.Widget MEDIUM" "jetwidgets-for-elementor 1.0.13 Settings.Update.via.CSRF MEDIUM" "jetwidgets-for-elementor 1.0.14 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "jetwidgets-for-elementor 1.0.9 Contributor+.Stored.XSS MEDIUM" "jetformbuilder 3.3.4.2 Authenticated.(Administrator+).Privilege.Escalation HIGH" "jetformbuilder 3.1.5 Unauthenticated.Content.Injection MEDIUM" "jetformbuilder 3.0.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "jk-html-to-pdf No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jet-footer-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "json-content-importer 1.6.0 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "json-content-importer 1.5.4 Reflected.XSS HIGH" "json-content-importer 1.3.16 Admin+.Stored.XSS LOW" "jquery-tagline-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "jalbum-bridge 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ar.Parameter MEDIUM" "jungbillig-portfolio-gallery No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jcarousel-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "just-writing-statistics 4.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "just-writing-statistics 4.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "job-manager-career 1.4.5 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "job-manager-career 1.4.4 Directory.listing.to.Sensitive.Data.Exposure HIGH" "jekyll-exporter 2.2.1 Unauthenticated.RCE.via.PHPUnit CRITICAL" "jwp-a11y No.known.fix Admin+.Stored.XSS LOW" "jc-importer 2.14.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "jc-importer 2.13.1 Admin+.Server-side.Request.Forgery MEDIUM" "jc-importer 2.4.6 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "javascript-logic No.known.fix CSRF.to.Stored.XSS HIGH" "jet-elements 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jet-elements 2.6.13.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Download MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.on.AJAX.Actions MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.on.AJAX.Actions MEDIUM" "jet-engine 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.list_tag.Parameter MEDIUM" "jet-engine 3.2.5 Authenticated.(Contributor+).Privilege.Escalation HIGH" "jet-engine 3.2.5 Missing.Authorization HIGH" "jet-engine 3.1.3.1 Author+.Remote.Code.Execution HIGH" "jquery-accordion-slideshow 8.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "jobwp 2.2 Sensitive.Information.Exposure HIGH" "jobwp 2.0 Reflected.Cross-Site.Scripting MEDIUM" "judgeme-product-reviews-woocommerce 1.3.21 Contributor+.Stored.XSS MEDIUM" "json-api-user 3.9.4 Unauthenticated.Privilege.Escalation CRITICAL" "jazzcash-woocommerce-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "jayj-quicktag 1.3.2 CSRF HIGH" "jet-skinner-for-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jetpack-boost 3.4.8 Contributor+.Stored.XSS MEDIUM" "jetpack-boost 3.4.7 Admin+.SSRF MEDIUM" "justified-image-grid No.known.fix Unauthenticated.Server-Side.Request.Forgery MEDIUM" "jreviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jquery-news-ticker 3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-news-ticker 3.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "joan 5.6.3 Authenticated.Stored.Cross-Site.Scripting LOW" "joan 5.6.2 Reflected.Cross-Site.Scripting HIGH" "joan 5.6.2 Arbitrary.Plugin's.Settings.Update.via.CSRF MEDIUM" "jquery-vertical-accordion-menu No.known.fix Contributor+.Stored.XSS MEDIUM" "just-tables 1.5.0 Cross-Site.Request.Forgery MEDIUM" "jet-blocks 1.3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.8.1 Reflected.Cross.Site.Scripting MEDIUM" "joli-table-of-contents 2.0.10 Reflected.Cross-Site.Scripting MEDIUM" "joli-table-of-contents 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jsp-store-locator No.known.fix Deletion.via.Missing.CSRF MEDIUM" "jsp-store-locator No.known.fix Contributor+.SQL.Injection HIGH" "jsmol2wp No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "jsmol2wp No.known.fix Unauthenticated.Server.Side.Request.Forgery.(SSRF) HIGH" "jetwoo-widgets-for-elementor 1.1.8 Authenticated.(Contributor+).Limited.Local.File.Inclusion HIGH" "jsm-show-post-meta 4.6.1 Missing.Authorization MEDIUM" "jobboardwp 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "jobboardwp 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jobboardwp 1.1.0 Admin+.Stored.Cross-Site.Scripting LOW" "jds-portfolio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jetpack 14.1-a.1 Unauthenticated.DOM-XSS MEDIUM" "jetpack 11.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.8.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.2.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.3.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.0.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.5.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.4.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.0.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.3.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.7.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.6.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.1.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.5.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.2.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.8.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.9.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.7.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.4.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.0.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.7.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.3.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 3.9.10 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8 Contributor+.Stored.XSS MEDIUM" "jetpack 13.8 Unauthenticated.Arbitrary.Block.&.Shortcode.Execution MEDIUM" "jetpack 13.4 Contributor+.Stored.Cross-Site.Scripting.via.wpvideo.Shortcode MEDIUM" "jetpack 13.2.1 Contributor+.Stored.XSS MEDIUM" "jetpack 12.8-a.3 Contributor+.Stored.XSS.via.block.attribute MEDIUM" "jetpack 12.7 Authenticated(Contributor+).Clickjacking.via.Iframe.Injection MEDIUM" "jetpack 12.7 Improper.Authorization.via.WPCom.External.Media.REST.endpoints MEDIUM" "jetpack 12.1.1 Author+.Arbitrary.File.Manipulation.via.API HIGH" "jetpack 9.8 Carousel.Module.Non-Published.Page/Post.Attachment.Comment.Leak MEDIUM" "jetpack 7.9.1 Vulnerability.in.Shortcode.Embed.Code MEDIUM" "jetpack 6.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "jetpack 4.0.4 Multiple.Vulnerabilities MEDIUM" "kopa-nictitate-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Cross-Site.Request.Forgery MEDIUM" "klarna-checkout-for-woocommerce 2.0.10 Authenticated.Arbitrary.Plugin.Deactivation,.Activation.and.Installation CRITICAL" "kingcomposer No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "kingcomposer No.known.fix Open.Redirect MEDIUM" "kingcomposer 2.9.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "kingcomposer 2.9.4 Multiple.Critical.Issues CRITICAL" "kingcomposer 2.8.2 Authenticated.Stored.XSS HIGH" "kingcomposer 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "king-ie No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "kd-coming-soon No.known.fix Unauthenticated.PHP.Object.Injection.via.cetitle HIGH" "kangu 2.2.10 Reflected.XSS HIGH" "kama-clic-counter 3.5.0 XSS MEDIUM" "kama-clic-counter 3.5.0 Authenticated.Blind.SQL.Injection HIGH" "kenta-blocks 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kenta-blocks 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "kings-tab-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kopatheme No.known.fix Cross-Site.Request.Forgery MEDIUM" "kanzu-support-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanzu-support-desk No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kanzu-support-desk No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "knowledgebase 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "keymaster-chord-notation-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "klaviyo 3.0.10 Admin+.Stored.XSS LOW" "klaviyo 3.0.8 Admin+.Stored.XSS LOW" "kp-fastest-tawk-to-chat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kvcore-idx No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kadence-starter-templates 1.2.17 Admin+.PHP.Object.Injection MEDIUM" "kadence-woocommerce-email-designer 1.5.12 CSRF MEDIUM" "kadence-woocommerce-email-designer 1.5.7 Admin+.PHP.Objection.Injection MEDIUM" "kento-post-view-counter No.known.fix CSRF.&.multiple.XSS HIGH" "kitestudio-core 2.3.1 Reflected.Cross-Site-Scripting MEDIUM" "kadence-blocks 3.3.2 Missing.Authorization MEDIUM" "kadence-blocks 3.4.3 Authenticated.(contributor+).Stored.Cross-Site.Scripting.via.Button.Link MEDIUM" "kadence-blocks 3.2.54 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.2.54 Admin+.Stored.XSS LOW" "kadence-blocks 3.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Widget MEDIUM" "kadence-blocks 3.2.53 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.46 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "kadence-blocks 3.2.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Google.Maps.Widget MEDIUM" "kadence-blocks 3.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleFont.Parameter MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting.via.Typer.Effect MEDIUM" "kadence-blocks 3.2.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.Cross-Site.Scripting.via.Block.Link MEDIUM" "kadence-blocks 3.2.35 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.12 Contributor+.Server-Side.Request.Forgery HIGH" "kadence-blocks 3.2.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.and.CountUp.Widget MEDIUM" "kadence-blocks 3.2.18 Authenticated(Editor+).Stored.Cross-Site.Scripting.via.Contact.Form.Message.Settings MEDIUM" "kadence-blocks 3.2.26 Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.20 Contributor+.Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.24 Contributor+.Stored.XSS MEDIUM" "kb-support 1.6.8 Unauthenticated.Open.Redirect MEDIUM" "kb-support 1.6.7 Subscriber+.Multiple.Administrator.Actions HIGH" "kb-support 1.6.7 Unauthenticated.Ticket.Reply.Exposure MEDIUM" "kb-support 1.6.1 Missing.Authorization MEDIUM" "kb-support 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes 2.5.0 Settings.Update.via.CSRF MEDIUM" "klarna-payments-for-woocommerce 3.3.0 Missing.Authorization MEDIUM" "kk-star-ratings 5.4.10.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "kk-star-ratings 5.4.6 Rating.Tampering.via.Race.Condition LOW" "kk-star-ratings 5.4.6 Missing.Authorization MEDIUM" "kk-star-ratings 5.4.5 Reflected.Cross-Site.Scripting MEDIUM" "kk-star-ratings 5.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kivicare-clinic-management-system 3.6.5 Unauthenticated.SQL.Injection HIGH" "kivicare-clinic-management-system 3.6.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.5 Authenticated.(Doctor/Receptionist+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.7 Patient+.Insecure.Direct.Object.Reference MEDIUM" "kivicare-clinic-management-system 3.2.1 Subscriber+.Unauthorised.AJAX.Calls HIGH" "kivicare-clinic-management-system 3.2.1 Reflected.Cross-Site.Scripting HIGH" "kivicare-clinic-management-system 3.2.1 Multiple.CSRF HIGH" "kivicare-clinic-management-system 3.2.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "kivicare-clinic-management-system 2.3.9 Unauthenticated.SQLi HIGH" "koalendar-free-booking-widget 1.0.3 Contributor+.Stored.XSS.via.height.Parameter MEDIUM" "kkprogressbar No.known.fix Stored.XSS.via.CSRF HIGH" "kkprogressbar No.known.fix Progress.Bar.Deletion.via.CSRF MEDIUM" "kkprogressbar No.known.fix Admin+.SQL.Injection MEDIUM" "kiwi-social-share 2.1.8 Information.Disclosure MEDIUM" "kiwi-social-share 2.1.3 Kiwi.2.1.0.-.Unauthenticated.Arbitrary.WordPress.Options.Update.and.Read CRITICAL" "kiwi-social-share 2.0.11 Kiwi.<.2.0.11.-.Arbitrary.WordPress.Options.Update CRITICAL" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting.via.'add_query_arg' MEDIUM" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "kudos-donations 3.1.2 Arbitrary.Items.Deletion.via.CSRF HIGH" "knight-lab-timelinejs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knight-lab-timelinejs 3.9.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "knight-lab-timelinejs 3.7.0.0 Outdated.TimelineJS.library.could.Lead.to.Stored.XSS MEDIUM" "kali-forms 2.3.42 Missing.Authorization MEDIUM" "kali-forms 2.3.42 Missing.Authorization.to.Arbitrary.Plugin.Deactivation HIGH" "kali-forms 2.3.37 Kali.Forms.<.2.3.37.-.Insecure.Direct.Object.Reference MEDIUM" "kali-forms 2.3.28 Kali.Forms.<.2.3.28.-.Missing.Authorization.via.Contact.Form MEDIUM" "kali-forms 2.3.29 Kali.Forms.<.2.3.29.-.Missing.Authorization.via.get_log MEDIUM" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Authenticated.Plugin's.Settings.Change HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Unauthenticated.Arbitrary.Post.Deletion HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Multiple.CSRF.Bypass.Issues MEDIUM" "kento-ads-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "keydatas 2.6.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "kioken-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "keyword-meta No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "kh-easy-user-settings No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "kn-fix-your No.known.fix Authenticated.Stored.XSS LOW" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kontxt-semantic-engine No.known.fix CSRF.Bypass MEDIUM" "kenta-companion 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "konnichiwa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kapost-byline No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kv-tinymce-editor-fonts No.known.fix Font.List.Update.via.CSRF MEDIUM" "kvoucher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kvoucher No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "korea-sns 1.6.5 Settings.Update.via.CSRF MEDIUM" "kiwi-logo-carousel 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "kwayy-html-sitemap 4.0 Admin+.Stored.XSS LOW" "kama-spamblock 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "kalender-digital 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kodo-qiniu 1.5.1 Cross-Site.Request.Forgery MEDIUM" "kata-plus 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "kata-plus 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kineticpay-for-woocommerce 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Blind.SQLi HIGH" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Stored.XSS HIGH" "kjm-admin-notices No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kunze-law 2.1 Admin+.Stored.Cross-Site.Scripting LOW" "kattene 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knr-author-list-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "knr-author-list-widget 3.0.0 Unauthenticated.SQL.Injection CRITICAL" "kraken-image-optimizer 2.6.6 Settings.Update.via.CSRF MEDIUM" "kevins-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "keep-backup-daily No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "keep-backup-daily 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "kanban No.known.fix Missing.Authorization MEDIUM" "kanban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kbucket 4.2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kbucket 4.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "kbucket 4.1.6 Admin+.Stored.XSS LOW" "kbucket 4.1.5 Reflected.XSS MEDIUM" "kredeum-nfts 1.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks-pro 2.3.8 Contributor+.Arbitrary.Option.Access MEDIUM" "kaswara No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "krsp-frontend-file-upload No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "krsp-frontend-file-upload No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "kubio 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "kubio 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ko-fi-button 1.3.3 Admin+.Stored.XSS LOW" "koko-analytics 1.3.13 Reflected.Cross-Site.Scripting MEDIUM" "kau-boys-backend-localization No.known.fix Settings.Update.via.CSRF MEDIUM" "ksher-payment 1.1.2 Missing.Authorization MEDIUM" "kundgenerator 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "kaya-qr-code-generator 1.5.3 Contributor+.Stored.XSS MEDIUM" "kintpv-connect No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "listamester 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "livesync No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "lh-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-with-cognito 1.4.9 Admin+.Stored.XSS LOW" "login-with-cognito 1.4.4 Reflected.Cross-Site.Scripting.via.appId HIGH" "leads-5050-visitor-insights 1.1.0 Unauthorised.License.Change HIGH" "leads-5050-visitor-insights 1.0.4 Unauthenticated.License.Change HIGH" "ledenbeheer-external-connection 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "logwpmail No.known.fix Email.Logs.Publicly.Accessible HIGH" "locations-and-areas 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "locations-and-areas 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "launchpad-by-obox No.known.fix Admin+.Stored.XSS LOW" "launchpad-by-obox No.known.fix CSRF MEDIUM" "limit-login-attempts-reloaded 2.25.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "limit-login-attempts-reloaded 2.25.26 Admin+.Missing.Authorization.to.Toggle.Plugin.Auto-Update LOW" "limit-login-attempts-reloaded 2.17.4 Login.Rate.Limiting.Bypass LOW" "limit-login-attempts-reloaded 2.16.0 Authenticated.Reflected.Cross-Site.Scripting HIGH" "liquid-speech-balloon 1.2 Settings.Update.via.CSRF MEDIUM" "light-messages No.known.fix CSRF.to.Stored.XSS HIGH" "last-viewed-posts 1.0.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "last-viewed-posts 1.0.1 Unauthenticated.PHP.Object.Injection CRITICAL" "lite-wp-logger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-juice-keeper 2.0.3 Admin+.Stored.XSS LOW" "linkify-text No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "login-with-yourmembership 1.1.4 Admin+.Stored.XSS LOW" "login-as-customer-or-user No.known.fix Admin.Account.Takeover HIGH" "login-as-customer-or-user No.known.fix Authentication.Bypass CRITICAL" "login-as-customer-or-user 3.3 Unauthenticated.Privilege.Escalation.to.Admin CRITICAL" "login-as-customer-or-user 2.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "login-as-customer-or-user 1.8 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subsciber+).Log.Deletion.and.Session.Termination MEDIUM" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+)Privilege.Escalation HIGH" "login-page-styler 6.2.5 Admin+.Stored.XSS LOW" "logo-showcase-ultimate 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "logo-showcase-ultimate 1.3.9 Authenticated(Contributor+).PHP.Object.Injection HIGH" "lh-add-media-from-url 1.30 Reflected.Cross-Site.Scripting MEDIUM" "lh-add-media-from-url 1.23 Reflected.Cross-Site.Scripting MEDIUM" "lws-cleaner 2.3.1 Cross-Site.Request.Forgery MEDIUM" "login-logout-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "latex2html 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "latex2html 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "livejournal-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "leyka 3.31.7 Missing.Authorization MEDIUM" "leyka 3.31.2 Missing.Authorization MEDIUM" "leyka 3.30.7.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "leyka 3.30.4 Admin+.Stored.XSS LOW" "leyka 3.30.3 Reflected.XSS HIGH" "leyka 3.30.2 Reflected.XSS HIGH" "leyka 3.30.3 Subscriber+.Privilege.Escalation HIGH" "leyka 3.30 Unauthenticated.Stored.XSS HIGH" "logs-de-connexion No.known.fix Log.Deletion.via.CSRF MEDIUM" "logs-de-connexion No.known.fix Admin+.SQL.Injection LOW" "linear No.known.fix Cross-Site.Request.Forgery.to.Cache.Reset MEDIUM" "linear No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linear 2.8.1 Contributor+.Stored.XSS MEDIUM" "live-weather-station 3.8.13 Mode.Switch.via.CSRF MEDIUM" "lightbox-popup 2.1.6 Admin+.Stored.XSS LOW" "list-custom-taxonomy-widget 4.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "leadsquared-suite No.known.fix Admin+.Stored.XSS LOW" "leadsquared-suite No.known.fix CSRF MEDIUM" "link-party No.known.fix Settings.Update.via.CSRF MEDIUM" "link-party No.known.fix Unauthenticated.Stored.XSS HIGH" "link-party No.known.fix Unauthenticated.Arbitrary.Link.Deletion MEDIUM" "link-party No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "link-optimizer-lite No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "leenkme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leenkme 2.6.0 XSS.&.CSRF MEDIUM" "label-grid-tools 1.3.59 Reflected.Cross-Site.Scripting MEDIUM" "lana-text-to-image 1.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "learning-management-system 1.13.4 Authenticated.(Student+).Stored.Cross-Site.Scripting.via.Ask.a.Question.Functionality MEDIUM" "learning-management-system 1.13.4 Authenticated.(Student+).Missing.Authorization.to.Privilege.Escalation HIGH" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Authenticated.(Student+).Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.12.0 LMS.<.1.12.0.-.Missing.Authorization MEDIUM" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Missing.Authorization MEDIUM" "learning-management-system 1.7.4 LMS.<.1.7.4.-.Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.7.3 LMS.<.1.7.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "learning-management-system 1.6.8 Information.Exposure MEDIUM" "list-category-posts 0.90.3 Author+.Stored.XSS LOW" "list-category-posts 0.89.7 Contributor+.Stored.XSS MEDIUM" "list-category-posts 0.89.4 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "latest-tweets-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ldap-wp-login-integration-with-active-directory 3.0.2 Unauthenticated.Settings.Update.to.Auth.Bypass CRITICAL" "ldap-wp-login-integration-with-active-directory 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "legull No.known.fix Reflected.XSS HIGH" "livemesh-table-rate-shipping 1.2 Reflected.Cross-Site.Scripting MEDIUM" "leira-cron-jobs 1.2.10 Reflected.Cross-Site.Scripting MEDIUM" "lodgixcom-vacation-rental-listing-management-booking-plugin No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "landing-pages 2.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "landing-pages 1.9.2 Unauthenticated.Remote.Command.Execution MEDIUM" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "livechat-woocommerce 2.2.17 Cross-Site.Request.Forgery MEDIUM" "lis-video-gallery No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "logdash-activity-log 1.1.4 Unauthenticated.SQLi HIGH" "login-block-ips No.known.fix IP.Spoofing.Bypass LOW" "login-block-ips No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "localize-my-post No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "likebot No.known.fix Admin+.Stored.XSS.via.CSRF LOW" "logo-manager-for-enamad No.known.fix Admin+.Stored.XSS.via.Widget LOW" "logo-manager-for-enamad No.known.fix Stored.XSS.via.CSRF HIGH" "lsd-google-maps-embedder No.known.fix Cross-Site.Request.Forgery.Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "league-table-lite 1.14 Tables.Cloning/Update/Deletion.via.CSRF MEDIUM" "lastform No.known.fix Drag.&.Drop.Contact.Form.Builder.<=.1.0.5.-.Admin+.Arbitrary.System.File.Read MEDIUM" "login-and-logout-redirect No.known.fix .Open.Redirect MEDIUM" "leaflet-maps-marker 3.12.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaflet-maps-marker 3.12.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.5 Admin+.SQLi MEDIUM" "lock-my-bp 1.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "license-manager-for-woocommerce 3.0.7 Improper.Authorization.to.Authenticated(Contributor+).Sensitive.Information.Exposure MEDIUM" "license-manager-for-woocommerce 2.2.11 Authenticated.(Administrator+).SQL.Injection HIGH" "license-manager-for-woocommerce 2.3b1 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 2.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-form-recaptcha No.known.fix Admin+.Stored.XSS LOW" "lh-copy-media-file 1.09 Reflected.Cross-Site.Scripting MEDIUM" "list-pages-shortcode 1.7.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "livesupporti No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "linked-variation-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "linkid No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure HIGH" "legalweb-cloud 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ldap-ad-staff-employee-directory-search 1.3 Admin.LDAP.Credentials.Retrieval LOW" "ldap-ad-staff-employee-directory-search 1.2.3 Improper.escaping.of.LDAP.entries HIGH" "laybuy-gateway-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "logo-showcase-with-slick-slider 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "logo-showcase-with-slick-slider 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logo-showcase-with-slick-slider 2.0.1 Arbitrary.Media.Title/Description/Alt.Text/URL.Update.via.CSRF MEDIUM" "logo-showcase-with-slick-slider 1.2.5 Subscriber+.Arbitrary.Media.Title/Description/Alt.Text/URL.Update MEDIUM" "logo-showcase-with-slick-slider 1.2.4 Author+.Stored.Cross.Site.Scripting MEDIUM" "lazy-load-for-videos 2.18.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "livemesh-weight-based-shipping 1.4 Reflected.Cross-Site.Scripting MEDIUM" "luzuk-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loggedin 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "like-on-vkontakte No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "limit-login-attempts No.known.fix Subscriber+.Stored.XSS HIGH" "limit-login-attempts 1.7.2 Unauthenticated.Stored.XSS HIGH" "limit-login-attempts 1.7.1 Auth.Cookies.Brute.Force.Bypass LOW" "lightweight-accordion 1.5.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lightweight-accordion 1.5.15 Contributor+.Stored.XSS MEDIUM" "list-pages-at-depth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "locations No.known.fix Contributor+.Stored.XSS MEDIUM" "locations 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "locations 4.0 Cross-Site.Request.Forgery HIGH" "lifterlms-gateway-paypal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.5 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "learnpress-import-export 4.0.3 Reflected.XSS HIGH" "login-logo-editor-by-oizuled No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "len-slider No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "laposta No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "lazyload-background-images No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "local-sync 1.1.7 Missing.Authorization MEDIUM" "logo-slider No.known.fix Admin+.SQLi MEDIUM" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "live-composer-page-builder No.known.fix Author+.Stored.XSS MEDIUM" "live-composer-page-builder 1.5.39 Missing.Authorization MEDIUM" "live-composer-page-builder 1.5.36 Cross-Site.Request.Forgery MEDIUM" "live-composer-page-builder 1.5.29 .Author+.PHP.Object.Injection MEDIUM" "live-composer-page-builder 1.5.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.23 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "loginpress 1.6.3 Unauthenticated.Settings.Update MEDIUM" "loginpress 1.5.12 Reflected.Cross-Site.Scripting MEDIUM" "loginpress 1.1.16 Authenticated.Blind.SQL.Injection CRITICAL" "listplus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-configurator No.known.fix Reflected.Cross-Site.Scripting HIGH" "login-configurator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "login-configurator No.known.fix Reflected.XSS HIGH" "leadster-marketing-conversacional 1.1.3 Cross-Site.Request.Forgery.via.leadster_script_code_action MEDIUM" "leadster-marketing-conversacional 1.1.3 Settings.Update.via.CSRF MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Contact/Widget.Toggle MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita 2.7.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "lastudio-element-kit 1.4.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "lastudio-element-kit 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.3.9.2 Contributor+.Stored.XSS MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion.via.'progress_type' MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.7.4 Missing.Authorization MEDIUM" "lastudio-element-kit 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "lastudio-element-kit 1.3.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.LaStudioKit.Post.Author.Widget MEDIUM" "lastudio-element-kit 1.3.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.1.6 Missing.Authorization MEDIUM" "loginizer 1.9.3 Authentication.Bypass HIGH" "loginizer 1.7.9 Reflected.XSS HIGH" "loginizer 1.7.6 Reflected.XSS HIGH" "loginizer 1.7.6 Cross-Site.Request.Forgery MEDIUM" "loginizer 1.6.4 Unauthenticated.SQL.Injection CRITICAL" "loginizer 1.4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "loginizer 1.3.6 Blind.SQL.Injection CRITICAL" "loginizer 1.3.6 Cross-Site.Request.Forgery.(CSRF) HIGH" "lock-user-account No.known.fix User.Lock.Bypass MEDIUM" "lock-user-account 1.0.4 Arbitrary.Account.Lock/Unlock.via.CSRF MEDIUM" "location-weather 1.3.4 Contributor+.Stored.XSS MEDIUM" "link-list-manager No.known.fix Reflected.Cross-Site.Scripting HIGH" "limit-attempts 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "limit-attempts 1.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "limit-attempts 1.1.1 SQL.Injection CRITICAL" "lenxel-core No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lenxel-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lenxel-core 1.2.5 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "leaderboard-lite No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "login-attempts-limit-wp No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "login-attempts-limit-wp No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "list-one-category-of-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "limb-gallery 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "limb-gallery 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "limb-gallery 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "lu-radioplayer 6.24.11.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lu-radioplayer 6.24.11.07 Unauthenticated.Arbitrary.File.Read HIGH" "linkedin-login 1.1 Reflected.Cross-Site.Scripting MEDIUM" "library-viewer 2.0.6.1 Contributor+.Stored.XSS MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'llrmloginlogout'.Shortcode MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lw-all-in-one 1.6.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "lana-downloads-manager 1.8.0 Contributor+.Arbitrary.File.Download HIGH" "login-with-vipps 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "language-switcher 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "lws-tools 2.4.2 Cross-Site.Request.Forgery MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Unauthenticated.SQLi HIGH" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "litespeed-cache 6.5.2 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.5.1 Author+.Path.Traversal MEDIUM" "litespeed-cache 6.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 6.5.1 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 6.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "litespeed-cache 6.5.0.1 Unauthenticated.Sensitive.Information.Exposure.via.Log.Files HIGH" "litespeed-cache 6.4 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 5.7.0.1 Unauthenticated.CDN.Status.Update MEDIUM" "litespeed-cache 5.7.0.1 Unauthenticated.Stored.XSS HIGH" "litespeed-cache 5.7 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 5.3.1 CSRF MEDIUM" "litespeed-cache 4.4.4 Admin+.Reflected.Cross-Site.Scripting LOW" "litespeed-cache 4.4.4 IP.Check.Bypass.to.Unauthenticated.Stored.XSS HIGH" "litespeed-cache 3.6.1 Authenticated.Stored.Cross-Site.Scripting LOW" "lazy-facebook-comments 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "listingpro-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Author+).Local.File.Inclusion HIGH" "listingpro-plugin No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "liquid-blocks 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-with-phone-number 1.7.50 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "login-with-phone-number 1.7.36 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "login-with-phone-number 1.7.35 Insecure.Password.Reset.Mechanism HIGH" "login-with-phone-number 1.7.27 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "login-with-phone-number 1.7.20 Missing.Authorization MEDIUM" "login-with-phone-number 1.6.94 Missing.Authorization MEDIUM" "login-with-phone-number 1.7.17 Unauthorized.Account.Password.Change.to.Privilege.Escalation HIGH" "login-with-phone-number 1.6.94 Cross-Site.Request.Forgery MEDIUM" "login-with-phone-number 1.5.7 User.Password.Change.via.CSRF HIGH" "login-with-phone-number 1.4.2 Reflected.Cross-Site.Scripting HIGH" "login-with-phone-number 1.3.8 Multiple.Admin+.Stored.XSS LOW" "login-with-phone-number 1.3.7 Unauthenticated.remote.plugin.deletion MEDIUM" "live-support-tickets 1.11.1 Unauthenticated.Information.Disclosure MEDIUM" "lgpd-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leadin 11.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HubSpot.Meeting.Widget MEDIUM" "leadin 8.8.15 Contributor+.Blind.SSRF MEDIUM" "login-logout-menu 1.4.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "load-more-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "linkz-ai 1.2.0 Unauthenticated.Plugin.Settings.Update MEDIUM" "linkz-ai 1.2.0 Subscriber+.Plugin.Settings.Update MEDIUM" "lets-box 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "lightbox-plus 2.8 CSRF.to.XSS MEDIUM" "logo-scheduler-great-for-holidays-events-and-more 1.2.2 Admin+.Stored.XSS LOW" "l-squared-hub-wp-virtual-device No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "linker 1.2.2 Contributor+.Stored.XSS MEDIUM" "live-chat-facebook-fanpage No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "linet-erp-woocommerce-integration 3.5.8 Cross-Site.Request.Forgery MEDIUM" "login-or-logout-menu-item 1.2.0 Unauthenticated.Options.Change MEDIUM" "landing-page-cat 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.5 Missing.Authorization MEDIUM" "landing-page-cat 1.7.3 Unauthenticated.Information.Exposure MEDIUM" "lws-affiliation 2.3.5 Missing.Authorization MEDIUM" "luckywp-table-of-contents 2.1.7 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.6 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.5 Contributor+.Stored.XSS MEDIUM" "luckywp-table-of-contents 2.1.5 Admin+.Stored.XSS MEDIUM" "lead-form-builder 1.9.2 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "lead-form-builder No.known.fix Admin+.Stored.XSS LOW" "lead-form-builder 1.9.0 Missing.Authorization MEDIUM" "lead-form-builder 1.9.0 Cross-Site.Request.Forgery MEDIUM" "lead-form-builder 1.7.4 Multiple.Subscriber+.Settings.Update MEDIUM" "lead-form-builder 1.7.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "lead-form-builder 1.6.8 Subscriber+.Arbitrary.Lead.Deletion MEDIUM" "lead-form-builder 1.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "location-click-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "laposta-signup-basic 1.4.2 CSRF MEDIUM" "laposta-signup-basic 1.4.2 Missing.Authorization MEDIUM" "linked-orders-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linked-orders-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lastunes No.known.fix Settings.Update.via.CSRF HIGH" "leanpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "launchpage-app-importer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "ldap-login-password-and-role-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "libsyn-podcasting No.known.fix Cross-Site.Request.Forgery MEDIUM" "libsyn-podcasting No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "libsyn-podcasting No.known.fix Reflected.XSS HIGH" "libsyn-podcasting No.known.fix Sensitive.Information.Exposure MEDIUM" "log-http-requests 1.3.2 Stored.Cross-Site.Scripting MEDIUM" "lh-qr-codes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "laika-pedigree-tree No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "library-management-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "library-management-system No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "lara-google-analytics 2.0.5 Authenticated.Stored.XSS HIGH" "link-library 7.7.3 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7.2 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.link-library.Shortcode MEDIUM" "link-library 7.6.1 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.7 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "link-library 7.6 Cross-Site.Request.Forgery.via.action_admin_init MEDIUM" "link-library 7.6 Reflected.Cross-Site.Scripting.via.'link_price'.and.'link_tags' MEDIUM" "link-library 7.4.1 Admin+.Stored.XSS LOW" "link-library 7.2.8 Library.Settings.Reset.via.CSRF MEDIUM" "link-library 7.2.9 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.2.8 Unauthenticated.Arbitrary.Links.Deletion MEDIUM" "liveforms 3.4.0 XSS MEDIUM" "liveforms 3.2.0 Visual.Form.Builder.3.0.1.-.Blind.SQL.Injection CRITICAL" "luckywp-scripts-control 1.2.2 Missing.Authorization MEDIUM" "luckywp-scripts-control 1.2.2 CSRF.via.multiple.AJAX.actions LOW" "layouts-importer 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "lawyer-directory 1.2.9 Subscriber+.Privilege.Escalation CRITICAL" "like-box 0.8.41 Contributor+.Stored.XSS MEDIUM" "like-box 0.8.40 Admin+.Stored.XSS LOW" "lws-hide-login 2.1.9 Protection.Mechanism.Bypass MEDIUM" "lws-hide-login 2.1.7 Plugin.Settings.Page.Creation.via.CSRF MEDIUM" "live-search-xforwc 2.1.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "landingi-landing-pages 3.1.2 Cross-Site.Request.Forgery MEDIUM" "luzuk-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-designer 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "list-all-posts-by-authors-nested-categories-and-titles 2.8.3 CSRF MEDIUM" "link-whisper 0.7.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "link-whisper 0.7.0 Link.Whisper.Free.<.0,7,0 MEDIUM" "link-whisper 0.7.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "link-whisper 0.6.9 Reflected.Cross-Site.Scripting MEDIUM" "link-whisper 0.6.6 Authenticated.(Contributor+).SQL.Injection HIGH" "lifterlms 7.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "lifterlms 7.7.6 Authenticated.(Admin+).SQL.Injection HIGH" "lifterlms 7.6.3 Authenticated.(Contributor+).SQL.Injection.via.Shortcode CRITICAL" "lifterlms 7.5.1 Cross-Site.Request.Forgery MEDIUM" "lifterlms 7.5.2 Missing.Authorization.via.process_review MEDIUM" "lifterlms 7.5.0 Authenticated(Administrator+).Directory.Traversal.to.Arbitrary.CSV.File.Deletion LOW" "lifterlms 4.21.2 Access.Other.Student.Grades/Answers.via.IDOR MEDIUM" "lifterlms 4.21.1 Authenticated.Stored.XSS.in.Edit.Profile HIGH" "lifterlms 4.21.1 Reflected.Cross-Site.Scripting.(XSS).via.Coupon.Code.in.Checkout MEDIUM" "lifterlms 3.37.15 Arbitrary.File.Writing CRITICAL" "lifterlms 3.35.1 Unauthenticated.Options.Import CRITICAL" "launcher No.known.fix Admin+.Stored.XSS MEDIUM" "launcher 1.0.11 Multiple.Stored.XSS MEDIUM" "leader No.known.fix Missing.Authorization MEDIUM" "lightbox-gallery 0.9.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "localseomap-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "legal-pages 1.4.3 Cross-Site.Request.Forgery MEDIUM" "legal-pages 1.3.9 Cross-Site.Request.Forgery.via.moveToTrash.and.fetch_and_insert_template_data MEDIUM" "legal-pages 1.3.9 Missing.Authorization MEDIUM" "legal-pages 1.3.8 Missing.Authorization.on.'deleteLegalTemplate' MEDIUM" "loading-page 1.0.83 Admin+.Stored.Cross-Site.Scripting LOW" "login-sidebar-widget No.known.fix Open.Redirect MEDIUM" "locateandfilter 1.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "lws-optimize 2.0 Cross-Site.Request.Forgery MEDIUM" "ldap-login-for-intranet-sites 4.2 Admin.LDAP.Passback LOW" "ldap-login-for-intranet-sites 4.1.10 Unauthenticated.Log.Disclosure MEDIUM" "ldap-login-for-intranet-sites 4.1.6 Sensitive.Information.Disclosure HIGH" "ldap-login-for-intranet-sites 4.1.5 SQL.Injection.via.CSRF LOW" "ldap-login-for-intranet-sites 4.1.1 Unauthenticated.Data.Disclosure MEDIUM" "ldap-login-for-intranet-sites 3.6.95 Reflected.Cross-Site.Scripting HIGH" "left-right-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "lana-email-logger 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "logaster-logo-generator No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "lbstopattack 1.1.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "leaky-paywall 4.21.3 Cross-Site.Request.Forgery MEDIUM" "leaky-paywall 4.20.9 Missing.Authorization.to.Price.Manipulation MEDIUM" "leaky-paywall 4.16.7 Admin+.Stored.Cross-Site.Scripting LOW" "lean-wp No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "lean-wp No.known.fix Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "ladipage No.known.fix Missing.Authorization.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization.on.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization MEDIUM" "login-recaptcha 1.7 IP.Check.Bypass LOW" "lana-shortcodes 1.2.0 Contributor+.Stored.XSS MEDIUM" "lemonade-sna-pinterest-edition No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "locked-payment-methods-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "locked-payment-methods-for-woocommerce 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lgx-owl-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-customizer 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "login-customizer 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "libreform 2.0.9 Unauthenticated.Arbitrary.Submissions.Listing.&.Deletion HIGH" "loan-comparison 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loan-comparison 1.5.3 Contributor+.Stored.XSS.via.shortcode MEDIUM" "loan-comparison 1.5.3 Reflected.XSS.via.shortcode MEDIUM" "lifeline-donation No.known.fix Authentication.Bypass CRITICAL" "llama-redirect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting.via.remove_query_arg.Parameter MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "letterpress No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "letterpress No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "livemesh-dynamic-pricing 1.2 Reflected.Cross-Site.Scripting MEDIUM" "logo-carousel-free 3.4.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "logo-carousel-free 3.4.2 Unauthorised.Private.Post.Access MEDIUM" "layerslider 7.11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ls_search_form.Shortcode MEDIUM" "layerslider 7.10.1 7.10.0.-.Unauthenticated.SQL.Injection CRITICAL" "layerslider 7.7.10 Cross-Site.Request.Forgery MEDIUM" "layerslider 7.7.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-log 2.1 SQL.Injection CRITICAL" "link-log 2.0 HTTP.Response.Splitting HIGH" "list-categories 0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "livemesh-siteorigin-widgets 3.3 Reflected.Cross-Site.Scripting MEDIUM" "livemesh-siteorigin-widgets 2.8.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "livemesh-siteorigin-widgets 2.5.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "loginplus No.known.fix Missing.Authorization MEDIUM" "loginplus No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "loco-translate 2.6.10 Cross-Site.Request.Forgery MEDIUM" "loco-translate 2.6.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "loco-translate 2.5.4 Authenticated.PHP.Code.Injection HIGH" "loco-translate 2.2.2 Authenticated.LFI MEDIUM" "livestream-notice 1.3.0 Admin+.Stored.XSS LOW" "logo-slider-wp 4.6.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Author+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.1.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.0.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 3.6.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "link-to-bible 2.5.10 Administrator+.Stored.XSS LOW" "leadconnector 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "localize-remote-images No.known.fix Settings.Update.via.CSRF MEDIUM" "login-as-users 1.4.4 Missing.Authorization.to.Privielge.Escalation.via.Account.Takeover HIGH" "login-as-users 1.4.3 Authentication.Bypass CRITICAL" "leadboxer 1.4 Reflected.XSS HIGH" "loginizer-security 1.9.3 Authentication.Bypass HIGH" "lpagery 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "latepoint 5.0.13 Authentication.Bypass HIGH" "latepoint 5.0.12 Unauthenticated.Arbitrary.User.Password.Change.via.SQL.Injection CRITICAL" "latepoint 4.9.9.1 Missing.Authorization.and.Sensitive.Information.Exposure.via.IDOR CRITICAL" "likebtn-like-button 2.6.54 Cross-Site.Request.Forgery MEDIUM" "likebtn-like-button 2.6.45 Arbitrary.e-mail.Sending MEDIUM" "likebtn-like-button 2.6.38 Unauthorised.Vote.Export.to.Email.&.IP.Addresses.Disclosure HIGH" "likebtn-like-button 2.6.32 Unauthenticated.Full-Read.SSRF HIGH" "likebtn-like-button 2.5.4 Unauthenticated.Arbitrary.Blog.Settings.Change HIGH" "leadinfo 1.1 Settings.Update.via.CSRF MEDIUM" "luzuk-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linkworth-wp-plugin 3.3.4 Arbitrary.Setting.Update.via.CSRF MEDIUM" "littlebot-invoices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "littlebot-invoices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lucidlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-with-ajax 4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "login-with-ajax 4.2 Missing.Authorization MEDIUM" "lh-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-news-lite 1.07 Settings.Update.via.CSRF MEDIUM" "labtools No.known.fix Subscriber+.Arbitrary.Publication.Deletion MEDIUM" "limit-login-attempts-plus No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "locatoraid 3.9.51 Unauthenticated.PHP.Object.Injection CRITICAL" "locatoraid 3.9.48 Reflected.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.24 Reflected.XSS HIGH" "locatoraid 3.9.19 Subscriber+.Stored.XSS HIGH" "locatoraid 3.9.15 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.12 CSRF MEDIUM" "larsens-calender No.known.fix Stored.Cross-Site.Scripting.(XSS) HIGH" "lazy-load-videos-and-sticky-control No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lktags-linkedin-insight-tags 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-stock-prices-for-wordpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.2.7.5.1 Authenticated.(LP.Instructor+).Stored.Cross-Site.Scripting.via.Lesson.Name MEDIUM" "learnpress 4.2.7.2 Authenticated.(Subscriber+).Open.Redirect MEDIUM" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.4 Course.Material.Sensitive.Information.Exposure.via.REST.API MEDIUM" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_fields' CRITICAL" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_only_fields' CRITICAL" "learnpress 4.2.6.9.4 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "learnpress 4.2.6.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.9 Cross-Site.Request.Forgery MEDIUM" "learnpress 4.2.6.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "learnpress 4.2.6.8.2 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.8.2 Missing.Authorization.to.Unauthenticated.User.Registration.Bypass MEDIUM" "learnpress 4.2.6.8.1 Basic.Information.Disclosure.via.JSON.API MEDIUM" "learnpress 4.2.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "learnpress 4.2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_html.Parameter MEDIUM" "learnpress 4.2.6.6 Unauthenticated.Time-Based.SQL.Injection CRITICAL" "learnpress 4.2.6.6 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "learnpress 4.2.6.6 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.2.6.4 Authenticated(LP.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.0.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "learnpress 4.2.6.4 Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.5.8 Unauthenticated.Command.Injection HIGH" "learnpress 4.2.5.8 Subscriber+.Arbitrary.Course.Progress.Disclosure MEDIUM" "learnpress 4.2.5.8 Unauthenticated.SQLi HIGH" "learnpress 4.2.5.5 Reflected.Cross-Site.Scripting HIGH" "learnpress 4.2.0 Unauthenticated.LFI CRITICAL" "learnpress 4.2.0 Subscriber+.SQLi HIGH" "learnpress 4.2.0 Unauthenticated.SQLi HIGH" "learnpress 4.1.7.2 Unauthenticated.PHP.Object.Injection.via.REST.API MEDIUM" "learnpress 4.1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.5 Arbitrary.Image.Renaming MEDIUM" "learnpress 4.1.4 Admin+.SQL.Injection MEDIUM" "learnpress 4.1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 4.1.3.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 3.2.7.3 CSRF.&.XSS LOW" "learnpress 3.2.6.8 Authenticated.Time.Based.Blind.SQL.Injection HIGH" "learnpress 3.2.6.9 Authenticated.Post.Creation.and.Status.Modification HIGH" "learnpress 3.2.6.9 Privilege.Escalation.to."LP.Instructor" HIGH" "learnpress 3.2.6.7 Privilege.Escalation MEDIUM" "learn-manager 1.1.5 Unauthenticated.Arbitrary.User.Field.Edition/Creation MEDIUM" "learn-manager 1.1.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "leira-roles 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "leaflet-map 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-map 3.0.0 Contributor+.Stored.XSS MEDIUM" "leaflet-map 3.0.0 Arbitrary.Settings.Update.via.CSRF.Leading.to.Stored.XSS MEDIUM" "login-with-azure 1.4.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "leopard-wordpress-offload-media 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update CRITICAL" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "login-rebuilder 2.8.1 Admin+.Stored.XSS LOW" "lucas-string-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "language-switcher-for-transposh 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "linklaunder-seo-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "lordicon-interactive-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-scores-for-sportspress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-scores-for-sportspress 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-scores-for-sportspress 1.9.1 Authenticated.Local.File.Inclusion MEDIUM" "live-scores-for-sportspress 1.9.1 Reflected.Cross-Site.Scripting HIGH" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Unauthenticated.SQL.Injection HIGH" "layouts-for-elementor 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Upload CRITICAL" "local-delivery-drivers-for-woocommerce 1.9.1 Missing.Authorization.to.Driver.Account.Takeover HIGH" "local-delivery-drivers-for-woocommerce 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "local-delivery-drivers-for-woocommerce 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-flight-radar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "livechat-elementor 1.0.14 Cross-Site.Request.Forgery MEDIUM" "light-poll No.known.fix Poll.Answers.Deletion.via.CSRF MEDIUM" "light-poll No.known.fix Polls.Deletion.via.CSRF MEDIUM" "language-bar-flags No.known.fix CSRF.to.Stored.XSS HIGH" "latex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "listdom 3.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode.Parameter MEDIUM" "login-screen-manager No.known.fix Stored.XSS.via.CSRF HIGH" "login-screen-manager No.known.fix Admin+.Stored.XSS LOW" "lava-directory-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "lava-directory-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "listapp-mobile-manager No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "login-lockdown 2.09 Subscriber+.Options.Leak MEDIUM" "login-lockdown 2.07 Admin+.SQLi MEDIUM" "login-lockdown 2.07 Administrator+.SQL.Injection HIGH" "localgrid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "loginpress-pro 3.0.0 Captcha.Bypass MEDIUM" "loginpress-pro 3.0.0 Unauthenticated.License.Activation/Deactivation MEDIUM" "leads-crm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "marketing-optimizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "moka-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp-restaurant-menu 2.4.2 Admin+.Stored.Cross.Site.Scripting LOW" "media-usage No.known.fix Reflected.Cross-Site.Scripting HIGH" "members-import No.known.fix XSS.via.Imported.CSV MEDIUM" "medibazar-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "my-wpdb 2.5 Arbitrary.SQL.Query.via.CSRF MEDIUM" "movies No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "miniorange-saml-20-single-sign-on 5.0.5 Missing.Authorization.to.notice.dismissal MEDIUM" "miniorange-saml-20-single-sign-on 12.1.0 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 16.0.8 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 20.0.7 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 4.8.84 Cross-Site.Scripting.(XSS).via.Crafted.SAML.XML.Response MEDIUM" "miniorange-saml-20-single-sign-on 4.8.73 Cross-Site.Scripting.(XSS) MEDIUM" "miniorange-firebase-sms-otp-verification 3.6.1 Authentication.Bypass HIGH" "miniorange-firebase-sms-otp-verification 3.6.1 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "miniorange-firebase-sms-otp-verification 3.6.1 Privilege.Escalation.via.Registration.due.to.Administrator.Default.User.Role.Value CRITICAL" "mejorcluster 1.1.16 Contributor+.Stored.XSS MEDIUM" "mediaburst-ecommerce-sms-notifications 2.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "miniorange-login-security 1.0.8 Reflected.Cross-Site.Scripting HIGH" "mapping-multiple-urls-redirect-same-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mega-addons-for-visual-composer 4.3.0 Contributor+.Stored.XSS MEDIUM" "mega-addons-for-visual-composer No.known.fix Subscriber+.Settings.Update MEDIUM" "mega-addons-for-visual-composer No.known.fix Settings.Update.via.CSRF MEDIUM" "mobilook 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "map-addons-for-elementor-waze-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magic-post-voice No.known.fix Reflected.Cross-Site.Scripting HIGH" "mobilize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mytweetlinks No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "mj-update-history No.known.fix Missing.Authorization MEDIUM" "mj-update-history No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "matomo 5.1.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "matomo 5.0.1 Reflected.Cross-Site.Scripting.via.idsite MEDIUM" "modify-profile-fields-dashboard-menu-buttons 1.04 Reflected.Cross-Site.Scripting MEDIUM" "medma-matix No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "my-content-management 1.7.7 Admin+.Stored.XSS LOW" "misiek-photo-album No.known.fix Stored.XSS.via.CSRF HIGH" "misiek-photo-album No.known.fix Album.Deletion.via.CSRF MEDIUM" "multi-feed-reader No.known.fix Cross-Site.Request.Forgery MEDIUM" "multi-feed-reader 2.2.4 SQL.Injection HIGH" "magicpost 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wb_share_social.Shortcode MEDIUM" "mm-email2image No.known.fix Stored.XSS.via.CSRF HIGH" "mm-email2image No.known.fix Contributor+.Stored.XSS MEDIUM" "miniorange-otp-verification 4.2.2 Missing.Authorization.via.dismiss_notice MEDIUM" "maintenance-page 1.0.9 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "maintenance-page 1.0.9 Security.Mechanism.Bypass.via.REST.API MEDIUM" "mailpress No.known.fix Arbitrary.Settings.Update.&.Log.Files.Purge.via.CSRF MEDIUM" "marketing-performance No.known.fix Reflected.XSS HIGH" "mhr-post-ticker 1.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mapfig-studio No.known.fix Stored.XSS.via.CSRF HIGH" "mail-subscribe-list 2.1.10 Contributor+.Stored.XSS MEDIUM" "mail-subscribe-list 2.1.4 Arbitrary.Subscribed.User.Deletion.via.CSRF MEDIUM" "mail-subscribe-list 2.1 Stored.XSS MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mapwiz No.known.fix Admin+.SQLi MEDIUM" "meta-store-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mihdan-index-now 2.6.4 Cross-Site.Request.Forgery.via.reset_form HIGH" "menu-items-visibility-control No.known.fix Admin+.Arbitrary.PHP.Code.Execution MEDIUM" "mapifylite 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "missing-widgets-for-elementor 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "missing-widgets-for-elementor 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "market-360-viewer No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "moceanapi-abandoned-carts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-friendly-app-builder-by-easytouch No.known.fix Unauthenticated.File.Upload CRITICAL" "my-contador-wp 2.1 Missing.Authorization.to.Unauthenticated.User.Registration.CSV.Export MEDIUM" "magee-shortcodes No.known.fix Contributor+.Stored.XSS.via.shortcode MEDIUM" "magee-shortcodes 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "metricool 1.18 Admin+.Stored.XSS LOW" "miniorange-login-openid 7.6.7 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "miniorange-login-openid 7.6.5 Authentication.Bypass CRITICAL" "miniorange-login-openid 7.6.0 Admin+.Stored.XSS LOW" "miniorange-login-openid 7.5.15 Multiple.CSRF MEDIUM" "miniorange-login-openid 7.6.1 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "mpl-publisher 1.30.4 Self-publish.your.book.&.ebook.<.1.30.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "mpl-publisher 1.29.2 Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "microsoft-advertising-universal-event-tracking-uet 1.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Limited.Settings.Update MEDIUM" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader 2.1.1 Local.File.Inclusion HIGH" "metasync 1.8.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "membermouse 2.2.9 Blind.SQL.Injection CRITICAL" "multimanager-wp 1.1.0 Authentication.Bypass.via.User.Impersonation CRITICAL" "most-popular-posts-widget-lite 0.9 Admin+.SQL.injection MEDIUM" "mmm-file-list No.known.fix Subscriber+.Arbitrary.Directory.Listing MEDIUM" "mmm-file-list No.known.fix Contributor+.Stored.XSS MEDIUM" "meet-my-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "memberlite-shortcodes 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.memberlite_accordion.Shortcode MEDIUM" "memberlite-shortcodes 1.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "meks-easy-instagram-widget 1.2.4 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "music-player-for-elementor 2.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Template.Import MEDIUM" "music-player-for-elementor 1.5.9.9 Reflected.Cross-Site.Scripting MEDIUM" "music-player-for-elementor 1.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mediaburst-email-to-sms No.known.fix Authenticated(Administrator+).SQL.Injection MEDIUM" "mediaburst-email-to-sms 3.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "meks-smart-author-widget 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moose-elementor-kit 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moose-elementor-kit 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "maxi-blocks 1.9.3 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "my-tickets 2.0.10 Missing.Authorization MEDIUM" "my-tickets 1.9.11 Bulk.Emailing.via.CSRF MEDIUM" "my-tickets 1.8.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "mf-gig-calendar No.known.fix Cross-Site.Request.Forgery MEDIUM" "mf-gig-calendar No.known.fix Editor+.Stored.XSS LOW" "mf-gig-calendar No.known.fix Arbitrary.Event.Deletion.via.CSRF MEDIUM" "mf-gig-calendar No.known.fix Authenticated(Contributor+).SQL.Injection HIGH" "mf-gig-calendar 1.2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mf-gig-calendar 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mightyforms 1.3.10 Missing.Authorization MEDIUM" "mightyforms 1.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "muslim-prayer-time-bd 2.5 Settings.Reset.via.CSRF MEDIUM" "media-library-assistant 3.24 Reflected.Cross-Site.Scripting.via.smc_settings_tab,.unattachfixit-action,.and.woofixit-action.Parameters MEDIUM" "media-library-assistant 3.20 Authenticated.(Administrator+).Remote.Code.Execution HIGH" "media-library-assistant 3.19 Authenticated.(Author+).Arbitrary.File.Upload.via.mla-inline-edit-upload-scripts.AJAX.Action HIGH" "media-library-assistant 3.18 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.17 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "media-library-assistant 3.16 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "media-library-assistant 3.16 Reflected.Cross-Site.Scripting HIGH" "media-library-assistant 3.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mla_gallery.Shortcode MEDIUM" "media-library-assistant 3.14 Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "media-library-assistant 3.12 Author+.Stored.XSS MEDIUM" "media-library-assistant 3.11 Contributor+.Stored.XSS MEDIUM" "media-library-assistant 3.10 Unauthenticated.Local/Remote.File.Inclusion.&.Remote.Code.Execution HIGH" "media-library-assistant 3.08 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.06 Admin+.SQLi MEDIUM" "media-library-assistant 3.01 Unauthenticated.Error.Log.Access LOW" "media-library-assistant 2.90 Authenticated.Blind.SQL.Injection MEDIUM" "media-library-assistant 2.82 Authenticated.RCE CRITICAL" "media-library-assistant 2.82 Unauthenticated.Limited.Local.File.Inclusion HIGH" "media-library-assistant 2.82 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-library-assistant 2.7.4 Cross-Site.Scripting.(XSS) MEDIUM" "mwp-skype 4.0.4 Button.Deletion.via.CSRF MEDIUM" "mwp-skype 4.0.2 Reflected.XSS MEDIUM" "myanime-widget No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation CRITICAL" "mapplic 6.2.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "month-name-translation-benaceur 2.3.8 Admin+.Stored.XSS LOW" "mobile-friendly-flickr-slideshow 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-call-now-map-buttons No.known.fix Admin+.Stored.XSS LOW" "miguras-divi-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miguras-divi-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mojito-shipping 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mailchimp-for-woocommerce 2.7.1 Subscriber+.SSRF MEDIUM" "mailchimp-for-woocommerce 2.7.2 Admin+.SSRF LOW" "mailrelay 2.1.2 Arbitrary.Settings.Update.via.CSRF MEDIUM" "magical-posts-display 1.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mass-pagesposts-creator 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "mass-pagesposts-creator 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mass-pagesposts-creator 1.2.5 DoS MEDIUM" "memberpress 1.11.30 Reflected.Cross-Site.Scripting.via.mepr_screenname.and.mepr_key.Parameters MEDIUM" "memberpress 1.11.35 Missing.Authorization MEDIUM" "memberpress 1.11.30 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.mepr-user-file.Shortcode HIGH" "memberpress 1.11.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arglist.Parameter MEDIUM" "memberpress 1.11.27 Reflected.Cross-Site.Scripting.via.message.and.error MEDIUM" "multifox-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multifox-plus 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-the-gathering-card-tooltips 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multi-rating No.known.fix Admin+.Stored.XSS LOW" "multi-rating No.known.fix Unauthenticated.Ratings.Update MEDIUM" "multi-rating 5.0.6 Reflected.XSS HIGH" "multi-rating 5.0.6 Ratings.Deletion.via.CSRF MEDIUM" "mautic-integration-for-woocommerce 1.0.3 Arbitrary.Options.Update.via.CSRF HIGH" "multi-step-form 1.7.24 Missing.Authorization.to.Unauthenticated.Limited.File.Upload MEDIUM" "multi-step-form 1.7.22 Missing.Authorization.via.fw_delete_files MEDIUM" "multi-step-form 1.7.19 Form.Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.17 Admin+.Stored.XSS LOW" "multi-step-form 1.7.13 Form.Update/Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.8 Admin+.Stored.XSS LOW" "multi-step-form 1.2.6 Cross-Site.Scripting.(XSS) MEDIUM" "multi-step-form 1.2.6 Multiple.Unauthenticated.Reflected.XSS MEDIUM" "microblog-poster 1.6.2 Authenticated.Blind.SQL.Injection HIGH" "menukaart 1.4 Reflected.Cross-Site.Scripting MEDIUM" "multi-column-tag-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mctagmap.Shortcode MEDIUM" "multi-column-tag-map 17.0.27 Cross-Site.Request.Forgery MEDIUM" "multi-column-tag-map 17.0.25 Contributor+.Stored.XSS MEDIUM" "mark-new-posts 7.6 Missing.Authorization.via.save_options MEDIUM" "mg-post-contributors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mainwp-piwik-extension 4.0.5 CSRF MEDIUM" "multiple-roles 1.3.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "multiple-roles 1.3.2 Cross-Site.Request.Forgery MEDIUM" "mtouch-quiz No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "mtouch-quiz 3.1.3 Multiple.Vulnerabilities.XSS.&.CSRF MEDIUM" "m-vslider No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "mark-posts 2.2.5 Missing.Authorization MEDIUM" "mark-posts 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "mobile-banner 1.6 CSRF MEDIUM" "mendeleyplugin No.known.fix Admin+.Stored.XSS LOW" "media-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-download 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mimetic-books No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-slider 1.4.0 Missing.Authorization MEDIUM" "mobile-booster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-booster 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "minimal-coming-soon-maintenance-mode 2.39 Missing.Authorization.to.Limited.Settings.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.38 Unauthenticated.Maintenance.Mode.Bypass LOW" "minimal-coming-soon-maintenance-mode 2.35 Multiple.Authenticated.Stored.XSS LOW" "minimal-coming-soon-maintenance-mode 2.15 Insecure.Permissions:.Enable.and.Disable.Maintenance.Mode HIGH" "minimal-coming-soon-maintenance-mode 2.15 CSRF.to.Stored.XSS.and.Setting.Changes HIGH" "minimal-coming-soon-maintenance-mode 2.17 Insecure.permissions:.Export.Settings/Theme.Change MEDIUM" "multilang-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mapplic-lite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "mapplic-lite 1.0.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "magic-fields 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mainwp-google-analytics-extension 4.0.5 Subscriber+.SQLi HIGH" "mainwp-google-analytics-extension 4.0.5 Subscriber+.Settings.Update MEDIUM" "market-exporter 2.0.20 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "market-exporter 2.0.19 Reflected.Cross-Site.Scripting MEDIUM" "market-exporter 2.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mwp-countdown No.known.fix Admin+.SQLi MEDIUM" "mz-mindbody-api 2.8.3 Unauthorised.AJAX.Calls HIGH" "meteor-slides No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides 1.5.7 Contributor+.Stored.XSS MEDIUM" "marmoset-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marmoset-viewer 1.9.3 Reflected.Cross.Site.Scripting HIGH" "mstore-api 4.16.5 Authenticated.(Subscriber+).HTML.File.Upload.(Stored.Cross-Site.Scripting) MEDIUM" "mstore-api 4.15.8 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "mstore-api 4.15.4 Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "mstore-api 4.15.4 Unauthorized.User.Registration HIGH" "mstore-api 4.15.3 Authentication.Bypass.to.Account.Takeover HIGH" "mstore-api 4.15.0 Authentication.Bypass CRITICAL" "mstore-api 4.10.2 Cross-Site.Request.Forgery MEDIUM" "mstore-api 4.0.7 Subscriber+.SQLi HIGH" "mstore-api 4.0.2 Unauthenticated.SQL.Injection CRITICAL" "mstore-api 3.9.8 Unauthenticated.SQL.Injection HIGH" "mstore-api 4.10.8 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.9 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.8 Unauthenticated.Blind.SQLi HIGH" "mstore-api 3.9.7 Subscriber+.Unauthorized.Settings.Update MEDIUM" "mstore-api 3.9.7 Multiple.CSRF MEDIUM" "mstore-api 3.9.3 Authentication.Bypass CRITICAL" "mstore-api 3.9.2 Authentication.Bypass CRITICAL" "mstore-api 3.9.1 Authentication.Bypass CRITICAL" "mstore-api 3.4.5 Unauthenticated.PHP.File.Upload CRITICAL" "mstore-api 3.2.0 Authentication.Bypass.With.Sign.In.With.Apple HIGH" "mstore-api 2.1.6 Unauthenticated.Arbitrary.Account.Creation/Edition HIGH" "mp3-jplayer No.known.fix Multiple.CSRF MEDIUM" "mp3-jplayer 2.5 Full.Path.Disclosure MEDIUM" "mighty-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-login-woocommerce 2.3 Unauthenticated.Privilege.Escalation HIGH" "my-wp-brand 1.1.3 Missing.Authorization MEDIUM" "maintenance-and-noindex-nofollow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "manual-image-crop 1.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "my-reading-library No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "mas-addons-for-elementor 1.1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "mas-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menus-plus No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "maintenance-coming-soon-redirect-animation No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "maintenance-coming-soon-redirect-animation No.known.fix IP.Spoofing.to.Bypass MEDIUM" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Stored.XSS HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Settings.Update MEDIUM" "mainwp-code-snippets-extension 4.0.3 Subscriber+.PHP.Objection.Injection HIGH" "marketo-forms-and-tracking No.known.fix CSRF.to.XSS HIGH" "menu-icons 0.13.14 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "member-database No.known.fix Reflected.XSS HIGH" "mygallery No.known.fix Unauthenticated.File.Inclusion CRITICAL" "magicform No.known.fix WordPress.Form.Builder.<=.1.6.2.-.Missing.Authorization MEDIUM" "magicform No.known.fix Reflected.Cross-Site.Scripting HIGH" "m-chart 1.10 Contributor+.Stored.XSS MEDIUM" "minterpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "meta-tags-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mh-board No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "menu-item-scheduler No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "media-mirror No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "mobile-address-bar-changer No.known.fix Settings.Update.via.CSRF MEDIUM" "meks-easy-ads-widget 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "media-net-ads-manager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "media-file-manager No.known.fix Authenticated.Multiple.Vulnerabilities MEDIUM" "mailchimp-for-wp 4.9.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.9.17 4.9.16.-.Reflected.Cross-Site.Scripting HIGH" "mailchimp-for-wp 4.9.10 Unauthenticated.Unpublished.Form.Preview MEDIUM" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.5 Unauthorised.Actions.via.CSRF MEDIUM" "mailchimp-for-wp 4.8.5 Authenticated.Arbitrary.Redirect MEDIUM" "mailchimp-for-wp 4.1.8 XSS MEDIUM" "mailchimp-for-wp 4.1.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mitm-bug-tracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mins-to-read No.known.fix Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "monitor-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-downloader 0.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "master-popups-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mangboard 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.8.1 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.7.8 Admin+.Stored.XSS LOW" "mangboard 1.8.2 Settings.Update.via.CSRF MEDIUM" "mangboard 1.6.9 SQL.Injection HIGH" "mailclient No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "miniorange-wp-as-saml-idp 1.15.7 Authenticated.(Administrator+).SQL.Injection HIGH" "miniorange-wp-as-saml-idp 1.13.4 Admin+.Stored.Cross-Site.Scripting LOW" "mobile-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-blocks 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "motopress-hotel-booking-lite 4.11.2 Unauthenticated.PHP.Object.Injection CRITICAL" "motopress-hotel-booking-lite 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "motopress-hotel-booking-lite 4.7.0 Settings.Update.via.CSRF MEDIUM" "motopress-hotel-booking 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "menubar 5.9 Cross-Site.Request.Forgery MEDIUM" "menubar 5.8 Reflected.Cross-Site.Scripting MEDIUM" "mindbody-access-management 2.0.9 Unauthorised.AJAX.call MEDIUM" "maan-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "magic-action-box No.known.fix Contributor+.Stored.XSS MEDIUM" "memberpress-downloads 1.2.6 Subscriber+.Arbitrary.File.Upload CRITICAL" "mobile-menu 2.8.5 Missing.Authorization.to._mobmenu_icon.Post.Meta.Modification MEDIUM" "mobile-menu 2.8.4.4 Cross-Site.Request.Forgery MEDIUM" "mobile-menu 2.8.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Alt MEDIUM" "mobile-menu 2.8.4 Reflected.Cross-Site.Scripting MEDIUM" "mobile-menu 2.8.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-menu 2.8.2.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mobile-menu 2.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "metadata-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maximum-products-per-user-for-woocommerce 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "media-modal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mynx-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "morkva-ua-shipping 1.0.20 Unauthenticated.Local.File.Inclusion CRITICAL" "mediavine-control-panel 2.10.5 Contributor+.Stored.XSS MEDIUM" "mycred 2.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_send.Shortcode MEDIUM" "mycred 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_link.Shortcode MEDIUM" "mycred 2.7.4 Missing.Authorization.to.Unauthenticated.Database.Upgrade MEDIUM" "mycred 2.7.3 Unauthenticated.PHP.Object.Injection HIGH" "mycred 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.7.3 Unauthenticated.Information.Exposure MEDIUM" "mycred 2.6.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.6.2 Contributor+.Stored.XSS MEDIUM" "mycred 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.5.1 Cross-Site.Request.Forgery MEDIUM" "mycred 2.4.4.1 Subscriber+.User.E-mail.Addresses.Disclosure MEDIUM" "mycred 2.4.4 Subscriber+.Import/Export.to.Email.Address.Disclosure MEDIUM" "mycred 2.4.4 Subscriber+.Arbitrary.Post.Creation MEDIUM" "mycred 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mycred 2.4 Reflected.Cross-Site.Scripting HIGH" "mycred 2.3 Subscriber+.SQL.Injection HIGH" "mycred 1.7.8 Reflected.Cross-Site.Scripting HIGH" "miniorange-oauth-20-server 4.0.1 Authentication.Bypass CRITICAL" "molie-instructure-canvas-linking-tool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "molie-instructure-canvas-linking-tool No.known.fix Authenticated.SQL.Injection HIGH" "mp-timetable 2.4.14 Admin+.PHP.Object.Injection MEDIUM" "mp-timetable 2.4.12 Authenticated.(Contributor+).SQL.Injection CRITICAL" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Deletion MEDIUM" "mp-timetable 2.4.0 Arbitrary.User's.Hashed.Password/Email/Username.Disclosure MEDIUM" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Update MEDIUM" "mp-timetable 2.3.19 Author+.Stored.Cross-Site.Scripting MEDIUM" "message-ticker 9.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "mts-url-shortener No.known.fix Admin+.Stored.XSS LOW" "mts-url-shortener No.known.fix Reflected.XSS HIGH" "mycurator 3.79 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mycurator 3.77 Reflected.Cross-Site.Scripting MEDIUM" "mycurator 3.75 Cross-Site.Request.Forgery MEDIUM" "my-wp-health-check No.known.fix Cross-Site.Request.Forgery MEDIUM" "mcjh-button-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meinturnierplande-widget-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mainwp-broken-links-checker-extension No.known.fix Unauthenticated.SQLi CRITICAL" "masterstudy-elementor-widgets 1.2.3 Missing.Authorization MEDIUM" "melapress-login-security 1.3.1 Authenticated.(Admin+).Remote.File.Inclusion MEDIUM" "mp3-music-player-by-sonaar 5.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Podcast.RSS.Feed MEDIUM" "mp3-music-player-by-sonaar 5.9 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "mp3-music-player-by-sonaar 5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.0 Unauthenticated.Arbitrary.File.Download MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 4.10.1 Missing.Authorization.to.Template.Import MEDIUM" "mp3-music-player-by-sonaar 2.4.2 Multiple.Admin+.Cross.Site.Scripting LOW" "mollie-payments-for-woocommerce 7.8.0 .Unauthenticated.Full.Path.Disclosure MEDIUM" "mollie-payments-for-woocommerce 7.3.12 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "media-list 1.4.0 Contributor+.Stored.XSS MEDIUM" "media-list 1.4.1 Contributor+.Stored.XSS MEDIUM" "my-favorites 1.4.3 Contributor+.Stored.XSS MEDIUM" "my-favorites No.known.fix Contributor+.Stored.XSS MEDIUM" "mailchimp-subscribe-sm 4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailchimp-subscribe-sm 4.0.9.8 Editor+.Stored.XSS LOW" "mailchimp-subscribe-sm 4.0.9.2 Admin+.Stored.XSS LOW" "multimedial-images No.known.fix Admin+.SQLi MEDIUM" "mihanpanel-lite 12.7 Cross-Site.Request.Forgery MEDIUM" "modal-window 6.1.5 Cross-Site.Request.Forgery.to.Settings.Ipdate MEDIUM" "modal-window 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-window 5.3.10 Modal.Deletion.via.CSRF MEDIUM" "modal-window 5.3.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.2.2 RFI.leading.to.RCE.via.CSRF HIGH" "mainwp-child 5.3 Authentication.Bypass HIGH" "mainwp-child 4.4.1.2 Sensitive.File.Disclosure MEDIUM" "mainwp-child 4.1.8 Admin+.SQL.Injection MEDIUM" "modula-best-grid-gallery 2.11.11 Author+.Arbitrary.File.Upload HIGH" "modula-best-grid-gallery 2.7.5 Incomplete.Authorization.via.'save_image'.and.'save_images' LOW" "modula-best-grid-gallery 2.6.91 Unauthenticated.Troubleshooting.Settings.Update MEDIUM" "modula-best-grid-gallery 2.6.7 Reflected.Cross-Site.Scripting MEDIUM" "modula-best-grid-gallery 2.2.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mlr-audio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mm-breaking-news No.known.fix Stored.XSS.via.CSRF HIGH" "mm-breaking-news No.known.fix Reflected.XSS MEDIUM" "mage-eventpress 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 4.2.2 Authenticated.(Contributor+).Local.File.Inclusion CRITICAL" "mage-eventpress 4.1.2 Authenticated.(Contributor+).PHP.Object.Injection.in.mep_event_meta_save HIGH" "mage-eventpress 3.9.6 Editor+.Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 3.8.7 Admin+.Stored.XSS LOW" "mage-eventpress 3.7.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "mage-eventpress 3.8.0 Contributor+.Stored.XSS MEDIUM" "mage-eventpress 3.5.8 Contributor+.SQL.Injection HIGH" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Elementor.Template.Import MEDIUM" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Options.Reset HIGH" "my-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "material-design-icons-for-elementor 1.4.3 Contributor+.Stored.XSS MEDIUM" "material-design-icons-for-elementor 1.4.3 Settings.Update.via.CSRF MEDIUM" "my-calendar 3.4.24 Authenticated.Stored.XSS MEDIUM" "my-calendar 3.4.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "my-calendar 3.4.22 Unauthenticated.SQL.Injection CRITICAL" "my-calendar 3.4.4 Cross-Site.Request.Forgery MEDIUM" "my-calendar 3.3.25 Event/Location.Deletion.via.CSRF MEDIUM" "my-calendar 3.2.18 Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "my-calendar 3.1.10 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mindvalley-pagemash No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "my-wp-translate 1.0.4 CSRF.&.XSS HIGH" "microcopy No.known.fix Authenticated.SQL.Injection MEDIUM" "mortgage-calculators-wp 1.60 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-calculators-wp 1.56 Admin+.Stored.Cross-Site.Scripting LOW" "mind-doodle-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "miniorange-2-factor-authentication 5.6.6 Missing.Authorization.to.Plugin.Settings.Change HIGH" "miniorange-2-factor-authentication 5.6.2 Subscriber+.Settings.Update MEDIUM" "miniorange-2-factor-authentication 5.5.75 Reflected.Cross-Site.Scripting MEDIUM" "miniorange-2-factor-authentication 5.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-2-factor-authentication 5.5 Unauthenticated.Arbitrary.Options.Deletion CRITICAL" "miniorange-2-factor-authentication 5.4.40 Reflected.Cross-Site.Scripting HIGH" "makecommerce 3.5.2 Reflected.Cross-Site.Scripting MEDIUM" "miguras-divi-maker No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "miniorange-discord-integration 2.1.6 Subscriber+.App.Disabling MEDIUM" "metronet-profile-picture 2.6.2 Authenticated.(Author+).Insecure.Direct.Object.Reference.to.Profile.Picture.Update MEDIUM" "metronet-profile-picture 2.6.0 Arbitrary.User.Picture.Change/Deletion.via.IDOR MEDIUM" "metronet-profile-picture 2.5.0 Sensitive.Information.Disclosure MEDIUM" "multi-page-toolkit No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "mollie-forms 2.6.14 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization MEDIUM" "mollie-forms 2.6.4 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "mipl-wc-multisite-sync 1.1.6 Unauthenticated.Arbitrary.File.Download HIGH" "meta-box 5.9.11 Missing.Authorization.to.Information.Exposure MEDIUM" "meta-box 5.9.4 Contributor+.Arbitrary.Posts'.Custom.Field.Disclosure LOW" "meta-box 5.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-box 4.16.3 Unauthorised.File.Deletion MEDIUM" "meta-box 4.16.2 Mishandled.Uploaded.Files HIGH" "metorik-helper 1.7.2 Cross-Site.Request.Forgery MEDIUM" "material-design-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mdi-icon.Shortcode MEDIUM" "members-list 4.3.7 Reflected.Cross-Site.Scripting MEDIUM" "membersonic-lite 1.302 Authentication.Bypass CRITICAL" "material-design-for-contact-form-7 No.known.fix Subscriber+.Arbitrary.Settings.Update.leading.to.DoS MEDIUM" "material-design-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mediabay-lite No.known.fix Missing.Authorization.via.AJAC.actions MEDIUM" "mediabay-lite No.known.fix Editor+.Stored.XSS MEDIUM" "mshop-mysite 1.1.8 Subscriber+.Settings.Update MEDIUM" "mass-delete-unused-tags 3.0.0 Tags.Deletion.via.CSRF MEDIUM" "mercadolibre-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mail-masta No.known.fix Multiple.SQL.Injection CRITICAL" "mail-masta No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "media-category-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "map-block-gutenberg 1.32 Unauthorised.Google.API.Key.change MEDIUM" "menu-image 3.11 Admin+.Stored.XSS LOW" "menu-image 3.10 Reflected.Cross-Site.Scripting MEDIUM" "menu-image 3.0.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "menu-image 3.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-auctions-allegro-free-edition 3.6.19 Reflected.Cross-Site.Scripting MEDIUM" "my-auctions-allegro-free-edition 3.6.18 Reflected.Cross-Site.Scripting MEDIUM" "mtphr-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiparcels-shipping-for-woocommerce 1.16.9 Cross-Site.Request.Forgery MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.2 Arbitrary.Shipment.Deletion.via.CSRF MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.14.14 Subscriber+.Arbitrary.Shipment.Deletion MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.14.15 Subscriber+.SQLi HIGH" "mailin 3.1.88 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.83 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.78 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.78 Reflected.XSS HIGH" "mailin 3.1.61 Reflected.XSS HIGH" "mailin 3.1.31 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.25 Reflected.XSS HIGH" "miniorange-openid-connect-client 2.1.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "marquee-style-rss-news-ticker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Schema.Meta.Shortcode MEDIUM" "mediavine-create 1.9.5 Unauthenticated.SQLi HIGH" "maanstore-api No.known.fix Authentication.Bypass CRITICAL" "mini-loops No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-slider-and-carousel-with-lightbox 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mailmunch 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.3 Settings.Update.via.CSRF MEDIUM" "maintenance-switch No.known.fix Theme.Files.Creation/Deletion.via.CSRF MEDIUM" "maintenance-switch No.known.fix Reflected.XSS HIGH" "miniorange-login-with-eve-online-google-facebook 6.26.4 Authentication.Bypass HIGH" "miniorange-login-with-eve-online-google-facebook 6.23.4 Improper.Authentication HIGH" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).<.6.24.2.-.IdP.Discard.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).Free.<.6.24.2.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.22.6 Authentication.Bypass CRITICAL" "miniorange-login-with-eve-online-google-facebook 6.20.3 Reflected.Cross-Site.Scripting.via.appId HIGH" "menu-swapper 1.1.1 Cross-Site.Request.Forgery MEDIUM" "menu-swapper 1.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moveto No.known.fix Missing.Authorization.to.Unauthenticated.Options.Update CRITICAL" "moveto No.known.fix Unauthenticated.Directory.Traversal.to.Arbitrary.File.Deletion CRITICAL" "moveto No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "moveto No.known.fix Unauthenticated.SQL.Injection CRITICAL" "multiple-image-uploads-with-preview-for-wpforms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "music-store 1.1.14 WordPress.eCommerce.<.1.1.14.-.Authenticated.(Admin+).SQL.Injection CRITICAL" "music-store 1.0.43 Cross-Site.Scripting.(XSS) MEDIUM" "my-shortcodes No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "mailchimp-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-wp 2.5.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.Form.Color.Parameters MEDIUM" "mailchimp-wp 2.5.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mybb-cross-poster No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-limit-login-attempts 4.0.72 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-limit-login-attempts 4.0.50 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "music-request-manager No.known.fix Unauthenticated.Stored.XSS MEDIUM" "music-request-manager No.known.fix Stored.XSS.via.CSRF HIGH" "music-request-manager No.known.fix Reflected.XSS MEDIUM" "min-and-max-purchase-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mainwp 5.0 Cross-Site.Request.Forgery.via.posting_bulk MEDIUM" "mainwp 4.4.3.4 Authenticated.(Administrator+).SQL.Injection HIGH" "mainwp 4.5.1.3 Authenticated(Administrator+).CSS.Injection LOW" "mailoptin 1.2.70.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailoptin 1.2.54.1 Admin+.Stored.XSS LOW" "mailoptin 1.2.50.0 Unauthenticated.Campaign.Cache.Deletion MEDIUM" "mailoptin 1.2.35.2 Unauthorised.AJAX.Call MEDIUM" "memeone No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "marketing-and-seo-booster No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "myagileprivacy 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.vis.Shortcode MEDIUM" "meks-themeforest-smart-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mastercurrency-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Currency.Converter.Form.Shortcode MEDIUM" "mhr-custom-anti-copy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "monetize No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "mindmeister-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiline-files-for-contact-form-7 2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Deactivation MEDIUM" "make-paths-relative No.known.fix Settings.Update.via.CSRF MEDIUM" "mailarchiver 2.11.0 Unauthenticated.Stored.XSS HIGH" "maz-loader 1.4.1 Arbitrary.Loader.Deletion.via.CSRF MEDIUM" "maz-loader 1.3.3 Contributor+.SQL.Injection HIGH" "mailster 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "mailster 4.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "mailster 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "mailster 2.4.9 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "menu-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "media-file-organizer No.known.fix Directory.Traversal MEDIUM" "momoyoga-integration 2.8.0 Contributor+.Stored.XSS MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.7.5 Information.Exposure.via.ma_debug MEDIUM" "molongui-authorship 4.7.4 Missing.Authorization MEDIUM" "molongui-authorship 4.6.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.6.20 Reflected.XSS HIGH" "mobile-app-editor 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mobile-app-editor 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "meeting-scheduler-by-vcita 4.5.2 Cross-Site.Request.Forgery MEDIUM" "meeting-scheduler-by-vcita 4.5.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.5 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.3.3 Reflected.XSS HIGH" "meeting-scheduler-by-vcita 4.3.1 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "meeting-scheduler-by-vcita 4.3.0 Subscriber+.Denial.of.Service.by.account.logout MEDIUM" "meeting-scheduler-by-vcita 4.5 Subscriber+.Settings.Update.&.Stored.XSS MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Unauthenticated.Stored.XSS CRITICAL" "meeting-scheduler-by-vcita 4.5.2 Denial.of.Service.via.CSRF MEDIUM" "mailchimp-forms-by-mailmunch 3.2.4 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-forms-by-mailmunch 3.2.2 Cross-Site.Request.Forgery MEDIUM" "mailchimp-forms-by-mailmunch 3.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "mailchimp-forms-by-mailmunch 3.1.5 Arbitrary.Actions.via.CSRF MEDIUM" "meetup No.known.fix Authentication.Bypass CRITICAL" "mypixs No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "mwb-point-of-sale-pos-for-woocommerce 1.0.1 CSRF.Bypass./.Unauthorised.AJAX.Call MEDIUM" "mdc-comment-toolbar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mapster-wp-maps 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapster-wp-maps 1.6.0 Incorrect.Authorization.to.Authenticated.(Contributor+).Arbitrary.Options.Update HIGH" "mapster-wp-maps 1.2.39 Contributor+.Stored.XSS MEDIUM" "mapster-wp-maps 1.2.36 Reflected.Cross-Site.Scripting MEDIUM" "muzaara-adwords-optimize-dashboard No.known.fix Information.Exposure MEDIUM" "media-file-renamer 5.7.8 Admin+.Remote.Code.Execution MEDIUM" "media-file-renamer 5.7.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "media-file-renamer 5.2.7 Auto.&.Manual.Rename.<.5.2.7.-.Media.Title/Filename/Locking.State.Update.via.CSRF MEDIUM" "mojoplug-slide-panel No.known.fix Admin+.Stored.XSS LOW" "modern-events-calendar-lite 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar-lite 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "modern-events-calendar-lite 7.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.XSS LOW" "modern-events-calendar-lite 6.3.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 6.4.7 Reflected.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.4.0 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "modern-events-calendar-lite 6.2.0 Subscriber+.Category.Add.Leading.to.Stored.XSS MEDIUM" "modern-events-calendar-lite 6.1.5 Reflected.Cross-Site.Scripting HIGH" "modern-events-calendar-lite 6.1.5 Unauthenticated.Blind.SQL.Injection HIGH" "modern-events-calendar-lite 5.22.3 Authenticated.Stored.Cross.Site.Scripting LOW" "modern-events-calendar-lite 5.22.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 5.16.6 Authenticated.SQL.Injection CRITICAL" "modern-events-calendar-lite 5.16.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "modern-events-calendar-lite 5.16.5 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "modern-events-calendar-lite 5.16.5 Unauthenticated.Events.Export MEDIUM" "modern-events-calendar-lite 5.1.7 Multiple.Subscriber+.Stored.XSS MEDIUM" "more-from-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miniorange-oauth-oidc-single-sign-on 38.4.9 SSO.(OAuth.Client).Premium.<.38.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 48.4.9 SSO.(OAuth.Client).Enterprise.<.48.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 28.4.9 SSO.(OAuth.Client).Standard.<.28.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "mega-elements-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "mega-elements-addons-for-elementor 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marker-io 1.1.9 Cross-Site.Request.Forgery MEDIUM" "marker-io 1.1.7 Cross-Site.Request.Forgery MEDIUM" "mainwp-child-reports 2.2.1 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "mainwp-child-reports 2.2 Cross-Site.Request.Forgery MEDIUM" "mainwp-child-reports 2.0.8 Admin+.SQL.Injection MEDIUM" "microkids-related-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "mx-time-zone-clocks 3.4.1 Contributor+.Cross-Site.Scripting MEDIUM" "media-tags No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "multiple-pages-generator-by-porthas 4.0.6 Authenticated.(Editor+).Server-Side.Request.Forgery.via.fileUrl MEDIUM" "multiple-pages-generator-by-porthas 4.0.3 Authenticated.(Editor+).Directory.Traversal.to.Limited.File.Deletion LOW" "multiple-pages-generator-by-porthas 4.0.2 Missing.Authorization MEDIUM" "multiple-pages-generator-by-porthas 3.4.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Cross-Site.Request.Forgery MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Missing.Authorization.via.mpg_get_log_by_project_id MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Authenticated.(Editor+).Remote.Code.Execution HIGH" "multiple-pages-generator-by-porthas 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "multiple-pages-generator-by-porthas 3.3.20 SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.3.18 Admin+.SQLi MEDIUM" "multiple-pages-generator-by-porthas 3.3.18 SQLi.via.CSRF LOW" "multiple-pages-generator-by-porthas 3.3.10 MPG.<.3.3.10.-.Multiple.CSRF MEDIUM" "my-account-page-editor 1.3.2 Subscriber+.Arbitrary.File.Upload CRITICAL" "mailup-auto-subscribtion 1.2.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mapifylite-master 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "masjidal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "metform 3.3.0 Unauthenticated.Double-Extension.Arbitrary.File.Upload HIGH" "metform 3.8.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "metform 3.8.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "metform 3.8.6 Contributor+.Stored.XSS MEDIUM" "metform 3.8.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "metform 3.8.2 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.2 Authenticated.(Subscriber+).Information.Disclosure.via.'mf_first_name'.shortcode MEDIUM" "metform 3.3.3 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.1 Multiple.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "metform 3.3.1 Unauthenticated.CSV.Injection HIGH" "metform 3.3.2 Multiple.Subscriber+.Sensitive.Information.Disclosure.Issues MEDIUM" "metform 3.3.2 Unauthenticated.Permalink.Structure.Update MEDIUM" "metform 3.2.2 reCaptcha.Bypass MEDIUM" "metform 3.2.0 Unauthenticated.Stored.XSS HIGH" "metform 2.1.4 Unauthenticated.API.keys.and.Secrets.Disclosure HIGH" "master-elements No.known.fix Unauthenticated.SQLi CRITICAL" "misiek-paypal No.known.fix Stored.XSS.via.CSRF HIGH" "mwp-herd-effect 6.2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "mwp-herd-effect 5.2.7 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.4 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.3 Admin+.Stored.XSS LOW" "mwp-herd-effect 5.2.2 Reflected.XSS MEDIUM" "mwp-herd-effect 5.2.1 Admin+.LFI MEDIUM" "media-library-plus 8.2.4 Missing.Authorization.on.Various.Functions MEDIUM" "media-library-plus 8.2.3 Authenticated.(Subscriber+).Second-Order.SQL.Injection CRITICAL" "media-library-plus 8.2.1 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "media-library-plus 8.1.9 Authenticated.(Author+).Directory.Traversal MEDIUM" "media-library-plus 8.1.8 Authenticated.(Author+).SQL.Injection CRITICAL" "media-library-plus 7.1.2 Plugin.Reset.via.CSRF MEDIUM" "multilanguage 1.2.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "membership-simplified-for-oap-members-only No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "musicbox No.known.fix Reflected.XSS HIGH" "modern-designs-for-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-designs-for-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mystickyelements 2.1.4 Unauthenticated.Unauthorised.Action MEDIUM" "mystickyelements 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "mystickyelements 2.0.9 Admin+.SQLi MEDIUM" "mystickyelements 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mfolio-lite 1.2.2 Missing.Authorization.to.Authenticated.(Author+).File.Upload.via.EXE.and.SVG.Files CRITICAL" "master-slider 3.10.5 Editor+.Stored.XSS LOW" "master-slider 3.10.0 CSRF.to.slider.deletion MEDIUM" "master-slider 3.10.5 Reflected.Cross-Site.Scripting HIGH" "master-slider 3.10.0 Contributor+.Stored.XSS.via.ms_layer.Shortcode MEDIUM" "master-slider 3.9.10 Responsive.Touch.Slider.<.3.9.10.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.7 Unauthenticated.PHP.Object.Injection CRITICAL" "master-slider 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Editor+.Stored.XSS.via.slider.callback LOW" "master-slider 3.10.0 Sliders.Deletion.via.CSRF MEDIUM" "master-slider 3.10.0 Contributor+.Stored.XSS MEDIUM" "master-slider 3.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "master-slider 2.8.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "master-slider 2.5.2 Authenticated.Blind.SQL.Injection CRITICAL" "minify-html-markup 2.1.11 -.Regular.Expressions.Denial.of.Service MEDIUM" "minify-html-markup 2.1.8 Settings.Update.via.CSRF MEDIUM" "moolamojo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moloni 4.8.0 Reflected.Cross-Site.Scripting MEDIUM" "mortgage-loan-calculator 1.5.17 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mighty-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meks-video-importer 1.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).API.Keys.Modification MEDIUM" "meks-video-importer No.known.fix Missing.Authorization MEDIUM" "msync No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "masy-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "more-link-modifier No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "magic-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "most-and-least-read-posts-widget 2.5.19 Cross-Site.Request.Forgery.via.most_and_least_read_posts_options MEDIUM" "most-and-least-read-posts-widget 2.5.17 Authenticated(Contributor+).SQL.Injection.via.Widget.settings HIGH" "mailcwp 1.110 Unauthenticated.Arbitrary.File.Upload CRITICAL" "mediamatic No.known.fix Cross-Site.Request.Forgery MEDIUM" "mediamatic 2.8.1 Subscriber+.SQL.Injection HIGH" "manage-user-columns 1.0.6 Cross-Site.Request.Forgery MEDIUM" "magic-post-thumbnail 5.2.10 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 5.2.8 Admin+.Stored.XSS LOW" "magic-post-thumbnail 4.1.13 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 4.1.11 Reflected.XSS HIGH" "magic-post-thumbnail 3.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-post-thumbnail 3.3.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Text.Color LOW" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Button.Width LOW" "maxbuttons 9.8.0 Full.Path.Disclosure MEDIUM" "maxbuttons 9.7.8 Editor+.Stored.XSS LOW" "maxbuttons 9.7.7 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.7.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "maxbuttons 9.6 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "maxbuttons 9.3 Admin+.Stored.Cross-Site.Scripting LOW" "maxbuttons 6.19 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "master-addons 2.0.6.8 Free.Widgets,.Hover.Effects,.Toggle,.Conditions,.Animations.for.Elementor.<.2.0.6.8.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.Module MEDIUM" "master-addons No.known.fix Author+.Stored.XSS MEDIUM" "master-addons 2.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.data-jltma-wrapper-link.Element MEDIUM" "master-addons 2.0.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.via.Navigation.Menu.Widget HIGH" "master-addons 2.0.6.2 Missing.Authorization.to.MA.Template.Creation.or.Modification MEDIUM" "master-addons 2.0.5.6 Missing.Authorization.via.get_jltma_save_menuitem_settings() MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.5.6 Missing.Authorization.on.Duplicate.Post MEDIUM" "master-addons 2.0.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "master-addons 2.0.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.4 Contributor+.Stored.XSS MEDIUM" "master-addons 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "master-addons 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-addons 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "mailpoet 5.3.2 Admin+.Stored.XSS LOW" "mailpoet 3.23.2 Reflected.Cross-Site.Scripting.Issue HIGH" "materialis-companion 1.3.42 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.materialis_contact_form.Shortcode MEDIUM" "materialis-companion 1.3.40 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mobile-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ms-reviews No.known.fix Subscriber+.Stored.XSS HIGH" "moving-users 1.10 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "media-hygiene 3.0.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "magic-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mfplugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "moceanapi-sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multiple-post-passwords 1.1.2 Admin+.Stored.XSS LOW" "mage-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-dialog 3.5.15 Reflected.XSS HIGH" "modal-dialog 3.5.10 Admin+.Stored.XSS LOW" "mobile-kiosk No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "modal-popup-box 1.5.3 Authenticated.(Contributor+).PHP.Object.Injection.in.awl_modal_popup_box_shortcode HIGH" "mail-boxes-etc 2.2.1 Information.Exposure MEDIUM" "mail-boxes-etc 2.2.1 Cross-Site.Request.Forgery MEDIUM" "mail-boxes-etc 2.3.0 Reflected.XSS HIGH" "mail-integration-365 1.9.1 Reflected.XSS HIGH" "m-wp-popup No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "m-wp-popup 1.3.1 Unauthenticated.Denial.of.Service HIGH" "medical-addon-for-elementor 1.6.3 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "medical-addon-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "my-geo-posts-free No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "move-addons 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "move-addons 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "move-addons 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.0 Missing.Authorization MEDIUM" "move-addons 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "masterslider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "masterslider No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "masterslider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilevel-referral-plugin-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilevel-referral-plugin-for-woocommerce 2.23 Reflected.Cross-Site.Scripting MEDIUM" "momo-venmo 4.2 Reflected.Cross-Site.Scripting MEDIUM" "mycryptocheckout 2.126 CSRF MEDIUM" "mycryptocheckout 2.124 Reflected.XSS HIGH" "media-library-tools 1.5.0 Author+.Stored.XSS.via.SVG MEDIUM" "mas-static-content 1.0.9 Authenticated.(Contributor+).Private.Static.Content.Page.Disclosure MEDIUM" "mashsharer No.known.fix Missing.Authorization MEDIUM" "mashsharer 3.8.7 Contributor+.Stored.XSS MEDIUM" "mashsharer 3.8.5 Admin+.Stored.Cross-Site.Scripting LOW" "ml-slider 3.70.1 Contributor+.Stored.Cross-Site.Scripting.via.metaslider.Shortcode MEDIUM" "ml-slider 3.29.1 Reflected.XSS HIGH" "ml-slider 3.27.9 Admin+.Stored.Cross.Site.Scripting LOW" "ml-slider 3.17.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "menu-manager-ultra 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "master-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "min-and-max-quantity-for-woocommerce 2.1.0 Missing.Authorization MEDIUM" "min-and-max-quantity-for-woocommerce 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "memphis-documents-library 3.1.6 Arbitrary.File.Download CRITICAL" "movie-database No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "moova-for-woocommerce 3.8 Reflected.Cross-Site.Scripting HIGH" "mail-picker 1.0.15 Unauthenticated.PHP.Object.Injection CRITICAL" "mail-picker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "miniorange-malware-protection 4.7.3 Unauthenticated.Privilege.Escalation CRITICAL" "miniorange-malware-protection 4.7.3 Admin+.SQLi MEDIUM" "miniorange-malware-protection 4.7.2 IP.Spoofing MEDIUM" "miniorange-malware-protection 4.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "mobile-app-builder-by-wappress No.known.fix Unauthenticated.File.Upload CRITICAL" "microsoft-clarity 0.9.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microsoft-clarity 0.4 Admin+.Stored.Cross-Site.Scripting LOW" "member-access No.known.fix Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "map-store-location No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "mime-types-extended No.known.fix Author+.Stored.XSS.via.SVG.Upload MEDIUM" "multi-scheduler No.known.fix Arbitrary.Record.Deletion.via.CSRF HIGH" "mooberry-book-manager 4.15.13 Unauthenticated.Information.Exposure.via.Export.Files MEDIUM" "multisafepay 4.16.0 Unauthenticated.Arbitrary.File.Access HIGH" "morpheus-slider No.known.fix Authenticated.SQL.Injection MEDIUM" "mycss No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "monkee-boy-wp-essentials No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "multiple-admin-emails No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multiple-shipping-address-woocommerce 2.0 Unauthenticated.SQLi HIGH" "multiplayer-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "map-multi-marker No.known.fix Reflected.Cross-Site.Scripting HIGH" "metrika No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "masterbip-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "magical-addons-for-elementor 1.2.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.1.40 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Effect.Widget MEDIUM" "mytube No.known.fix Reflected.Cross-Site.Scripting.via.addplaylistid MEDIUM" "modern-addons-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-addons-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "marketking-multivendor-marketplace-for-woocommerce 2.0.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "marketking-multivendor-marketplace-for-woocommerce 2.0.25 Missing.Authorization MEDIUM" "myorderdesk 3.3.0 Contributor+.Stored.XSS MEDIUM" "mailchimp-top-bar 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "migrate-users No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "mobile-browser-color-select No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "mass-custom-fields-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "maxslider 1.2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "maxgalleria 6.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.maxgallery_thumb.Shortcode MEDIUM" "maxgalleria 6.4.3 Missing.Authorization MEDIUM" "maxgalleria 6.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "martins-link-network 1.2.30 Reflected.XSS HIGH" "md-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mihdan-yandex-turbo-feed 1.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "meta-tag-manager No.known.fix Missing.Authorization MEDIUM" "meta-tag-manager 3.1 Subscriber+.PHP.Object.Injection HIGH" "meta-tag-manager 2.1 Reflected.Cross-Site.Scripting MEDIUM" "mshop-npay 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mnp_purchase.Shortcode MEDIUM" "motor-racing-league No.known.fix Admin+.XSS LOW" "moreads-se 1.4.7 XSS MEDIUM" "megamenu 3.3.1 Missing.Authorization MEDIUM" "megamenu 2.4 Authenticated.XSS MEDIUM" "my-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "manage-notification-emails 1.8.6 Missing.Authorization MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "master-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "membership-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "magic-login-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "motors-car-dealership-classified-listings 1.4.44 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.Custom.Title MEDIUM" "motors-car-dealership-classified-listings 1.4.11 Missing.Authorization MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Unauthenticated.SSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Reflected.XSS HIGH" "motors-car-dealership-classified-listings 1.4.5 CSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.4 Car.Dealer,.Classifieds.&.Listing.<.1.4.4.-.Arbitrary.File.Upload CRITICAL" "motors-car-dealership-classified-listings 1.4.1 Multiple.Issues MEDIUM" "magazine-blocks 1.3.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mihdan-no-external-links 5.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "markdown-on-save-improved 2.5.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mpoperationlogs No.known.fix Unauthenticated.Stored.XSS HIGH" "myshopkit-popup-smartbar-slidein No.known.fix .Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mass-messaging-in-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "minical No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mt-addons-for-elementor 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multiple-votes-in-one-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "minimum-purchase-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "mrkwp-footer-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mrkwp-footer-for-divi No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "max-addons-pro-bricks 1.6.2 Missing.Authorization MEDIUM" "max-addons-pro-bricks 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "menu-ordering-reservations 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.3.7 Reflected.XSS HIGH" "menu-ordering-reservations 2.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "menu-ordering-reservations 2.3.1 Unauthorised.AJAX.Calls MEDIUM" "menu-ordering-reservations 2.3.2 Multiple.CSRF MEDIUM" "mainwp-maintenance-extension 4.1.2 Subscriber+.SQL.Injection.(SQLi) HIGH" "my-instagram-feed 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "my-instagram-feed 3.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mw-wp-form 5.1.0 Editor+.Stored.XSS MEDIUM" "mw-wp-form 5.0.4 Improper.Limitation.of.File.Name.to.Unauthenticated.Arbitrary.File.Deletion HIGH" "mw-wp-form 5.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "mw-wp-form 5.0.0 Missing.Authorization MEDIUM" "mw-wp-form 4.4.3 Unauthenticated.Path.Traversal MEDIUM" "mmt-eventon-exim-lite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "mapsvg 6.2.20 Unauthenticated.SQLi HIGH" "multicons 3.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "modify-comment-fields 1.04 Reflected.Cross-Site.Scripting MEDIUM" "mystickymenu 2.7.3 Admin+.Stored.XSS LOW" "mystickymenu 2.7.2 Admin+.Stored.XSS LOW" "mystickymenu 2.6.8 Admin+.Stored.XSS LOW" "mystickymenu 2.6.7 CSV.Export.via.CSRF.to.Sensitive.Information.Disclosure LOW" "mystickymenu 2.6.5 Subscriber+.Arbitrary.Form.Leads.Deletion MEDIUM" "mystickymenu 2.5.2 Authenticated.Stored.XSS MEDIUM" "maintenance 4.03 Authenticated.Stored.XSS MEDIUM" "meks-flexible-shortcodes 1.3.5 Contributor+.Stored.XSS MEDIUM" "mdr-webmaster-tools No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'marketplace'.Shortcode MEDIUM" "multilist-subscribe-for-sendy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "multilist-subscribe-for-sendy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "mass-email-to-users 1.1.5 Reflected.XSS HIGH" "mesmerize-companion 1.6.149 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mesmerize_contact_form.Shortcode MEDIUM" "mesmerize-companion 1.6.135 Contributor+.Stored.XSS MEDIUM" "macme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mshop-naver-talktalk 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mshop-naver-talktalk 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.add_plus_friends.and.add_plus_talk.Shortcodes MEDIUM" "meta-data-filter 2.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "media-element-html5-video-and-audio-player No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "my-wp 1.24.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mwp-forms No.known.fix Admin+.SQL.Injection HIGH" "mousewheel-smooth-scroll 5.7 Plugin's.Setting.Update.via.CSRF MEDIUM" "media-alt-renamer No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via._wp_attachment_image_alt.postmeta MEDIUM" "mycred-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "makestories-helper 3.0.4 Authenticated.(Subscriber+).Arbitrary.File.Download.and.Server-Side.Request.Forgery MEDIUM" "makestories-helper 3.0.3 Settings.Update.via.CSRF MEDIUM" "member-hero No.known.fix Unauthenticated.RCE CRITICAL" "manycontacts-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-waze No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "moceansms-order-sms-notification-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mww-disclaimer-buttons 3.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce 3.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "myweather No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "my-wp-responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mantenimiento-web 0.14 Stored.XSS.via.CSRF MEDIUM" "mantenimiento-web 0.14 Admin+.Stored.XSS LOW" "map-location-picker-at-checkout-for-woocommerce 1.9.0 Missing.Authorization.via.checkout_map_rules_order_ajax_handler MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mybb-last-topics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "media-library-helper 1.3.0 Cross-Site.Request.Forgery MEDIUM" "mappress-google-maps-for-wordpress 2.94.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Map.Block MEDIUM" "mappress-google-maps-for-wordpress 2.93 Admin+.Stored.XSS.via.Map.Settings LOW" "mappress-google-maps-for-wordpress 2.88.17 Contributor+.Stored.XSS.via.Map.Settings MEDIUM" "mappress-google-maps-for-wordpress 2.88.15 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.16 Unauthenticated.Arbitrary.Private/Draft.Post.Disclosure MEDIUM" "mappress-google-maps-for-wordpress 2.88.14 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.5 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.85.5 Contributor+.SQL.Injection MEDIUM" "mappress-google-maps-for-wordpress 2.73.13 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "mappress-google-maps-for-wordpress 2.73.4 Reflected.Cross-Site.scripting MEDIUM" "mappress-google-maps-for-wordpress 2.54.6 Improper.Capability.Checks.in.AJAX.Calls CRITICAL" "mappress-google-maps-for-wordpress 2.53.9 Remote.Code.Execution.(RCE).due.to.Incorrect.Access.Control.in.AJAX.Actions CRITICAL" "mappress-google-maps-for-wordpress 2.53.9 Authenticated.Map.Creation/Deletion.Leading.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "manage-shipyaari-shipping No.known.fix Admin+.Stored.XSS LOW" "modern-footnotes 1.4.17 Contributor+.Stored.XSS MEDIUM" "modern-footnotes 1.4.16 Admin+.Stored.XSS LOW" "machic-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "multipurpose-block 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "multipurpose-block 1.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "matrix-pre-loader No.known.fix Cross-Site.Request.Forgery MEDIUM" "msstiger No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.5.4 Cross-Site.Request.Forgery MEDIUM" "mybooktable 3.5.0 Stored.XSS.via.CSRF MEDIUM" "mybooktable 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.3.5 API.Key.Update.via.CSRF MEDIUM" "media-from-ftp 11.17 Author+.Arbitrary.File.Access CRITICAL" "media-from-ftp 9.85 Authenticated.Directory.Traversal MEDIUM" "mabel-shoppable-images-lite 1.2.4 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "mail-control 0.3.0 Reflected.Cross-Site.Scripting MEDIUM" "mail-control 0.3.2 Unauthenticated.Stored.XSS.via.Email.Subject HIGH" "mq-woocommerce-products-price-bulk-edit No.known.fix XSS MEDIUM" "mas-wp-job-manager-company 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "multi-gallery No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "meow-gallery 5.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meow-gallery 4.2.0 Unauthorised.Arbitrary.Options.Update.via.REST.API HIGH" "meow-gallery 4.1.9 Contributor+.SQL.Injection HIGH" "multisite-post-duplicator 1.1.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "manager-for-icomoon 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "manager-for-icomoon 2.2 Contributor+.Stored.XSS MEDIUM" "marquee-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-custom-css No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "machform-shortcode 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "meks-smart-social-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "meks-smart-social-widget 1.6.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "miniorange-google-authenticator 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-google-authenticator 1.0.5 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "members 3.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "masterstudy-lms-learning-management-system 3.3.24 Privilege.Escalation.to.Instructor MEDIUM" "masterstudy-lms-learning-management-system 3.2.2 Cross-Site.Request.Forgery MEDIUM" "masterstudy-lms-learning-management-system 3.2.13 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.9 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.4 Unauthenticated.Local.File.Inclusion.via.template CRITICAL" "masterstudy-lms-learning-management-system 3.3.1 Unauthenticated.Local.File.Inclusion.via.modal CRITICAL" "masterstudy-lms-learning-management-system 3.3.2 Unauthenticated.Privilege.Escalation HIGH" "masterstudy-lms-learning-management-system 3.3.0 Missing.Authorization.to.Sensitive.Information.Exposure.in.search_posts MEDIUM" "masterstudy-lms-learning-management-system 3.2.11 Basic.Information.Exposure.via.REST.route MEDIUM" "masterstudy-lms-learning-management-system 3.2.6 Unauthenticated.SQL.Injection CRITICAL" "masterstudy-lms-learning-management-system 3.0.18 Unauthenticated.Instructor.Account.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Contributor+.Stored.XSS MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Subscriber+.Course.Category.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.7.6 Unauthenticated.Admin.Account.Creation CRITICAL" "membership-for-woocommerce 2.1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "meks-easy-social-share 1.2.8 Admin+.Stored.Cross-Site.Scripting LOW" "mybookprogress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.book.Parameter MEDIUM" "mg-parallax-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mailtree-log-mail 1.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "multiple-domain 1.0.3 XSS.in.Canonical/Alternate.Tags LOW" "motopress-slider-lite No.known.fix Subscriber+.Stored.Cross-Site.Scripting CRITICAL" "motopress-slider-lite No.known.fix Reflected.Cross-Site.Scripting HIGH" "media-cleaner 6.7.3 Unauthenticated.Information.Exposure MEDIUM" "monarch 1.2.7 Privilege.Escalation HIGH" "my-wish-list 1.4.2 Multiple.Parameter.XSS MEDIUM" "mobile-events-manager 1.4.8 Admin+.CSV.Injection LOW" "mobile-events-manager 1.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "my-chatbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-chatbot No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "mapsvg-lite-interactive-vector-maps 3.3.0 Cross-Site.Request.Forgery.(CSRF) HIGH" "mega-forms 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "mega-forms 1.2.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "multi-day-booking-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "memberful-wp 1.74.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "memberful-wp 1.73.8 Authenticated.(contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "newsletter-by-supsystic 1.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "nelio-content 3.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "newsletters-lite 4.9.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.newsletters_video.Shortcode MEDIUM" "newsletters-lite 4.9.9.2 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.3 Authenticated.Privilege.Escalation HIGH" "newsletters-lite 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "newsletters-lite 4.9.8 Cross-Site.Request.Forgery MEDIUM" "newsletters-lite 4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.6 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "newsletters-lite 4.9.6 Information.Exposure.via.Log.files MEDIUM" "newsletters-lite 4.9.3 Admin+.Command.Injection MEDIUM" "newsletters-lite 4.6.19 Multiple.Issues HIGH" "newsletters-lite 4.6.8.6 PHP.Object.Injection CRITICAL" "nitropack 1.17.6 Subscriber+.Limited.Options.Update HIGH" "nitropack 1.17.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Transient.Update MEDIUM" "nitropack 1.16.8 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "nitropack 1.10.3 Multiple.CSRF MEDIUM" "nitropack 1.10.0 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "ni-woocommerce-sales-report 3.7.4 Subscriber+.Sale.&.Order.Reports.Access MEDIUM" "n-media-woocommerce-checkout-fields 18.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "new-album-gallery 1.5.8 Missing.Authorization MEDIUM" "new-album-gallery 1.5.0 Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.5 Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "namaste-lms 2.6.3 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.1.2 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.4 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.2 Admin+.Stored.XSS LOW" "newsletter-popup No.known.fix List.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsletter-popup No.known.fix Admin+.Stored.XSS LOW" "newsletter-popup No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Record.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "nifty-coming-soon-and-under-construction-page 1.58 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "neon-text 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nix-anti-spam-light No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "nd-restaurant-reservations No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 2.0 Directory.Traversal.to.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nd-restaurant-reservations 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 1.5 Unauthenticated.Options.Change CRITICAL" "notifyvisitors-lead-form No.known.fix Admin+.Stored.XSS LOW" "ninja-tables 5.0.17 Admin+.Stored.XSS LOW" "ninja-tables 5.0.13 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ninja-tables 5.0.10 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "ninja-tables 5.0.7 Contributor+.Table.Data.Access LOW" "ninja-tables 4.3.5 Admin+.Stored.XSS LOW" "ninja-tables 4.1.8 Admin+.Stored.Cross-Site.Cross-Site.Scripting LOW" "nextcart-woocommerce-migration 3.9.4 Reflected.Cross-Site.Scripting MEDIUM" "netforum-directory-with-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "netforum-directory-with-importer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "notification 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "notification 8.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "newsplugin 1.1.0 CSRF.to.Stored.Cross-Site.Scripting HIGH" "new-contact-form-widget 1.4.3 Cross-Site.Request.Forgery MEDIUM" "new-contact-form-widget 1.4.0 Sensitive.Information.Exposure MEDIUM" "ninja-forms 3.8.25 Contributor+.Stored.XSS MEDIUM" "ninja-forms 3.8.23 Subscriber+.Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.20 Unauthenticated.Stored.XSS.via.Form.Calculations HIGH" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.16 Reflected.Self-Based.Cross-Site.Scripting.via.Referer MEDIUM" "ninja-forms 3.8.12 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.11 Reflected.XSS HIGH" "ninja-forms 3.8.7 Cross-Site.Request.Forgery MEDIUM" "ninja-forms 3.8.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.1 Author+.Stored.XSS LOW" "ninja-forms 3.8.1 Publicly.Accessible.Form.Submission.Export.via.CSRF MEDIUM" "ninja-forms 3.7.2 Unauthenticated.Second.Order.SQL.Injection MEDIUM" "ninja-forms 3.6.34 Admin+.Stored.XSS NONE" "ninja-forms 3.6.26 Admin+.Stored.HTML.Injection NONE" "ninja-forms 3.6.26 Subscriber+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.26 Reflected.Cross-Site.Scripting HIGH" "ninja-forms 3.6.26 Contributor+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.25 Admin+.Arbitrary.File.Deletion LOW" "ninja-forms 3.6.22 Reflected.XSS HIGH" "ninja-forms 3.6.13 Admin+.PHP.Objection.Injection MEDIUM" "ninja-forms 3.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting.via.Import LOW" "ninja-forms 3.6.8-wp Unauthenticated.Email.Address.Disclosure MEDIUM" "ninja-forms 3.6.4 Admin+.SQL.Injection MEDIUM" "ninja-forms 3.5.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.5.8 Unprotected.REST-API.to.Sensitive.Information.Disclosure MEDIUM" "ninja-forms 3.5.8 Unprotected.REST-API.to.Email.Injection MEDIUM" "ninja-forms 3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.34.1 Authenticated.OAuth.Connection.Key.Disclosure HIGH" "ninja-forms 3.4.34 CSRF.to.OAuth.Service.Disconnection MEDIUM" "ninja-forms 3.4.34 Authenticated.SendWP.Plugin.Installation.and.Client.Secret.Key.Disclosure CRITICAL" "ninja-forms 3.4.34 Administrator.Open.Redirect MEDIUM" "ninja-forms 3.4.27.1 CSRF.leading.to.Arbitrary.Plugin.Installation HIGH" "ninja-forms 3.4.27.1 Validation.Bypass.via.Email.Field MEDIUM" "ninja-forms 3.4.28 Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.24.2 CSRF.to.Stored.XSS HIGH" "ninja-forms 3.4.23 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ninja-forms 3.3.21.3 XSS.and.SQLi CRITICAL" "ninja-forms 3.3.21.2 SQL.Injection MEDIUM" "ninja-forms 3.3.19.1 Authenticated.Open.Redirect MEDIUM" "ninja-forms 3.3.18 Unauthenticated.Cross-Site.Scripting.(XSS) HIGH" "ninja-forms 3.3.14 Cross-Site.Scripting.(XSS).in.Import.Function CRITICAL" "ninja-forms 3.3.14 CSV.Injection HIGH" "ninja-forms 3.3.9 Insufficient.Restrictions.during.Export.Personal.Data.requests MEDIUM" "ninja-forms 3.2.15 Parameter.Tampering MEDIUM" "ninja-forms 3.2.14 Cross-Site.Scripting.(XSS) CRITICAL" "nite-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notify-odoo 1.0.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "netgsm 2.9.33 Missing.Authorization MEDIUM" "netgsm 2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "nopeamedia 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-learning 5.0 Admin+.Stored.Cross-Site.Scripting LOW" "nd-learning 4.8 Unauthenticated.Options.Change MEDIUM" "nextcellent-gallery-nextgen-legacy No.known.fix Admin+.Stored.XSS LOW" "nmedia-user-file-uploader 22.8 Sensitive.Information.Exposure.via.user.uploads MEDIUM" "nmedia-user-file-uploader 22.7 Editor+.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 21.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.4 File.Upload.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.3 Unauthenticated.File.Renaming CRITICAL" "nmedia-user-file-uploader 21.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 18.3 Privilege.Escalation MEDIUM" "nmedia-user-file-uploader 18.3 Authenticated.Arbitrary.Settings.Change.to.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 18.3 Unauthenticated.Post.Meta.Change.to.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Content.Injection.and.Stored.XSS HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "nmedia-user-file-uploader 18.3 Unauthenticated.HTML.Injection MEDIUM" "ni-woocommerce-custom-order-status 1.9.7 Subscriber+.SQL.Injection HIGH" "netreviews 2.3.15 Admin+.Stored.XSS LOW" "nudgify 1.3.4 Cross-Site.Request.Forgery.via.sync_orders_manually() MEDIUM" "nmr-strava-activities 1.0.8 Contributor+.Stored.XSS MEDIUM" "novo-map No.known.fix CSRF MEDIUM" "ninja-forms-uploads 3.3.18 Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "ninja-forms-uploads 3.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ninja-forms-uploads 3.3.13 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ninja-forms-uploads 3.0.23 Unauthenticated.Arbitrary.File.Upload HIGH" "navayan-csv-export No.known.fix Unauthenticated.SQL.Injection CRITICAL" "nex-forms 7.8.8 Authentication.Bypass.for.PDF.Reports MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.Excel.Reports MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.Directory.Deletion MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "newspack-blocks 3.0.9 Missing.Authorization MEDIUM" "newspack-blocks 3.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "notification-for-telegram 3.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Send.Telegram.Test.Message MEDIUM" "notification-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nd-donations No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-donations No.known.fix Unauthenticated.SQLi HIGH" "nd-donations 1.4 Unauthenticated.Options.Change MEDIUM" "nofollow-jquery-links 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "nofollow-jquery-links 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "naver-blog-api No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "news-element 1.0.6 Unauthenticated.LFI HIGH" "narnoo-commerce-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ninjalibs-ses No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newsletter2go No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Style.Reset MEDIUM" "newsletter2go No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.style MEDIUM" "new-photo-gallery 1.4.3 Contributor+.PHP.Object.Injection.via.Shortcode MEDIUM" "nv-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nv-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-elements 2.2 Authenticated.(Contributor+).Local.File.Inclusion.via.Multiple.Widget.Attributes HIGH" "nexter-extension 2.0.4 Reflected.XSS HIGH" "nexter-extension 2.0.4 Authenticated(Editor+).Remote.Code.Execution.via.metabox HIGH" "nlinks No.known.fix Authenticated.SQL.Injection HIGH" "news-ticker-widget-for-elementor 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "new-order-notification-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "nd-booking 3.3 Contributor+.Stored.XSS MEDIUM" "nd-booking 2.5 Unauthenticated.Options.Change MEDIUM" "newsletter-image-generator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "new-adman No.known.fix Admin+.Stored.XSS LOW" "new-adman No.known.fix Settings.Update.via.CSRF MEDIUM" "nextgen-gallery 3.59.9 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "nextgen-gallery 3.59.5 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.59.3 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "nextgen-gallery 3.39 Admin+.Local.File.Inclusion MEDIUM" "nextgen-gallery 3.39 Admin+.Arbitrary.File.Read.and.Delete MEDIUM" "nextgen-gallery 3.39 Admin+.PHAR.Deserialization HIGH" "nextgen-gallery 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.29 Thumbnail.Deletion.via.CSRF MEDIUM" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload HIGH" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload,.Stored.XSS,.and.RCE CRITICAL" "nextgen-gallery 3.2.11 SQL.Injection CRITICAL" "nextgen-gallery 3.1.7 Subscriber+.Arbitrary.Option.Update CRITICAL" "nextgen-gallery 3.1.6 Authenticated.PHP.Object.Injection HIGH" "nextgen-gallery 2.2.50 Galley.Paths.Not.Secured HIGH" "nextgen-gallery 2.2.45 Cross-Site.Scripting.(XSS) MEDIUM" "nextgen-gallery 2.1.79 Unauthenticated.SQL.Injection HIGH" "nextgen-gallery 2.1.57 Authenticated.Local.File.Inclusion.(LFI).&.SQLi CRITICAL" "nextgen-gallery 2.1.15 Unrestricted.File.Upload HIGH" "nextgen-gallery 2.1.10 Multiple.XSS MEDIUM" "nextgen-gallery 2.1.9 Authenticated.Path.Traversal MEDIUM" "nextgen-gallery 2.1.15 Path.Traversal MEDIUM" "nextgen-gallery 2.0.77.3 CSRF.&.Arbitrary.File.Upload HIGH" "nextgen-gallery 2.0.0 gallerypath.Parameter.Stored.XSS HIGH" "nextgen-gallery 2.0.0 Full.Path.Disclosure CRITICAL" "nps-computy 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "nps-computy 2.7.6 Admin+.Stored.XSS LOW" "nps-computy 2.7.6 Results.Deletion.via.CSRF MEDIUM" "network-summary No.known.fix Unauthenticated.SQL.Injection CRITICAL" "nofollow-links 1.0.11 Cross-Site.Scripting.(XSS) MEDIUM" "naver-map No.known.fix Contributor+.Stored.XSS MEDIUM" "ninjafirewall 4.3.4 Authenticated.(admin+).PHAR.Deserialization LOW" "nuajik-cdn No.known.fix Admin+.Stored.XSS LOW" "nd-travel No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-travel 1.7 Unauthenticated.Options.Change MEDIUM" "newspack-content-converter 1.0.0 Missing.Authorization MEDIUM" "no-bot-registration 2.0 Cross-Site.Request.Forgery MEDIUM" "nabz-image-gallery No.known.fix Unauthenticated.SQL.Injection CRITICAL" "new-video-gallery 1.5.4 Missing.Authorization MEDIUM" "no-external-links No.known.fix Admin+.Stored.XSS LOW" "news-ticker-for-elementor No.known.fix Missing.Authorization MEDIUM" "noted-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "noted-pro No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "new-royalslider 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "no-api-amazon-affiliate 4.4.0 Admin+.Stored.XSS LOW" "notibar 2.1.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.njt_nofi_text MEDIUM" "notibar 2.1.5 Missing.Authorization.via.ajax_install_plugin MEDIUM" "note-press No.known.fix Admin+.SQLi.via.id MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Bulk.Actions MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Update MEDIUM" "note-press 0.1.2 SQL.Injection CRITICAL" "noveldesign-store-directory No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "nextgen-gallery-sell-photo No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "no-future-posts No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "naver-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nice-paypal-button-lite No.known.fix CSRF MEDIUM" "ni-woocommerce-cost-of-goods No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "ninja-beaver-lite-addons-for-beaver-builder No.known.fix .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widgets MEDIUM" "nicejob 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.7.2 Contributor+.Stored.XSS MEDIUM" "nicejob 3.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.6.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "neuvoo-jobroll No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "new-year-firework No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "new-image-gallery 1.4.6 Missing.Authorization MEDIUM" "notice-faq No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notice-board No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nicebackgrounds No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "nacc-wordpress-plugin 4.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-optin-box 3.4.3 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "newsletter-optin-box 1.6.5 Open.Redirect MEDIUM" "nelio-ab-testing 4.6.4 CSRF HIGH" "nelio-ab-testing 4.5.11 SSRF CRITICAL" "nelio-ab-testing 4.5.9 Server.Side.Request.Forgery.(SSRF) CRITICAL" "nelio-ab-testing 4.5.0 Path.Traversal MEDIUM" "nafeza-prayer-time No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ns-coupon-to-become-customer No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.7.16 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.4 Reflected.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.restore_records() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_read() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_starred() MEDIUM" "nex-forms-express-wp-form-builder 8.5.5 Cross-Site.Request.Forgery MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.4.4 Authenticated.Stored.XSS LOW" "nex-forms-express-wp-form-builder 8.4 Admin+.SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.3.3 Contributor+.Stored.XSS MEDIUM" "nex-forms-express-wp-form-builder 7.9.7 Authenticated.SQLi MEDIUM" "nex-forms-express-wp-form-builder 8.4.3 Stored.Cross-Site.Scripting.via.CSRF HIGH" "nex-forms-express-wp-form-builder 7.8 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "nex-forms-express-wp-form-builder 4.6.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "newsticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ni-woocommerce-order-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "neon-product-designer-for-woocommerce No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ni-woocommerce-product-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsletter-manager No.known.fix Unauthenticated.Insecure.Deserialisation HIGH" "newsletter-manager 1.5 Unauthenticated.Open.Redirect MEDIUM" "newsletter-manager 1.0.2 Cross-Site.Request.Forgery MEDIUM" "newsletter-manager 1.0.2 Authenticated.Reflected.Cross.Site.Scripting HIGH" "night-mode 1.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "nktagcloud No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ni-crm-lead No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ni-crm-lead No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "navz-photo-gallery 2.7 Missing.Authorization MEDIUM" "navz-photo-gallery 2.0 Subscriber+.UserMeta.Update MEDIUM" "navz-photo-gallery 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "next-order-coupon-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "next-order-coupon-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "next-order-coupon-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nias-course No.known.fix Contributor+.Stored.XSS MEDIUM" "ninja-job-board 1.3.3 Resume.Disclosure.via.Directory.Listing MEDIUM" "nativery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletter 8.3.5 Unauthenticated.Stored.Cross-Site.Scripting.via.np1 MEDIUM" "newsletter 8.2.1 IP.Spoofing MEDIUM" "newsletter 7.9.0 Contributor+.Stored.XSS MEDIUM" "newsletter 7.6.9 Reflected.XSS HIGH" "newsletter 7.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "newsletter 7.4.5 Reflected.Cross-Site.Scripting LOW" "newsletter 6.8.2 Authenticated.PHP.Object.Injection MEDIUM" "newsletter 6.8.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 6.7.7 Authenticated.Stored.Cross-Site.Scripting LOW" "newsletter 6.5.4 CSV.Injection LOW" "newsletter 3.8.3 Open.Redirect LOW" "newsletter 3.2.7 Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 3.0.9 SQL.Injection MEDIUM" "nichetable 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "nichetable 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nm-visitors No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.HTTP.Header HIGH" "nooz 1.7.0 Admin+.Stored.XSS LOW" "ni-purchase-orderpo-for-woocommerce 1.2.2 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "nitek-carousel-cool-transitions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nitek-carousel-cool-transitions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nitek-carousel-cool-transitions No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "notices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newstatpress 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "newstatpress 1.2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 SQL.Injection CRITICAL" "newstatpress 1.0.4 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.1 SQL.Injection CRITICAL" "newsletter-bulk-email No.known.fix Contributor+.Stored.XSS MEDIUM" "novelist 1.2.3 Cross-Site.Request.Forgery MEDIUM" "novelist 1.2.1 Admin+.Stored.XSS MEDIUM" "nirweb-support No.known.fix Missing.Authorization MEDIUM" "nirweb-support 2.8.2 Unauthenticated.SQLi HIGH" "name-directory 1.29.1 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.27.2 Settings.Update.via.CSRF MEDIUM" "name-directory 1.25.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.4 Arbitrary.Directory/Name.Deletion.via.CSRF MEDIUM" "name-directory 1.25.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.3 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.18 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "news-kit-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "news-kit-elementor-addons 1.2.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Canvas.Menu.Elementor.Template MEDIUM" "nextend-twitter-connect 1.5.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter-api 2.4.6 API.v1.and.v2.addon.for.Newsletter.<.2.4.6.-.Missing.Authorization.to.Email.Subscribers.Management MEDIUM" "newsletter-subscriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects 1.6 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-projects No.known.fix Authenticated.Local.File.Inclusion MEDIUM" "new-user-approve 2.6.4 Missing.Authorization MEDIUM" "new-user-approve 2.5.2 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "new-user-approve 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.4 Arbitrary.Settings.Update.&.Invitation.Code.Creation.via.CSRF MEDIUM" "new-user-approve 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ninja-gdpr-compliance 2.7.2 Missing.Authorization MEDIUM" "ninja-gdpr-compliance 2.7.1 Missing.Authorization.to.Settings.Update.and.Stored.Cross-Site.Scripting MEDIUM" "ninja-gdpr-compliance 2.4 Unauthenticated.PHP.Object.Injection HIGH" "neshan-maps No.known.fix Admin+.SQLi MEDIUM" "narnoo-distributor No.known.fix Unauthenticated.LFI.to.Arbitrary.File.Read./.RCE HIGH" "next-page No.known.fix Admin+.Stored.XSS LOW" "new-user-email-set-up No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "news-wall No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "nextend-smart-slider3-pro 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "nextgen-gallery-geo 2.0.3 Unauthenticated.PHP.Object.Injection MEDIUM" "nextgen-gallery-pro 3.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ns-facebook-pixel-for-wp No.known.fix Admin+.Stored.XSS LOW" "news-announcement-scroll 9.1.0 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "news-announcement-scroll 9.0.0 Admin+.Stored.XSS LOW" "n5-uploadform No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "number-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "number-chat No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ninjateam-telegram 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notice-bar 3.1.1 Contributor+.Stored.XSS MEDIUM" "no-update-nag No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "nimble-portfolio No.known.fix Unauthenticated.Server-Side.Request.Forgery CRITICAL" "notificationx 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.9.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.8.3 Unauthenticated.SQL.Injection CRITICAL" "notificationx 2.3.12 Unauthenticated.SQLi HIGH" "notificationx 2.3.9 Unauthenticated.Blind.SQL.Injection HIGH" "notificationx 1.8.3 Cross-Site.Request.Forgery MEDIUM" "notificationx 1.8.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "notice-board-by-towkir No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nexus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nexus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nexus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nextend-facebook-connect 3.1.13 Reflected.Self-Based.Cross-Site.Scripting.via.error_description MEDIUM" "nova-blocks 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "ntzantispam No.known.fix Settings.Update.via.CSRF HIGH" "nc-wishlist-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "newspack-newsletters 2.13.3 Missing.Authorization MEDIUM" "newspack-newsletters 2.13.3 Cross-Site.Request.Forgery MEDIUM" "nofollow No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nowpayments-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "nugget-by-ingot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nugget-by-ingot No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "nova-poshta-ttn 1.7.49 Reflected.Cross-Site.Scripting MEDIUM" "nextend-social-login-pro 3.1.15 Authentication.Bypass CRITICAL" "ns-woocommerce-watermark No.known.fix Abuse.of.Functionality MEDIUM" "noo-timetable No.known.fix Cross-Site.Request.Forgery MEDIUM" "noo-timetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nokaut-offers-box No.known.fix Admin+.Stored.XSS LOW" "nokaut-offers-box No.known.fix Plugin.Reset.via.CSRF MEDIUM" "newspack-popups 2.31.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "new-grid-gallery 1.4.4 Contributor+.PHP.Object.Injection.via.shortcode MEDIUM" "new-grid-gallery 1.2.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "new-order-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "news-articles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newspack-ads 1.47.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-shortcodes 7.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "nd-shortcodes 7.0 Subscriber+.LFI HIGH" "nd-shortcodes 7.0 Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "nd-shortcodes 6.0 Unauthenticated.WP.Options.Update MEDIUM" "nblocks No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "notifier 2.6.1 Admin+.Stored.XSS LOW" "navigation-menu-as-dropdown-widget 1.3.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "newsmanapp 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nimble-builder 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "norse-runes-oracle 1.4.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "newsletter-page-redirects No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "navigation-du-lapin-blanc No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "omnipress 1.5.0 Contributor+.Stored.XSS MEDIUM" "ootb-openstreetmap 2.8.4 Contributor+.Stored.XSS.via.ootb_query.Shortcode MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "official-saleswizard-crm 1.0.4 Contributor+.Stored.XSS MEDIUM" "onlywire-multi-autosubmitter No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "os-our-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-tracking 3.3.13 Missing.Authorization.via.send_test_email() MEDIUM" "order-tracking 3.3.7 Reflected.Cross-Site.Scripting HIGH" "order-tracking 3.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "olive-one-click-demo-import No.known.fix Unauthenticated.Information.Exposure MEDIUM" "olive-one-click-demo-import 1.1.2 Missing.Authorization MEDIUM" "olive-one-click-demo-import No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "one-click-close-comments No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "order-delivery-date No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date No.known.fix Admin+.Stored.XSS LOW" "order-delivery-date No.known.fix Settings.Update.via.CSRF MEDIUM" "order-hours-scheduler-for-woocommerce 4.3.22 Reflected.Cross-Site.Scripting MEDIUM" "optima-express 7.3.1 Admin+.Stored.XSS LOW" "out-of-stock-display-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "openpgp-form-encryption 1.5.1 Contributor+.Stored.XSS MEDIUM" "oxygen 4.4 CSRF MEDIUM" "optimole-wp 3.13.0 Author+.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "optimole-wp 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "oneclick-whatsapp-order 1.0.5 Admin+.Stored.XSS LOW" "oneclick-whatsapp-order 1.0.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "official-facebook-pixel 3.0.0 PHP.Object.Injection.with.POP.Chain CRITICAL" "official-facebook-pixel 3.0.4 CSRF.to.Stored.XSS.and.Settings.Deletion HIGH" "optinmonster 2.16.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optinmonster 2.16.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "optinmonster 2.12.2 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "optinmonster 2.6.5 Unprotected.REST-API.Endpoints HIGH" "optinmonster 2.6.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "optinmonster 1.1.4.6 Execution.of.Arbitrary.Shortcodes MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Arbitrary.File.Upload MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Subscriber+.Attachment.Deletion MEDIUM" "onwebchat 3.2.0 Live.support.<.3.2.0.-.Cross-Site.Request.Forgery MEDIUM" "out-of-the-box 1.20.3 Reflected.Cross-Site.Scripting MEDIUM" "olevmedia-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "olevmedia-shortcodes 1.1.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "one-click-ssl 1.4.7 Multiple.Issues HIGH" "order-on-chat-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-on-chat-for-woocommerce 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "optio-dentistry 2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ovic-product-bundle No.known.fix Missing.Authorization MEDIUM" "octrace-support No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "octrace-support No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "oss-aliyun 1.4.11 Authenticated.(Administrator+).SQL.Injection CRITICAL" "orbisius-child-theme-creator 1.5.6 Missing.Authorization.to.Authenticated.(Subscriber+).Cloud.Snippet.Update/Delete MEDIUM" "orbisius-child-theme-creator 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "orbisius-child-theme-creator 1.5.2 CSRF.to.Arbitrary.File.Modification/Creation HIGH" "orbisius-child-theme-creator 1.2.8 Arbitrary.File.Write MEDIUM" "one-page-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "one-page-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ocean-extra 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Flickr.Widget MEDIUM" "ocean-extra 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.5 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.2.3 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Activation MEDIUM" "ocean-extra 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 2.1.3 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.1.3 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "ocean-extra 2.1.2 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.0.5 Admin+.PHP.Objection.Injection MEDIUM" "ocean-extra 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 1.9.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ocean-extra 1.6.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ocean-extra 1.5.9 Unauthenticated.Settings.change.and.CSS.injection HIGH" "osm 6.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "osm 6.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.osm_map.and.osm_map_v3.Shortcodes MEDIUM" "osm 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "osm 6.0.4 Contributor+.SQL.Injection MEDIUM" "osm 6.0.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "osm 6.0.3 CSRF MEDIUM" "olimometer 2.57 Unauthenticated.SQL.Injection CRITICAL" "ocim-mp3 No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "open-social No.known.fix Admin+.Stored.XSS LOW" "oauth-client-for-user-authentication 3.0.4 Unauthenticated.Settings.Update.to.Authentication.Bypass CRITICAL" "opal-hotel-room-booking No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optinly 1.0.19 Missing.Authorization MEDIUM" "optinly 1.0.16 CSRF MEDIUM" "oa-social-login 5.10.0 Authentication.Bypass CRITICAL" "olympus-google-fonts 3.7.8 Missing.Authorization MEDIUM" "olympus-google-fonts 3.7.8 Cross-Site.Request.Forgery MEDIUM" "olympus-google-fonts 3.0.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "one-click-plugin-updater No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "offload-videos-bunny-netaws-s3 1.0.1 Offload.Videos.–.Bunny,net,.AWS.S3.<=.1,0,1.Subscriber+.CSRF MEDIUM" "order-auto-complete-for-woocommerce 1.2.1 Admin+.Stored.XSS LOW" "one-user-avatar 2.3.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "one-user-avatar 2.3.7 Avatar.Update.via.CSRF LOW" "oshine-modules 3.3.8 Unauthenticated.Server-Side.Request.Forgery HIGH" "order-import-export-for-woocommerce 2.5.0 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "order-import-export-for-woocommerce 2.4.4 Shop.Manager+.Arbitrary.File.Upload HIGH" "overlay-image-divi-module 1.5 Reflected.Cross-Site.Scripting MEDIUM" "overlay-image-divi-module 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "openbook-book-data No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "otp-login No.known.fix Authentication.Bypass.via.Weak.OTP HIGH" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "online-lesson-booking-system 0.8.7 CSRF.&.XSS HIGH" "ovic-import-demo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "opentracker-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "orbisius-simple-notice 1.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "open-graphite 1.6.1 Reflected.Cross-Site.Scripting HIGH" "oik 4.12.1 Cross-Site.Request.Forgery MEDIUM" "oik 4.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bw_button.Shortcode MEDIUM" "oik 4.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "one-page-express-companion 1.6.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.one_page_express_contact_form.Shortcode MEDIUM" "opal-estate No.known.fix Cross-Site.Request.Forgery MEDIUM" "opal-estate No.known.fix CSRF.Bypass MEDIUM" "opal-estate No.known.fix Missing.Authorization MEDIUM" "owl-carousel No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "oxygenbuilder 4.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stylesheet.Update MEDIUM" "oxygenbuilder 4.8.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "oxygenbuilder 4.8.1 Contributor+.Stored.XSS MEDIUM" "outdooractive-embed 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "opengraph 1.11.3 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "owm-weather 5.6.12 Post.Duplication.via.CSRF MEDIUM" "owm-weather 5.6.9 Contributor+.SQLi HIGH" "outbound-link-manager No.known.fix Settings.Update.via.CSRF MEDIUM" "oauth2-provider 4.4.0 Open.Redirect MEDIUM" "oauth2-provider 4.2.5 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "oauth2-provider 4.3.0 Subscriber+.Arbitrary.Client.Deletion MEDIUM" "oauth2-provider 3.4.2 Client.Secret.Regeneration.via.CSRF MEDIUM" "oauth2-provider 4.2.2 Admin+.Stored.XSS LOW" "oauth2-provider 3.1.5 Insecure.Pseudor&om.Number.Generation CRITICAL" "optin-forms 1.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "optin-forms 1.3.3 Admin+.Stored.XSS LOW" "onlyoffice 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oopspam-anti-spam 1.1.45 Cross-Site.Request.Forgery MEDIUM" "oopspam-anti-spam 1.1.36 Admin+.Stored.XSS LOW" "official-mailerlite-sign-up-forms 1.7.7 1.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 Missing.Authorization MEDIUM" "official-mailerlite-sign-up-forms 1.5.8 Signup.forms.(official).<.1.5.8.-.API.Key.Update.via.CSRF MEDIUM" "official-mailerlite-sign-up-forms 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.4.5 Multiple.CSRF.Issues HIGH" "official-mailerlite-sign-up-forms 1.4.4 Unauthenticated.SQL.Injection CRITICAL" "open-rdw-kenteken-voertuiginformatie 2.1.0 Reflected.XSS HIGH" "omnisend-connect 1.14.4 Cross-Site.Request.Forgery MEDIUM" "omnisend-connect 1.13.9 Sensitive.Information.Exposure MEDIUM" "otter-pro 2.6.12 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "otter-pro 2.6.4 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "otter-pro 2.6.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.File.Field.CSS MEDIUM" "order-picking-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "os-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-redirects-for-woocommerce 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "orange-form No.known.fix Unauthenticated.Arbitrary.Post.Deletion CRITICAL" "orange-form No.known.fix SQL.Injection.via.CSRF HIGH" "otp-easy-login-with-mocean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "off-canvas-sidebars 0.5.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "opal-woo-custom-product-variation 1.1.4 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "order-notification-for-telegram No.known.fix Missing.Authorization.to.Unauthenticated.Send.Telegram.Test.Message MEDIUM" "opal-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oneelements-ultimate-addons-for-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "obfuscate-email No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "option-tree 2.7.3 Object.Injection.Bypass CRITICAL" "option-tree 2.7.0 PHP.Object.Injection CRITICAL" "option-tree 2.6.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "option-tree 2.5.4 XSS MEDIUM" "oembed-gist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "onesignal-free-web-push-notifications 1.17.8 Stored.XSS MEDIUM" "oauth2-server No.known.fix Authentication.Bypass MEDIUM" "osd-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "od-photogallery-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ops-robots-txt 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "open-external-links-in-a-new-window 1.43 Tabnabbing LOW" "open-external-links-in-a-new-window 1.43 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "opcache No.known.fix Reflected.XSS HIGH" "opencart-product-in-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "open-user-map 1.3.27 Admin+.Stored.XSS LOW" "open-user-map 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "open-user-map 1.2.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "osm-map-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "oliver-pos 2.4.1.9 Cross-Site.Request.Forgery MEDIUM" "oliver-pos 2.4.2.1 Subscriber+.Unauthorized.AJAX.Calls MEDIUM" "order-audit-log-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "openid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "otter-blocks 3.0.7 Unauthetnicated.Path.Traversal.to.Arbitrary.Image.View MEDIUM" "otter-blocks 3.0.4 Gutenberg.Block.<.3.0.4.-.Missing.Authorization MEDIUM" "otter-blocks 3.0.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "otter-blocks 2.6.10 Contributor+.Stored.XSS.via.titleTag MEDIUM" "otter-blocks 2.6.9 Contributor+.Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "otter-blocks 2.6.9 Author+.Stored.XSS.via.SVG.Upload MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "otter-blocks 2.2.6 Gutenberg.Blocks.<.2.2.6.-.Author+.PHAR.Deserialization MEDIUM" "opencart-product-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "osmapper No.known.fix Unauthenticated.Arbitrary.Post.Deletion HIGH" "order-attachments-for-woocommerce 2.5.0 2.4.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "options-for-twenty-seventeen 2.5.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "organization-chart 1.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.title_input.and.node_description.Parameters MEDIUM" "organization-chart 1.4.5 Multiple.CSRF MEDIUM" "organization-chart 1.4.5 Admin+.Stored.XSS LOW" "og-tags 2.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "open-graph-metabox No.known.fix CSRF MEDIUM" "opal-estate-pro No.known.fix Contributor+.Stored.XSS MEDIUM" "office-locator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "oauth-client 1.11.4 Authenticated.Bypass CRITICAL" "out-of-stock-badge No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "order-your-posts-manually No.known.fix Reflected.XSS HIGH" "order-your-posts-manually No.known.fix Admin+.SQLi MEDIUM" "oz-canonical No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ovic-vc-addon No.known.fix Missing.Authorization MEDIUM" "ovic-vc-addon 1.2.9 Subscriber+.Option.Update HIGH" "onlyoffice-docspace 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date-for-woocommerce 3.21.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "order-delivery-date-for-woocommerce 3.20.1 Reflected.XSS HIGH" "one-click-demo-import 3.2.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "one-click-demo-import 3.1.0 Admin+.Arbitrary.File.Upload MEDIUM" "opal-membership No.known.fix Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "opal-membership No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "one-click-order-reorder 1.1.10 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "official-statcounter-plugin-for-wordpress 2.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "olympus-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "official-sendle-shipping-method 5.18 Reflected.XSS HIGH" "oauth-twitter-feed-for-developers No.known.fix Admin+.Stored.XSS LOW" "olivewp-companion No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "orangebox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "onelogin-saml-sso 2.4.3 Signature.Wrapping HIGH" "original-texts-yandex-webmaster No.known.fix Cross-Site.Request.Forgery MEDIUM" "order-tip-woo 1.4.0 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "only-tweet-like-share-and-google-1 No.known.fix Admin+.Stored.XSS LOW" "onclick-show-popup 6.6 Admin+.Stored.XSS LOW" "opensea No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opensea 1.0.3 Admin+.Stored.XSS MEDIUM" "opensea 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "oi-yamaps No.known.fix Contributor+.Stored.XSS MEDIUM" "ovic-addon-toolkit No.known.fix Missing.Authorization MEDIUM" "opti-marketing 2.0.10 Unauthenticated.SQLi HIGH" "opt-in-hound No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "one-click-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "oxyextras 1.4.5 Unauthenticated.Cross-Site.Scripting MEDIUM" "order-status-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "os-bxslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "opening-hours 1.47 Admin+.Stored.XSS LOW" "opening-hours 1.46 Cross-Site.Request.Forgery MEDIUM" "opening-hours 1.45 Missing.Authorization MEDIUM" "opening-hours 1.42 Admin+.Stored.Cross-Site.Scripting LOW" "opening-hours 1.38 Admin+.Stored.XSS LOW" "ota-sync-booking-engine-widget 1.3.0 Settings.Update.via.CSRF MEDIUM" "order-delivery-pickup-location-date-time-free-version No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "order-export-and-more-for-woocommerce 3.25 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "order-export-and-more-for-woocommerce 3.24 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "popup-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.woot_get_smth HIGH" "profit-products-tables-for-woocommerce 1.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.woot_button.Shortcode MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.4 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.3 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Cross-Site.Request.Forgery MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "profit-products-tables-for-woocommerce 1.0.5 Reflected.Cross-Site-Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "postlists No.known.fix Reflected.XSS MEDIUM" "paid-membership 2.9.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-membership 1.9.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "posts-date-ranges No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "php-to-page No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion.to.Remote.Code.Execution.via.Shortcode CRITICAL" "photo-feed No.known.fix Reflected.XSS HIGH" "product-configurator-for-woocommerce 1.2.32 Unauthenticated.Arbitrary.File.Deletion HIGH" "png-to-jpg 4.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "page-loading-effects 3.0.0 Admin+.Stored.XSS LOW" "postpage-import-export-with-custom-fields-taxonomies 2.0.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "pro-links-maintainer-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pro-links-maintainer-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "peters-login-redirect 3.0.0.5 Reflected.Cross-Site.Scripting HIGH" "peters-login-redirect 2.9.2 Multiple.CSRF HIGH" "peters-login-redirect 2.9.1 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "print-page 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premium-addons-for-elementor 4.10.57 Missing.Authorization LOW" "premium-addons-for-elementor 4.10.61 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Video.Box.Widget MEDIUM" "premium-addons-for-elementor 4.10.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Media.Grid.Widget MEDIUM" "premium-addons-for-elementor 4.10.39 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion.and.Arbitrary.Title.Update MEDIUM" "premium-addons-for-elementor 4.10.37 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.36 Regular.Expressions.Denial.of.Service LOW" "premium-addons-for-elementor 4.10.36 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "premium-addons-for-elementor 4.10.34 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Global.Tooltip MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.31 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.26 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.28 Contributor+.Stored.Cross-Site.Scripting.via.Button MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Contributor+.Stored.Cross-Site.Scripting.via.Wrapper.Link.Widget MEDIUM" "premium-addons-for-elementor 4.10.23 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "premium-addons-for-elementor 4.10.24 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.22 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.5.2 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "premium-addons-for-elementor 4.2.8 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "phonetrack-meu-site-manager No.known.fix Authenticated.Stored.XSS MEDIUM" "pretty-url No.known.fix Cross-Site.Request.Forgery MEDIUM" "pretty-url No.known.fix Admin+.Stored.XSS.in.plugin.settings LOW" "photoxhibit No.known.fix Reflected.XSS.Issues MEDIUM" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Cross-Site.Request.Forgery MEDIUM" "play-ht No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "pdf-thumbnail-generator 1.4 Reflected.Cross-Site.Scripting MEDIUM" "posturinn 1.3.3 Reflected.XSS HIGH" "permalink-manager-pro 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "prevent-content-copy-image-save No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "product-blocks 3.1.5 PHP.Object.Injection.via.wopb_wishlist.and.wopb_compare CRITICAL" "product-blocks 3.0.0 Missing.Authorization.via.option_data_save MEDIUM" "pricing-table-by-supsystic 1.9.13 Admin+.Content.Injection LOW" "pricing-table-by-supsystic 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.9 Authenticated.SQL.Injections CRITICAL" "pricing-table-by-supsystic 1.9.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.2 Insecure.Permissions.on.AJAX.Actions HIGH" "pricing-table-by-supsystic 1.8.1 Cross-Site.Request.Forgery.to.XSS.and.Setting.Changes HIGH" "pricing-table-by-supsystic 1.8.2 Unauthenticated.Stored.XSS HIGH" "pdf24-post-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "pdf-builder-for-wpforms 1.2.117 Unauthenticated.Full.Path.Disclosure MEDIUM" "pdf-builder-for-wpforms 1.2.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "precious-metals-chart-and-widgets 1.2.9 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "print-my-blog 3.27.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "print-my-blog 3.26.3 Missing.Authorization MEDIUM" "print-my-blog 3.25.2 Reflected.Cross-Site.Scripting MEDIUM" "print-my-blog 3.11.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "print-my-blog 3.4.2 Plugin.Deactivation.via.CSRF MEDIUM" "print-my-blog 1.6.6 Unauthenticated.Server.Side.Request.Forgery.(SSRF) CRITICAL" "pure-css-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-image-watermark-for-woo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "price-calculator-to-your-website No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "publish-to-schedule 4.5.5 Admin+.Stored.XSS LOW" "pro-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photoswipe-masonry 1.2.15 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "plugin-notes-plus 1.2.8 Authenticated.(Subscriber+).Arbitrary.Note.Deletion MEDIUM" "plugin-notes-plus 1.2.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "poeditor 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "poeditor 0.9.5 CSRF MEDIUM" "poeditor 0.9.8 Settings.Reset.via.CSRF MEDIUM" "permalinks-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pdf-image-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perfect-woocommerce-brands 2.0.5 Subscriber+.Arbitrary.Brand.Creation MEDIUM" "perfect-woocommerce-brands 2.0.5 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "post-plugin-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "portfolio-gallery 2.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pocket-widget No.known.fix Admin+.Stored.XSS LOW" "popularis-extra 1.2.8 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "popularis-extra 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "pixfields 0.7.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pixfields No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Missing.Authorization.via.showTemplatePreview() MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.via.process.php MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Printer.Settings.Update.via.CSRF MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Unauthenticated.WC.Order.Data.Access MEDIUM" "process-steps-template-designer 1.3 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "posts-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "publishpress 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "publishpress 3.5.1 Reflected.Cross-Site.Scripting HIGH" "pull-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payflex-payment-gateway 2.6.2 Open.Redirect MEDIUM" "payflex-payment-gateway 2.6.0 Missing.Authorization.to.Order.Status.Update MEDIUM" "post-pay-counter 2.790 Reflected.XSS HIGH" "post-pay-counter 2.731 PHP.Obj.Injection.&.Access.Control.Issues CRITICAL" "pressforward 5.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "persian-fonts No.known.fix Admin+.Stored.XSS LOW" "prevent-landscape-rotation 2.1 Settings.Update.via.CSRF MEDIUM" "pepro-ultimate-invoice 2.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pepro-ultimate-invoice 2.0.2 Missing.Authorisation MEDIUM" "pepro-ultimate-invoice 1.9.8 Unauthenticated.Arbitrary.Invoice.Access HIGH" "private-files No.known.fix Protection.Disabling.via.CSRF MEDIUM" "pdf-rechnungsverwaltung No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "phpinfo-wp 6.0 Unauthenticated.Information.Exposure MEDIUM" "progress-bar 2.2.2 Contributor+.Stored.XSS MEDIUM" "pinterest-pin-it-button-on-image-hover-and-post 3.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "php-execution-plugin No.known.fix Settings.Update.via.CSRF HIGH" "projectopia-core 5.1.8 Missing.Authorization.to.Privilege.Escalation.via.pto_reset_password() CRITICAL" "projectopia-core 5.1.5 Reflected.Cross-Site.Scripting MEDIUM" "projectopia-core 5.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf-for-wpforms 4.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.yeepdf_dotab.Shortcode MEDIUM" "pronamic-google-maps 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "porsline No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "payform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "phraseanet-client No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "plerdy-heatmap 1.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "powr-pack 2.2.0 Contributor+.Stored.XSS MEDIUM" "push-notification-for-post-and-buddypress 2.08 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-for-post-and-buddypress 1.9.4 Multiple.Unauthenticated.SQLi HIGH" "post-title-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-content-xmlrpc No.known.fix Admin+.SQL.Injections HIGH" "peoplepond No.known.fix CSRF.to.Stored.XSS HIGH" "post-type-x 1.7.7 Sensitive.Information.Exposure.via.Product.CSV MEDIUM" "post-type-x 1.7.6 Cross-Site.Request.Forgery.via.ic_system_status MEDIUM" "post-type-x 1.7.0 Reflected.XSS HIGH" "post-type-x 1.5.13 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "post-type-x 1.5.13 Cross-Site.Request.Forgery MEDIUM" "participants-database 2.5.9.3 Unauthenticated.PHP.Object.Injection HIGH" "participants-database 2.5.6 Missing.Authorization MEDIUM" "participants-database 1.9.5.6 Authenticated.Time.Based.SQL.Injection HIGH" "participants-database 1.7.5.10 Cross-Site.Scripting MEDIUM" "participants-database 1.5.4.9 Unauthenticated.SQL.Injection CRITICAL" "podpress 8.8.10.17 players/1pixelout/1pixelout_player.swf.playerID.Parameter.XSS MEDIUM" "pagerestrict No.known.fix Unauthenticated.Protected.Post.Access MEDIUM" "pagerestrict No.known.fix Cross-Site.Request.Forgery.via.pr_admin_page MEDIUM" "pricetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-thumbnail-editor No.known.fix Sensitive.Information.Exposure MEDIUM" "producer-retailer No.known.fix Subscriber+.Privilege.Escalation CRITICAL" "publish-confirm-message 2.0 Settings.Update.via.CSRF MEDIUM" "paypal-donations 1.9.9 Admin+.Stored.XSS LOW" "profilepress-pro 4.11.2 Pro.<.4.11.2.-.Authentication.Bypass HIGH" "premmerce-woocommerce-pinterest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-timeline 2.2.6 Reflected.XSS HIGH" "product-lister-walmart No.known.fix Unauthenticated.RCE.via.Outdated.PHPUnit CRITICAL" "product-recommendation-quiz-for-ecommerce 2.1.2 Missing.Authorization.in.prq_set_token MEDIUM" "plugins-list 2.5.1 Admin+.Stored.XSS LOW" "post-ideas No.known.fix Unauthenticated.SQL.Injection HIGH" "price-bands-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "price-bands-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "price-bands-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pastebin-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdfjs-viewer-shortcode 2.2 Arbitrary.JavaScript.Execution MEDIUM" "pdfjs-viewer-shortcode 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "pdfjs-viewer-shortcode 2.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pdf-light-viewer 1.4.12 Authenticated.Command.Injection LOW" "push-notifications-for-wp 6.0.1 Settings.Update.via.CSRF MEDIUM" "pet-manager No.known.fix Contributor+.Stored.XSS MEDIUM" "pet-manager No.known.fix Reflected.XSS HIGH" "pdf-viewer 1.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-carousel-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "post-carousel-divi 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "posttabs No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "product-slider-for-woocommerce-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "product-slider-for-woocommerce-lite 1.1.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "parallax-slider-block 1.2.6 Author+.Stored.XSS MEDIUM" "preloader-for-divi 1.5 Reflected.Cross-Site.Scripting MEDIUM" "preloader-for-divi 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-generator 1.7.2 Authenticated(Administrator+).SQL.Injection MEDIUM" "page-generator 1.6.6 Arbitrary.Keywords.Deletion/Duplication.via.CSRF MEDIUM" "page-generator 1.6.5 Admin+.Stored.Cross-Site.Scripting LOW" "page-generator 1.5.9 Reflected.Cross-Site.Scripting HIGH" "product-delivery-date-for-woocommerce-lite 2.8.1 Lite.<.2.8.1.-.Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.3 Missing.Authorization MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.1 Missing.Authorization MEDIUM" "product-category-tree No.known.fix Reflected.XSS HIGH" "product-category-tree No.known.fix CSRF MEDIUM" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.0 Missing.Authorization MEDIUM" "popup-maker 1.19.1 Admin+.Stored.XSS LOW" "popup-maker 1.19.1 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.18.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.16.11 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Subscription.Form MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "popup-maker 1.16.5 Admin+.Stored.Cross-Site.Scripting LOW" "popup-maker 1.8.13 Multiple.Vulnerabilities CRITICAL" "popup-maker 1.8.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "popup-maker 1.6.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "post-shortcode No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "portable-phpmyadmin No.known.fix /pma/phpinfo.php.Direct.Request.System.Information.Disclosure CRITICAL" "portable-phpmyadmin No.known.fix Multiple.Script.Direct.Request.Authentication.Bypass CRITICAL" "private-only No.known.fix CSRF.&.XSS HIGH" "password-for-wp 1.6 Stored.XSS.via.CSRF HIGH" "protect-your-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "piotnetforms 1.0.29 Unauthenticated.Arbitrary.File.Upload CRITICAL" "piotnetforms 1.0.30 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "piotnetforms No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "preprocess-dezrez No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preprocess-dezrez No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pie-forms-for-wp 1.5 Reflected.Cross-Site.Scripting MEDIUM" "pie-forms-for-wp 1.4.9.4 Admin+.Stored.Cross-Site.Scripting LOW" "provide-forex-signals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-carousel-slider-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "pagebar 2.70 Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Deletion MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.1 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "profilegrid-user-profiles-groups-and-communities 5.8.8 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.3 Bypass.Group.Members.Limit MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.4 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.7 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Unauthenticated.SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.7.3 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.6.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.3 Group.Owner+.Unauthorized.Data.Modification HIGH" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Unauthorized.Data.Modification MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Arbitrary.Option.Update HIGH" "profilegrid-user-profiles-groups-and-communities 5.3.1 Subscriber+.Arbitrary.Password.Reset HIGH" "profilegrid-user-profiles-groups-and-communities 5.1.8 Subscriber+.CSV.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.0.4 Subscriber+.Private.Message.Read/Edition MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 4.7.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 2.8.6 Authenticated.Code.Execution HIGH" "pre-orders-for-woocommerce 1.2.14 Contributor+.Stored.XSS MEDIUM" "peters-custom-anti-spam-image 3.2.4 Cross-Site.Request.Forgery.via.cas_register_post.Function MEDIUM" "peters-custom-anti-spam-image 3.2.3 Reflected.XSS HIGH" "pmpro-register-helper 1.8.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-page-notes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "page-list 5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-list 5.3 Contributor+.Stored.XSS MEDIUM" "paytium 4.4.12 Unauthenticated.Full.Path.Disclosure MEDIUM" "paytium 4.4.11 Missing.Authorization MEDIUM" "paytium 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "paytium 4.3.7 Admin+.Stored.XSS LOW" "paytium 3.1.2 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "plainview-protect-passwords No.known.fix Reflected.XSS HIGH" "plainview-protect-passwords No.known.fix Cross-Site.Request.Forgery MEDIUM" "postman-smtp No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "photo-gallery-builder No.known.fix Missing.Authorization MEDIUM" "piotnet-addons-for-elementor 2.4.33 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "piotnet-addons-for-elementor 2.4.32 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "piotnet-addons-for-elementor 2.4.32 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.30 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "piotnet-addons-for-elementor 2.4.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widget.Attributes HIGH" "piotnet-addons-for-elementor 2.4.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.27 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "packlink-pro-shipping 3.4.7 Missing.Authorization MEDIUM" "plugins-on-steroids 4.1.3 Missing.Authorization.via.update_options MEDIUM" "prime-affiliate-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "partners No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "popup-modal-for-youtube No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "portfolio-filter-gallery 1.6.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "portfolio-filter-gallery 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "paytr-taksit-tablosu-woocommerce No.known.fix CSRF MEDIUM" "paytr-taksit-tablosu-woocommerce 1.3.2 Unauthenticated.Settings.Update MEDIUM" "pray-for-me No.known.fix Unauthenticated.Stored.XSS HIGH" "pray-for-me No.known.fix Settings.Update.via.CSRF MEDIUM" "photokit No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "podcast-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "podcast-box 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "planso-forms No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "purple-xmls-google-product-feed-for-woocommerce No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "purple-xmls-google-product-feed-for-woocommerce 3.2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "purple-xmls-google-product-feed-for-woocommerce 3.3.1.0 Authenticated.SQL.Injection MEDIUM" "podiant No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "product-designer 1.0.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "product-designer 1.0.34 Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "product-designer 1.0.33 Unauthenticated.PHP.Object.Injection CRITICAL" "payment-gateway-groups-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-groups-for-woocommerce 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "powerpack-elements 2.10.15 Contributor+.Privilege.Escalation HIGH" "powerpack-elements 2.10.18 Authenticated.(Contributor+).Privilege.Escalation HIGH" "powerpack-elements 2.10.8 Missing.Authorization.to.Settings.Reset HIGH" "powerpack-elements 2.10.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Modification.and.Cross-Site.Scripting MEDIUM" "powerpack-elements 2.9.24 Reflected.Cross-Site.Scripting MEDIUM" "phppoet-checkout-fields 3.5.13 Unauthenticated.Arbitrary.File.Upload CRITICAL" "pdf-print 2.0.3 Unauthenticated.Cross-Site-Scripting.(XSS) MEDIUM" "pdf-print 1.9.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "portugal-ctt-tracking-woocommerce 2.2 Reflected.Cross-Site.Scripting MEDIUM" "post-from-frontend No.known.fix Post.Deletion.via.CSRF MEDIUM" "ppo-call-to-actions No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "posti-shipping 3.10.4 Cross-Site.Request.Forgery MEDIUM" "posti-shipping 3.10.4 Reflected.Cross-Site.Scripting MEDIUM" "posti-shipping 3.10.3 Full.Path.Disclosure MEDIUM" "perelandra-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perelandra-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perelandra-sermons No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "petfinder-listings 1.1 Admin+.Stored.Cross-Site.Scripting LOW" "pcrecruiter-extensions 1.4.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posts-in-page 1.3.0 Directory.Traversal HIGH" "prismatic 2.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "prismatic 2.8 Contributor+.Stored.XSS MEDIUM" "package-quantity-xforwc 1.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "plugin-groups 2.0.7 Missing.Authorization.to.Unauthenticated.Denial.of.Service MEDIUM" "product-catalog-feed 2.2.0 Cross-Site.Request.Forgery MEDIUM" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "phzoom No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "plugversions 0.0.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Creation HIGH" "polldaddy No.known.fix Cross-Site.Request.Forgery MEDIUM" "polldaddy 3.1.0 Reflected.Cross-Site.Scripting HIGH" "polldaddy 3.1.0 Rating.Update.via.CSRF MEDIUM" "polldaddy 3.0.10 Contributor+.Rating.Settings.Update MEDIUM" "polldaddy 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "pixcodes 2.3.7 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "prodigy-commerce No.known.fix Missing.Authorization LOW" "prodigy-commerce 3.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-views-counter 1.4.5 Cross-Site.Request.Forgery.via.save_bulk_post_views() MEDIUM" "post-views-counter 1.3.5 Authenticated.Stored.XSS LOW" "page-builder-sandwich No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization MEDIUM" "page-builder-sandwich No.known.fix Sensitive.Information.Exposure MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Post.Editing MEDIUM" "page-builder-sandwich No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-builder-sandwich 4.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pricing-table-addon-for-elementor No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pagemash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pc-robotstxt 1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder-pro 3.10.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.10.1 Cross-Site.Request.Forgery HIGH" "profile-builder-pro 3.10.1 Authenticated.(Subscriber+).Time-Based.One-Time.Password.Sensitive.Information.Exposure MEDIUM" "profile-builder-pro 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder-pro 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "powerpack-lite-for-elementor 2.8.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "powerpack-lite-for-elementor 2.7.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Link.Effects.Widget MEDIUM" "powerpack-lite-for-elementor 2.7.20 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.19 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.18 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.14 Settings.Reset/Update.via.CSRF MEDIUM" "powerpack-lite-for-elementor 2.6.2 Reflected.Cross-Site.Scripting HIGH" "powerpack-lite-for-elementor 2.3.2 Contributor+.Stored.XSS MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.SQL.Injection CRITICAL" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.WC.Order.Status.Update MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.7.8 Authentication.Bypass HIGH" "payment-gateway-stripe-and-woocommerce-integration 3.6.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "patreon-connect 1.9.2 Missing.Authorization MEDIUM" "patreon-connect 1.9.1 Protection.Mechanism.Bypass MEDIUM" "patreon-connect 1.8.8 Cross-Site.Request.Forgery MEDIUM" "patreon-connect 1.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "patreon-connect 1.7.2 Reflected.XSS.on.Login.Form HIGH" "patreon-connect 1.7.0 Unauthenticated.Local.File.Disclosure HIGH" "patreon-connect 1.7.0 CSRF.to.Disconnect.Sites.From.Patreon MEDIUM" "patreon-connect 1.7.2 Reflected.XSS.on.patreon_save_attachment_patreon_level.AJAX.action HIGH" "patreon-connect 1.7.0 CSRF.to.Overwrite/Create.User.Meta MEDIUM" "patreon-connect 1.2.2 PHP.Object.Injection CRITICAL" "perelink No.known.fix Settings.Update.via.CSRF MEDIUM" "primary-addon-for-elementor 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.6.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "primary-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "primary-addon-for-elementor 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "posts-and-products-views 2.1.1 Contributor+.Stored.XSS MEDIUM" "postmatic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postmatic 2.2.10 Subscriber+.PHP.Object.Injection MEDIUM" "postmatic 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postmatic 1.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "pagemanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perfect-portal-widgets 3.0.4 Contributor+.Stored.XSS MEDIUM" "prime-mover 1.9.3 Directory.Listing.to.Sensitive.Data.Exposure HIGH" "prime-mover 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "prime-mover 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.3 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 3.3.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "page-visit-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-visit-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-customizer-light No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "product-import-export-for-woo 2.4.2 Authenticated(Shop.Manager+).Arbitrary.File.Upload HIGH" "product-import-export-for-woo 2.3.8 Shop.Manager+.Arbitrary.File.Upload.via.upload_import_file HIGH" "pmpro-mailchimp 2.3.5 Unauthenticated.Information.Disclosure MEDIUM" "pojo-forms 1.4.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.form_preview_shortcode MEDIUM" "prepost-seo No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "player No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "player No.known.fix Reflected.XSS HIGH" "postaffiliatepro 1.26.10 Admin+.Stored.XSS LOW" "popcashnet-code-integration-tool 1.1 Cross-Site.Scripting.(XSS) MEDIUM" "paypal-responder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "personalize-woocommerce-cart-page 4.0 Missing.Authorization.to.Unuthenticated.Settings.Update MEDIUM" "personalize-woocommerce-cart-page 2.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "print-science-designer 1.3.153 Unauthenticated.PHP.Object.Injection HIGH" "push-notification-for-wp-by-pushassist No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "push-notification-for-wp-by-pushassist No.known.fix Reflected.Cross-Site.Scripting HIGH" "pricing-table No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "post-and-page-reactions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payment-form-for-paypal-pro 1.1.65 Unauthenticated.SQL.Injection CRITICAL" "payment-form-for-paypal-pro 1.0.2 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 3.13.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "profile-builder 3.11.9 Unauthenticated.Privilege.Escalation CRITICAL" "profile-builder 3.12.2 Admin+.Stored.Cross.Site.Scripting LOW" "profile-builder 3.11.8 Unauthenticated.Media.Upload MEDIUM" "profile-builder 3.11.3 Restricted.Email.Bypass MEDIUM" "profile-builder 3.10.9 Missing.Authorization.to.Plugin.Settings.Change.via.wppb_two_factor_authentication_settings_update HIGH" "profile-builder 3.10.8 Contributor+.User.Metadata.Disclosure MEDIUM" "profile-builder 3.10.4 Plugins.Activation/Deactivation.CSRF MEDIUM" "profile-builder 3.9.8 Unauthenticated.Plugin's.Pages.Creation MEDIUM" "profile-builder 3.9.1 Unauthorised.Password.Reset HIGH" "profile-builder 3.9.1 Subscriber+.Arbitrary.User.Meta.Disclosure MEDIUM" "profile-builder 3.6.1 Settings.Import.via.CSRF LOW" "profile-builder 3.6.8 Admin+.Stored.Cross-Site.Scripting LOW" "profile-builder 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.4.9 Admin.Access.via.Password.Reset CRITICAL" "profile-builder 3.4.8 Authenticated.Stored.XSS MEDIUM" "profile-builder 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "profile-builder 2.5.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.1 Privilege.Escalation HIGH" "profile-builder 2.2.5 XSS MEDIUM" "profile-builder 2.1.4 Missing.Access.Controls HIGH" "profile-builder 2.0.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 1.1.60 Password.Recovery.Bypass MEDIUM" "profile-builder 1.1.66 Multiple.XSS MEDIUM" "payment-page 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "payment-page 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "permalink-manager 2.4.4.1 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "permalink-manager 2.4.3.4 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.via.get_uri_editor MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.to.Authenticated(Author+).arbitrary.post.slug.modification MEDIUM" "permalink-manager 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.3.0 Authenticated.Stored.XSS MEDIUM" "permalink-manager 2.2.20.2 Settings.Update.via.CSRF MEDIUM" "permalink-manager 2.2.20.1 Unauthenticated.URI.Deletion MEDIUM" "permalink-manager 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.2.13.1 Admin+.SQL.Injection MEDIUM" "platinum-seo-pack No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pure-chat 2.23 Cross-Site.Request.Forgery MEDIUM" "pure-chat No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "pubydoc-data-tables-and-charts No.known.fix Admin+.Stored.XSS MEDIUM" "payplus-payment-gateway 7.0.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "payplus-payment-gateway 6.6.9 Reflected.Cross-Site.Scripting MEDIUM" "payplus-payment-gateway 6.6.9 Unauthenticated.SQLi HIGH" "post-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "platformly 1.14 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-status-notifier 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "piotnet-addons-for-elementor-pro No.known.fix Missing.Authorization.to.Arbitrary.Post/Page.Deletion MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "portfolio-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "panda-pods-repeater-field 1.5.4 Reflected.XSS HIGH" "project-app No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "powerpress 11.9.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.skipto.Shortcode MEDIUM" "powerpress 11.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.media_url.Parameter MEDIUM" "powerpress 11.9.6 Injected.Backdoor CRITICAL" "powerpress 11.0.12 Contributor+.Stored.XSS HIGH" "powerpress 11.0.7 Contributor+.SSRF MEDIUM" "powerpress 10.0.2 Contributor+.Stored.XSS MEDIUM" "powerpress 10.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpress 8.3.8 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "powerpress 6.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "powerpress 6.0.1 Cross-Site.Scripting.(XSS) CRITICAL" "passwords-manager 1.5.1 Unauthenticated.SQL.Injection HIGH" "passwords-manager 1.5.1 Missing.Authorization.to.Authenticated.(Subscriber+).Add.Password.+.Update.Encryption.Key HIGH" "passwords-manager 1.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "profile-extra-fields 1.2.8 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "profile-extra-fields 1.2.4 Reflected.Cross-Site.Scripting HIGH" "profile-extra-fields 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photo-video-gallery-master No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "post-indexer 3.0.6.2 Authenticated.SQL.Injection HIGH" "post-indexer 3.0.6.2 PHP.Object.Injection.via.MitM HIGH" "pgall-for-woocommerce 5.2.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pgall-for-woocommerce 5.2.3 Reflected.Cross-Site.Scripting.via.add_query_arg.Function MEDIUM" "pgall-for-woocommerce 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.pafw_instant_payment.Shortcode MEDIUM" "plexx-elementor-extension 1.3.7 Contributor+.Stored.XSS MEDIUM" "parcel-tracker-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "payu-india No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "payu-india No.known.fix Reflected.Cross-Site.Scripting.via.type HIGH" "page-or-post-clone 6.1 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Sensitive.Information.Exposure MEDIUM" "pre-publish-checklist 1.1.2 Insecure.Direct.Object.Reference.to.Arbitrary.Post.'_ppc_meta_key'.Update MEDIUM" "photoshow 1.0.19 Update/Delete.Google.API.Key.via.CSRF MEDIUM" "publishpress-authors 4.7.2 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Arbitrary.User.Email.Update.and.Account.Takeover HIGH" "powies-whois 0.9.33 Authenticated.Stored.Cross-Site.Scripting LOW" "pdf-generator-for-wp 1.1.2 Reflected.XSS HIGH" "postcasa No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-smtp 2.9.12 Missing.Authorization.via.regenerate_qrcode() MEDIUM" "post-smtp 2.9.10 Admin+.SQLi MEDIUM" "post-smtp 2.9.4 Administrator+.SQL.Injection MEDIUM" "post-smtp 2.8.8 Authorization.Bypass.via.type.connect-app.API CRITICAL" "post-smtp 2.8.8 Unauthenticated.Stored.Cross-Site.Scripting.via.device HIGH" "post-smtp 2.8.7 Reflected.Cross-Site.Scripting HIGH" "post-smtp 2.8.7 Admin+.SQL.Injection MEDIUM" "post-smtp 2.7.1 Unauthenticated.Cross-site.Scripting HIGH" "post-smtp 2.6.1 Authenticated.(Administrator+).SQL.Injection HIGH" "post-smtp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "post-smtp 2.5.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Contents HIGH" "post-smtp 2.5.7 Account.Takeover.via.CSRF MEDIUM" "post-smtp 2.5.7 Arbitrary.Log.Deletion.via.CSRF MEDIUM" "post-smtp 2.1.7 Admin+.Blind.SSRF LOW" "post-smtp 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "post-smtp 2.0.21 CSRF.Nonce.Bypass MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Admin+.Stored.XSS LOW" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix .Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "product-expiry-for-woocommerce 2.6 Subscriber+.Settings.Update MEDIUM" "post-grid-elementor-addon 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-elementor-addon 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "photo-gallery 1.8.31 Admin+.Stored.XSS LOW" "photo-gallery 1.8.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Admin+.Stored.XSS LOW" "photo-gallery 1.8.29 Admin+.Stored.XSS LOW" "photo-gallery 1.8.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Zipped.SVG MEDIUM" "photo-gallery 1.8.24 Authenticated.(Contributor+).Path.Traversal.via.esc_dir.Function MEDIUM" "photo-gallery 1.8.26 Subscriber+.Notice.Dismiss MEDIUM" "photo-gallery 1.8.21 Missing.Authorization MEDIUM" "photo-gallery 1.8.22 Admin+.Stored.XSS.via.SVG LOW" "photo-gallery 1.8.22 Multiple.Reflected.XSS HIGH" "photo-gallery 1.8.20 Mobile-Friendly.Image.Gallery.<.1.8.20.-.Directory.Traversal.to.Arbitrary.File.Rename CRITICAL" "photo-gallery 1.8.19 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Widget MEDIUM" "photo-gallery 1.8.15 Admin+.Path.Traversal MEDIUM" "photo-gallery 1.8.3 Stored.XSS.via.CSRF MEDIUM" "photo-gallery 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.4 Admin+.Stored.Cross-Site.Scripting LOW" "photo-gallery 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.3 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.6.0 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.5.79 Stored.XSS.via.Uploaded.SVG.in.Zip MEDIUM" "photo-gallery 1.5.75 File.Upload.Path.Traversal LOW" "photo-gallery 1.5.75 Stored.Cross-Site.Scripting.via.Uploaded.SVG MEDIUM" "photo-gallery 1.5.67 Authenticated.Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "photo-gallery 1.5.69 Multiple.Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.69 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photo-gallery 1.5.68 Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.55 Unauthenticated.SQL.Injection CRITICAL" "photo-gallery 1.5.46 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "photo-gallery 1.5.35 SQL.Injection.&.XSS CRITICAL" "photo-gallery 1.5.31 SQL.Injection CRITICAL" "photo-gallery 1.5.25 Authenticated.LFI MEDIUM" "photo-gallery 1.5.23 Authenticated.XSS MEDIUM" "photo-gallery 1.3.67 Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.3.51 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.3.43 Authenticated.Path.Traversal HIGH" "photo-gallery 1.3.36 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.2.13 Cross-Site.Scripting.(XSS) HIGH" "private-messages-for-wordpress No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "private-messages-for-wordpress No.known.fix Arbitrary.Message.Sent.via.CSRF MEDIUM" "popup-manager No.known.fix Unauthenticated.Arbitrary.Popup.Deletion MEDIUM" "popup-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "per-page-add-to No.known.fix Authenticated.Stored.XSS LOW" "per-page-add-to 1.4.4 CSRF.to.Stored.XSS HIGH" "portfolio-wp 2.1.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "pdq-csv 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "parsi-font 4.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "push-monkey-desktop-push-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "preloader-sws No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-and-post-restriction 1.3.7 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "page-and-post-restriction 1.3.5 Unauthenticated.Protected.Post.Access MEDIUM" "page-and-post-restriction 1.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "peters-collaboration-e-mails No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "pripre No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "particle-background No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-embedder 4.8.0 Arbitrary.JavaScript.Execution MEDIUM" "pdf-embedder 4.7.1 Contributor+.Stored.XSS MEDIUM" "page-scroll-to-id 1.7.9 Contributor+.Stored.XSS MEDIUM" "page-scroll-to-id 1.7.6 Contributor+.Stored.XSS MEDIUM" "protected-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protected-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-builder-add 1.5.2.1 Authenticated.(Editor+).Local.File.Inlcusion HIGH" "page-builder-add 1.5.1.9 Reflected.Cross-Site.Scripting.via.pageType MEDIUM" "page-builder-add 1.5.1.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-add 1.5.1.6 Open.Redirect MEDIUM" "page-builder-add 1.5.1.3 Admin+.Stored.XSS LOW" "page-builder-add 1.4.9.9 Contributor+.Cross-Site.Scripting.via.Shortcode MEDIUM" "page-builder-add 1.4.9.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "portfolio-responsive-gallery 1.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "portfolio-responsive-gallery 1.1.8 Authenticated.Blind.SQL.Injections HIGH" "powerpack-addon-for-beaver-builder 1.3.1 Reflected.Cross-Site.Scripting.via.Navigate.Parameter MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.4 Authenticated.(Editor+).Local.File.Inclusion HIGH" "powerpack-addon-for-beaver-builder 1.3.0.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.element.link MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.3 Reflected.Cross-Site.Scripting MEDIUM" "post-to-csv 1.4.1 Author+.CSV.Injection MEDIUM" "post-to-csv 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pixelyoursite 10.0.2 Settings.Update.via.CSRF MEDIUM" "pixelyoursite 9.7.2 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite 9.6.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pixelyoursite 9.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "pixelyoursite 5.3.0 XSS MEDIUM" "postcode-redirect 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "postcode-redirect 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "publish-post-email-notification 1.0.2.3 Admin+.Stored.XSS LOW" "page-layout-builder No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pdf-invoices-and-packing-slips-for-woocommerce 1.3.8 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "peepso-photos 6.3.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "pop-over-xyz No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pop-over-xyz No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pepro-cf7-database 1.9.0 Cross-Site.Request.Forgery MEDIUM" "pepro-cf7-database 1.8.0 Unauthenticated.Stored.XSS HIGH" "progress-planner 0.9.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "progress-planner 0.9.2 Missing.Authorization MEDIUM" "pods 3.2.8.1 Admin+.Stored.XSS LOW" "pods 3.2.7.1 Admin+.Stored.XSS LOW" "pods 3.2.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Pod.Form.Redirect.URL MEDIUM" "pods 3.1 Contributor+.SQLi MEDIUM" "pods 3.1 Contributor+.Remote.Code.Execution HIGH" "pods 3.1 Contributor+.Pods/Users.Creation MEDIUM" "pods 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "pods 2.9.11 Pods.Deletion.via.CSRF MEDIUM" "pods 2.7.29 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "post-slider-carousel 1.0.21 Admin+.Stored.XSS LOW" "pz-frontend-manager 1.0.6 CSRF.change.user.profile.picture MEDIUM" "point-maker 0.1.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pi-woocommerce-order-date-time-and-type 3.0.20 Admin+.Stored.XSS LOW" "panorama 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "panorama 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pmpro-membership-maps 0.7 Membership.Maps.Add.On.<.0.7.-.Contributor+.Sensitive.Information.Disclosure MEDIUM" "price-alert-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-carousel 3.0.1 Editor+.Stored.XSS LOW" "post-carousel 2.4.28 Editor+.Stored.XSS LOW" "post-carousel 2.4.19 Contributor+.Stored.XSS MEDIUM" "post-carousel 2.3.5 CSRF.Bypass./.Unauthorised.AJAX.Calls MEDIUM" "pocket-news-generator No.known.fix .Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "pocket-news-generator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "planaday-api 11.5 Reflected.Cross-Site.Scripting MEDIUM" "popup-zyrex 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "perfmatters 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Cross-Site.Request.Forgery MEDIUM" "perfmatters 2.2.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Missing.Authorization MEDIUM" "paygreen-payment-gateway 1.0.27 Reflected.Cross-Site.Scripting MEDIUM" "proofreading 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "proofreading 1.1 Reflected.XSS HIGH" "paritypress 1.0.1 Admin+.Stored.XSS LOW" "pixelyoursite-pro 10.4.3 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite-pro 9.6.2 Admin+.Stored.Cross-Site.Scripting LOW" "posts-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postmagthemes-demo-import 1.0.8 Admin+.Arbitrary.File.Upload MEDIUM" "pricer-ninja-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-pro 2.9.14 Contributor+.Stored.XSS MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Messenger.Chat.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multi.Scroll.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Global.Badge.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Mouse.Cursor.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Premium.Magic.Scroll.Module MEDIUM" "premium-addons-pro 2.9.13 .Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.link MEDIUM" "premium-addons-pro 2.8.25 Reflected.XSS HIGH" "post-slider-and-carousel 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "post-slider-and-carousel 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pondol-carousel No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "pretty-simple-popup-builder 1.0.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pretty-simple-popup-builder 1.0.10 Admin+.Stored.XSS LOW" "pretty-simple-popup-builder 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "plainview-activity-monitor 20180826 Remote.Command.Execution.(RCE) HIGH" "productdyno No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pearl-header-builder 1.3.9 Cross-Site.Request.Forgery.to.Header.Deletion MEDIUM" "pearl-header-builder 1.3.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Site.Options.Deletion MEDIUM" "pearl-header-builder 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "pearl-header-builder 1.3.5 CSRF MEDIUM" "price-commander-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "popupally 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popupally No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "popupally 2.1.1 Cross-Site.Request.Forgery.via.optin_submit_callback MEDIUM" "pdf-block No.known.fix Contributor+.Stored.XSS MEDIUM" "projecthuddle-child-site 1.0.35 Missing.Authorization.via.ph_child_ajax_notice_handler MEDIUM" "post-grid 2.3.4 2.3.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "post-grid 2.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.90 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.91 2.2.90.-.Subscriber+.Privilege.Escalation HIGH" "post-grid 2.2.93 Contributor+.Stored.XSS MEDIUM" "post-grid 2.2.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Accordion.Block MEDIUM" "post-grid 2.2.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.86 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.redirectURL.Parameter.of.Date.Countdown.Widget MEDIUM" "post-grid 2.2.81 Combo.Blocks.<.2.2.81.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attribute MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.79 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "post-grid 2.2.76 Reflected.Cross-Site.Scripting MEDIUM" "post-grid 2.2.76 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "post-grid 2.2.69 Information.Exposure.via.get_posts.API.Endpoint HIGH" "post-grid 2.2.65 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.post_types MEDIUM" "post-grid 2.1.13 Contributor+.SQL.Injection MEDIUM" "post-grid 2.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 PHP.Object.Injection HIGH" "project-panorama-lite No.known.fix Admin+.Stored.XSS LOW" "project-panorama-lite 1.5.1 WordPress.Project.Management.<.1.5.1.-.Admin+.Stored.XSS LOW" "policy-genius No.known.fix Reflected.XSS HIGH" "pie-register-premium 3.8.3.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "pie-register-premium 3.8.3.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "pie-register-premium 3.8.3.3 Missing.Authorization MEDIUM" "post-meta-data-manager 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-meta-data-manager 1.2.2 Cross-Site.Request.Forgery.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "post-meta-data-manager 1.2.1 Unauthenticated.Data.Deletion HIGH" "post-meta-data-manager 1.2.1 Subscriber+.Privilege.Escalation HIGH" "post-meta-data-manager 1.2.1 Missing.Authorization.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "paypal-payment-button-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita 3.10.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "pdf-poster 2.1.22 Arbitrary.JavaScript.Execution MEDIUM" "pdf-poster 2.1.18 PDF.Embedder.Plugin.for.WordPress.<.2.1.18.-.Reflected.Cross-Site.Scripting MEDIUM" "pdfjs-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "popup-more 2.3.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popup-more 2.2.5 Admin+.Directory.Traversal.to.Limited.Local.File.Inclusion MEDIUM" "pirate-forms 2.6.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "pirate-forms 2.5.2 HTML.Injection.&.CSRF MEDIUM" "phone-orders-for-woocommerce 3.7.2 Subscriber+.Sensitive.Data.Exposure MEDIUM" "pixtypes No.known.fix Reflected.XSS HIGH" "pixtypes 1.4.15 Cross-Site.Request.Forgery MEDIUM" "pepro-bacs-receipt-upload-for-woocommerce 2.7.0 Reflected.Cross-Site.Scripting MEDIUM" "pardakht-delkhah 2.9.9 Form.Fields.Reset.via.CSRF MEDIUM" "pardakht-delkhah 2.9.3 Unauthenticated.Stored.XSS HIGH" "plugnedit 6.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "phpsword-favicon-manager No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "photographer-connections No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-layouts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "password-protect-page 1.9.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "password-protect-page 1.9.0 .Protection.Mechanism.Bypass MEDIUM" "password-protect-page 1.8.6 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "poll-maker 5.5.7 Missing.Authorization MEDIUM" "poll-maker 5.5.5 Cross-Site.Request.Forgery.to.Poll.Duplication MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Time-Based.SQL.Injection MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Poll.Settings MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).SQL.Injection.via.Order_by.Parameter MEDIUM" "poll-maker 5.1.9 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "poll-maker 5.1.9 .Missing.Authorization.to.Unauthenticated.Email.Enumeration MEDIUM" "poll-maker 4.8.1 Missing.Authorization MEDIUM" "poll-maker 4.7.2 Missing.Authorization MEDIUM" "poll-maker 4.7.1 Reflected.XSS HIGH" "poll-maker 4.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "poll-maker 3.4.2 Unauthenticated.Time.Based.SQL.Injection CRITICAL" "poll-maker 3.2.9 Reflected.Cross-Site.Scripting HIGH" "poll-maker 3.2.1 Authenticated.Blind.SQL.Injections HIGH" "password-protect-plugin-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf-for-woocommerce 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "portfolio 2.40 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-variation-swatches 1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "page-specific-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Contributor+.Stored.XSS MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Subscriber+.LFI HIGH" "product-filter-for-woocommerce-product No.known.fix Unauthenticated.SQLi HIGH" "page-studio-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-studio-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "project-source-code-download No.known.fix Unauthenticated.Backup.Download HIGH" "pre-party-browser-hints 1.8.20 Admin+.SQLi MEDIUM" "ps-phpcaptcha 1.2.0 PS.PHPCaptcha.<.1,2,0.-Denial.of.Service CRITICAL" "post-carousel-slider-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "parallax-image 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.position.Parameter MEDIUM" "parallax-image 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dd-parallax.Shortcode MEDIUM" "parallax-image 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.2.9 Cross-Site.Request.Forgery MEDIUM" "photoblocks-grid-gallery 1.2.7 Contributor+.Stored.XSS MEDIUM" "photoblocks-grid-gallery 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photoblocks-grid-gallery 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photoblocks-grid-gallery 1.1.43 Authenticated.Reflected.XSS HIGH" "photoblocks-grid-gallery 1.1.41 Unauthenticated.Reflected.XSS MEDIUM" "pagepost-content-shortcode No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "photo-video-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pixproof No.known.fix Missing.Authorization MEDIUM" "product-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-table No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "private-google-calendars 20240106 Contributor+.Stored.XSS MEDIUM" "premium-blog-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pf-timer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prevent-file-access 2.5.2 Admin+.Arbitrary.File.Upload MEDIUM" "password-protected-woo-store 2.3 Unauthenticated.Arbitrary.Post.Tile.&.Content.Access MEDIUM" "profilepro No.known.fix Subscriber+.Stored.Cross.Site.Scripting HIGH" "pets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pets 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pathomation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "product-code-for-woocommerce 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "prayer-times-anywhere No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "plethora-tabs-accordions 1.2 Contributor+.Stored.XSS MEDIUM" "plethora-tabs-accordions 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postbox-email-logs 1.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Export MEDIUM" "performance-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ptoffice-sign-ups No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "pricing-deals-for-woocommerce No.known.fix Missing.Authorization.via.vtprd_ajax_clone_rule MEDIUM" "pricing-deals-for-woocommerce 2.0.3 Unauthenticated.SQLi HIGH" "promotion-slider No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pootle-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-button 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "premmerce-user-roles 1.0.13 Missing.Authorization.via.role.management.functions HIGH" "premmerce-user-roles 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-size-chart-for-woo 1.1.6 Settings.Update.via.CSRF MEDIUM" "product-shipping-countdown-free-version No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-shipping-countdown-free-version No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "portfolio-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "portfolio-elementor 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "portfolio-elementor 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pixobe-cartography No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "premium-blocks-for-gutenberg 2.1.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pegapoll No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.render MEDIUM" "pdf-viewer-for-elementor No.known.fix Arbitrary.JavaScript.Execution MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plezi 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plezi 1.0.3 Unauthenticated.Stored.XSS HIGH" "propovoice No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "propovoice No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "pdf-generator-addon-for-elementor-page-builder 2.0.1 Unauthenticated.Arbitrary.File.Download HIGH" "pdf-generator-addon-for-elementor-page-builder 1.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pilotpress 2.0.31 Subscriber+.Report.Access.&.DB.Transients.Purging MEDIUM" "pardot 2.1.1 Missing.Authorization MEDIUM" "parcelpanel 4.3.3 Reflected.Cross-Site.Scripting MEDIUM" "parcelpanel 3.9.0 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "premmerce 1.3.18 Reflected.Cross-Site.Scripting MEDIUM" "premmerce 1.3.17 Cross-Site.Request.Forgery MEDIUM" "premmerce 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "partdo-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "promobar 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "past-events-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "past-events-extension No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "past-events-extension No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "postie 1.9.41 Post.Submission.Spoofing.&.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "parsian-bank-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "pretty-grid 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf-embedder-fay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pretty-opt-in-lite 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pie-register-social-site 1.8 Authentication.Bypass HIGH" "pie-register-social-site 1.7.8 Social.Sites.Login.(Add.on).<.1.7.8.-.Unauthenticated.Privilege.Escalation CRITICAL" "preloader-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "poll-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plugmatter-optin-feature-box-lite 2.0.14 Unauthenticated.Blind.SQL.Injection CRITICAL" "preferred-languages 2.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photographer-directory 1.0.9 Subscriber+.Privilege.Escalation CRITICAL" "private-content 8.4.4 Brute.Force.Protection.Bypass MEDIUM" "pta-member-directory 1.8.0 Missing.Authorization MEDIUM" "pingmeter-uptime-monitoring No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "paid-memberships-pro 3.0.6 Authenticated.(Administrator+).SQL.Injection CRITICAL" "paid-memberships-pro 3.0.5 Unauthenticated.Insecure.Direct.Object.Reference.to.Order.Status.Update MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery.to.Membership.Modification MEDIUM" "paid-memberships-pro 3.0.2 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.9 Contributor+.Arbitrary.User.Custom.Field.Disclosure MEDIUM" "paid-memberships-pro 2.12.8 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.7 Information.Exposure.in.Debug.Logs MEDIUM" "paid-memberships-pro 2.12.6 Missing.Authorization.via.API MEDIUM" "paid-memberships-pro 2.12.4 Subscriber+.Arbitrary.File.Upload HIGH" "paid-memberships-pro 2.9.12 Subscriber+.SQL.Injection HIGH" "paid-memberships-pro 2.9.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "paid-memberships-pro 2.9.8 Unauthenticated.SQLi HIGH" "paid-memberships-pro 2.6.7 Unauthenticated.Blind.SQL.Injection CRITICAL" "paid-memberships-pro 2.6.6 Reflected.Cross-Site.Scripting HIGH" "paid-memberships-pro 2.5.10 Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.5.6 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.5.3 Unauthorised.Order.Information.Disclosure MEDIUM" "paid-memberships-pro 2.5.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "paid-memberships-pro 2.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "paid-memberships-pro 2.3.3 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.0.6 Authenticated.Open.Redirect MEDIUM" "progress-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pmpro-payfast 1.4.2 Unauthenticated.Information.Exposure MEDIUM" "parallaxer-lite-parallax-effects-on-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-connector 1.0.10 Admin+.Stored.Cross-Site.Scripting MEDIUM" "post-connector 1.0.4 XSS MEDIUM" "postman-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "perfect-pullquotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-page-builder 5.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "payment-gateway-for-telcell 2.0.4 Unauthenticated.Open.Redirect MEDIUM" "passwordless-login 1.1.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "picsmize No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "posts-table-filterable 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "post-types-carousel-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-types-carousel-slider 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podcast-importer-secondline 1.3.8 Admin+.SQLi MEDIUM" "podcast-importer-secondline 1.1.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "post-snippets 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "post-snippets 4.0.3 Admin+.Stored.XSS LOW" "post-snippets 3.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-snippets 3.1.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "post-snippets 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "primer-mydata 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "pop-up No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "preview-link-generator 1.0.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "property-hive-stamp-duty-calculator 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "project-status No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "pb-mailcrypt-antispam-email-encryption No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-saint No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "persian-nested-showhide-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popups 1.8 Reflected.Cross-Site.Scripting MEDIUM" "popups No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "porto-functionality 3.1.0 Functionality.<.3.1.0.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto-functionality 3.1.1 Functionality.<.3.1.1.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "porto-functionality No.known.fix Functionality.<.2.12.1.-.Missing.Authorization MEDIUM" "porto-functionality No.known.fix Functionality.<.2.12.1.-.Unauthenticated.SQL.Injection CRITICAL" "pretty-google-calendar 2.0.0 Contributor+.Stored.XSS MEDIUM" "pretty-google-calendar 1.6.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.pretty_google_calendar.shortcode MEDIUM" "protect-admin-account 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-multi-currency 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-multi-currency 2.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "propertyhive 2.1.1 Reflected.XSS HIGH" "propertyhive 2.0.20 Cross-Site.Request.Forgery.via.save_account_details HIGH" "propertyhive 2.0.10 Missing.Authorization MEDIUM" "propertyhive 2.0.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "propertyhive 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.10 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "propertyhive 2.0.7 Missing.Authorization.via.activate_pro_feature MEDIUM" "propertyhive 2.0.6 Unauthenticated.PHP.Object.Injection.via.propertyhive_currency HIGH" "propertyhive 1.5.49 Reflected.XSS HIGH" "propertyhive 1.5.47 Reflected.XSS HIGH" "propertyhive 1.4.26 Unvalidated.Input.to.do_action() MEDIUM" "popup-maker-wp 1.3.7 Subscriber+.Stored.XSS HIGH" "portfolio-slideshow No.known.fix Contributor+.XSS MEDIUM" "product-input-fields-for-woocommerce 2.0 .Contributor+.Arbitrary.File.Read MEDIUM" "product-input-fields-for-woocommerce 1.8.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "product-input-fields-for-woocommerce 1.2.7 Unauthenticated.File.Download HIGH" "pedalo-connector No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "product-specifications 0.7.0 Reflected.Cross-Site.Scripting HIGH" "promolayer-popup-builder 1.1.1 Missing.Authorization MEDIUM" "podlove-web-player 5.7.4 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "podlove-web-player 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "parone 1.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-by-azexo No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "page-builder-by-azexo No.known.fix Subscriber+.Post.Creation MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF).to.Stored.XSS MEDIUM" "pagelayer 1.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.9.0 Admin+.Stored.XSS LOW" "pagelayer 1.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.8.8 Admin+.Stored.XSS LOW" "pagelayer 1.8.2 Missing.Authorization MEDIUM" "pagelayer 1.8.5 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "pagelayer 1.8.3 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.0 Author+.Stored.XSS LOW" "pagelayer 1.7.9 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.1 Admin+.Stored.XSS LOW" "pagelayer 1.7.8 Author+.Stored.XSS MEDIUM" "pagelayer 1.7.7 Unauthenticated.Stored.XSS HIGH" "pagelayer 1.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.3.5 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.Unprotected.AJAX's.leading.to.XSS HIGH" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.CSRF.leading.to.XSS HIGH" "plugmatter-pricing-table No.known.fix Reflected.Cross-Site.Scripting HIGH" "podcast-channels 0.28 Unauthenticated.Reflected.XSS MEDIUM" "php-compatibility-checker 1.6.0 Cross-Site.Request.Forgery MEDIUM" "premium-seo-pack 1.6.002 Authenticated.(Contributor+).SQL.Injection MEDIUM" "premium-seo-pack No.known.fix Unauthenticated.Information.Exposure MEDIUM" "paytm-donation 2.2.1 Reflected.XSS HIGH" "poll-wp 2.4.1 Admin+.SQLi MEDIUM" "poll-wp 2.4.0 Admin+.SQL.Injection MEDIUM" "poll-wp 1.5.9 Reflected.Cross-Site.Scripting HIGH" "poll-wp 1.3.4 Broken.Authentication.and.Missing.Capability.Checks.on.AJAX.calls CRITICAL" "post-list-designer 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-list-designer 3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "post-list-designer 3.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-list-designer 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-loops 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "paypal-gift-certificate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.wpppgc_plugin_options MEDIUM" "push-notification-by-feedify 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-by-feedify 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "polls-widget No.known.fix Admin+.Stored.XSS LOW" "polls-widget 1.5.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "premmerce-woocommerce-product-bundles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "peachpay-for-woocommerce 1.113.0 Reflected.Cross-Site.Scripting MEDIUM" "pricing-tables-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wdo_pricing_tables.Shortcode MEDIUM" "plausible-analytics 1.3.4 Reflected.XSS HIGH" "plausible-analytics 1.2.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "plausible-analytics 1.2.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "post-to-pdf 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pb-seo-friendly-images No.known.fix Admin+.Stored.XSS LOW" "perfect-font-awesome-integration 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "php-everywhere 3.0.0 Contributor+.RCE.via.Metabox CRITICAL" "php-everywhere 3.0.0 Subscriber+.RCE.via.Shortcode CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Gutenberg.Block CRITICAL" "php-everywhere 2.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "posts-reminder No.known.fix Settings.Update.via.CSRF MEDIUM" "pressference-exporter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "post-views-stats No.known.fix Reflected.Cross-Site.Scripting.via.from.and.to MEDIUM" "post-grid-for-elementor 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Feed.Name MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.17 Authenticated.(Admin+).Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.14 Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.0.15 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.1 Missing.Authorization MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "podlove-podcasting-plugin-for-wordpress 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Settings.Import MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.3 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 3.5.6 Unauthenticated.SQL.Injection MEDIUM" "podlove-podcasting-plugin-for-wordpress 2.6.0 Authenticated.SQL.Injection HIGH" "podlove-podcasting-plugin-for-wordpress 2.3.16 Multiple.SQLi.&.XSS CRITICAL" "premmerce-woocommerce-wishlist 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wishlist 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wishlist 1.1.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "peepso-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.7.1 Unauthenticated.Sensitive.Information.Disclosure.via.Log.file MEDIUM" "peepso-core 6.3.1.2 User.Post.Creation.via.CSRF MEDIUM" "peepso-core 6.3.1.2 Reflected.XSS HIGH" "peepso-core 6.2.7.0 Reflected.Cross-Site.Scripting HIGH" "peepso-core 6.2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.0.0 Cross-Site.Request.Forgery.via.delete MEDIUM" "peepso-core 6.0.3.0 Multiple.CSRF MEDIUM" "peepso-core 1.6.1 Authenticated.Privilege.Escalation HIGH" "pinterest-rss-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "printus-cloud-printing-for-woocommerce 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "penci-data-migrator 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "plms No.known.fix Authenticated.(Salesman+).Arbitrary.File.Upload HIGH" "patron-button-and-widgets-by-codebard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Cross-Site.Request.Forgery MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Reflected.XSS MEDIUM" "patron-button-and-widgets-by-codebard 2.1.9 Reflected.XSS HIGH" "prenotazioni No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pdf-invoices-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photospace-responsive 2.1.2 Admin+.Stored.XSS MEDIUM" "personalization-by-flowcraft No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "page-views-count 2.6.1 Contributor+.Stored.XSS MEDIUM" "page-views-count 2.5.6 Settings.Reset.via.CSRF MEDIUM" "page-views-count 2.4.15 Unauthenticated.SQL.Injection HIGH" "page-views-count 2.4.9 Contributor+.Stored.XSS MEDIUM" "popup-surveys No.known.fix Missing.Authorization MEDIUM" "poptin 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "post-category-image-with-grid-and-slider 1.4.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "progressive-license No.known.fix CSRF.to.Stored.XSS MEDIUM" "post-block 6.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Shortcode.Export MEDIUM" "post-block 5.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "product-websites-showcase No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "photospace No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "photospace No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "photo-contest No.known.fix CSRF.Bypass MEDIUM" "photo-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "podlove-subscribe-button 1.3.11 Authenticated.(Contributor+).SQL.Injection HIGH" "podlove-subscribe-button 1.3.9 Admin+.Stored.XSS LOW" "podlove-subscribe-button 1.3.9 Multiple.CSRF MEDIUM" "pagerank-tools No.known.fix Reflected.XSS HIGH" "post-carousel-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.5.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.5.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videowhisper_picture_upload_guest.Shortcode MEDIUM" "picture-gallery 1.5.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.4.4 Authenticated.Stored.XSS LOW" "perfect-survey 1.5.2 Unauthenticated.SQL.Injection HIGH" "perfect-survey No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "perfect-survey 1.5.2 Unauthorised.AJAX.Call.to.Stored.XSS./.Survey.Settings.Update HIGH" "perfect-survey 1.5.2 Reflected.Cross-Site.Scripting HIGH" "press-elements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "press-elements No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "press-elements No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pwa-for-wp 1.7.73 Missing.Authorization MEDIUM" "pwa-for-wp 1.7.72 PWA.For.WP.&.AMP.<.1,7,72.Administrator+.Stored.XSS LOW" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Settings.Change MEDIUM" "premmerce-woocommerce-product-filter 3.7.3 Missing.Authorization MEDIUM" "premmerce-woocommerce-product-filter 3.7.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-filter 3.6.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-product-filter 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "pixnet No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "pagination 1.2.3 Admin+.Stored.XSS LOW" "pagination 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "ptypeconverter No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-o-matic 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "print-o-matic 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "plinks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion.via.post_type_ajax_handler() HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-carousel-ultimate 1.6.8 Authenticated.(Contributor+).PHP.Object.Injection.in.outpost_shortcode_metabox_markup HIGH" "post-grid-carousel-ultimate 1.5.0 Admin+.Stored.XSS LOW" "powerkit 2.9.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "powerkit 2.5.9 Post.Views.Settings.Update/Reset.via.CSRF MEDIUM" "pdf-catalog-woocommerce 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-page-shipping-calculator-for-woocommerce 1.3.26 Admin+.Stored.XSS LOW" "product-page-shipping-calculator-for-woocommerce 1.3.21 Admin+.Stored.XSS LOW" "premmerce-search 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-search 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-builder 4.3.5 Admin+.Stored.XSS LOW" "popup-builder No.known.fix Sensitive.Information.Exposure.via.Imported.Subscribers.CSV.File MEDIUM" "popup-builder 4.3.2 Missing.Authorization.in.Multiple.AJAX.Actions HIGH" "popup-builder 4.3.2 Missing.Authorization.and.Nonce.Exposure HIGH" "popup-builder 4.3.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "popup-builder 4.2.7 Contributor.Stored.XSS MEDIUM" "popup-builder 4.2.6 Admin+.SSRF.&.File.Read MEDIUM" "popup-builder 4.2.3 Unauthenticated.Stored.XSS HIGH" "popup-builder 4.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.12 Settings.Update.via.CSRF MEDIUM" "popup-builder 4.1.11 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.1 Popup.Status.Change.via.CSRF MEDIUM" "popup-builder 4.1.1 SQL.Injection.to.Reflected.Cross-Site.Scripting MEDIUM" "popup-builder 4.0.7 Admin+.SQL.Injection MEDIUM" "popup-builder 4.0.7 LFI.to.RCE CRITICAL" "popup-builder 3.74 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "popup-builder 3.64.1 Multiple.Issues MEDIUM" "popup-builder 3.0 SQL.injection.via.PHP.Deserialization CRITICAL" "popup-builder 3.45 SQL.Injection CRITICAL" "phoenix-media-rename 3.4.4 Author.Arbitrary.Media.File.Renaming MEDIUM" "pie-register 3.8.3.5 Basic.<=.3.8.3.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation/Deactivation HIGH" "pie-register 3.8.3.3 Unauthenticated.Arbitrary.File.Upload HIGH" "pie-register 3.8.2.3 Open.Redirect MEDIUM" "pie-register 3.8.1.3 Unauthenticated.Arbitrary.User.Deletion HIGH" "pie-register 3.7.2.4 Open.Redirect MEDIUM" "pie-register 3.7.1.6 Unauthenticated.SQL.Injection HIGH" "pie-register 3.1.7.6 Unauthenticated.Arbitrary.Login CRITICAL" "pie-register 3.7.0.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pie-register 3.1.2 SQL.Injection CRITICAL" "pie-register 3.0.18 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "post-expirator 2.6.0 Contributor+.Arbitrary.Post.Schedule.Deletion HIGH" "presto-player 3.0.3 Missing.Authorization MEDIUM" "presto-player 2.2.3 Contributor+.Stored.XSS MEDIUM" "personal-dictionary 1.3.4 Unauthenticated.SQLi HIGH" "pj-news-ticker 1.9.6 Contributor+.Stored.XSS MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.7.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.3 Missing.Authorization.to.Unauthenticated.Settings.Reset MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.1 Subscriber+.Arbitrary.Order.Export MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.0 Shop.Manager+.Arbitrary.Options.Update HIGH" "popup4phone No.known.fix Unauthenticated.Stored.XSS HIGH" "popup4phone No.known.fix Editor+.Stored.XSS LOW" "post-and-page-builder 1.27.6 Contributor+.Stored.XSS MEDIUM" "post-and-page-builder 1.26.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "post-and-page-builder 1.26.5 Authenticated.(Contributer+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.26.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.24.2 Editor.Settings.Update.via.CSRF MEDIUM" "prettyphoto No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "planning-center-online-giving No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "power-forms-builder No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "phastpress 1.111 Open.Redirect MEDIUM" "popup-box 3.2.5 Cross-Site.Request.Forgery MEDIUM" "popup-box 2.2.7 Popup.Deletion.via.CSRF MEDIUM" "popup-box 2.2.2 Reflected.XSS MEDIUM" "popup-box 2.2 Admin+.LFI MEDIUM" "podcast-subscribe-buttons 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "podcast-subscribe-buttons 1.4.2 Contributor+.Stored.XSS MEDIUM" "pdf-invoicing-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "payment-forms-for-paystack 4.0.0 Contributor+.Stored.XSS MEDIUM" "prdctfltr 8.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "persian-woocommerce 9.0.0 Missing.Authorization MEDIUM" "persian-woocommerce 5.9.8 Reflected.Cross-Site.Scripting MEDIUM" "pdf24-posts-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "people-lists 2.0.0 Missing.Authorization MEDIUM" "pb-oembed-html5-audio-with-cache-support No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "product-price-history 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "post-type-modifier-simple 1.04 Reflected.Cross-Site.Scripting MEDIUM" "password-protected 2.6.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "password-protected 2.6.7 Admin+.Stored.XSS LOW" "password-protected 2.6.3.2 Reflected.Cross-Site.Scripting MEDIUM" "password-protected 2.6.3 Admin+.Stored.XSS LOW" "protected-posts-logout-button 1.4.6 Admin+.Stored.XSS LOW" "protected-posts-logout-button 1.4.6 Missing.Authorization MEDIUM" "protected-posts-logout-button 1.4.5 Settings.Update.via.CSRF MEDIUM" "pubsubhubbub 3.2.0 Admin+.Stored.XSS MEDIUM" "pvn-auth-popup No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "pvn-auth-popup No.known.fix Admin+.Stored.XSS LOW" "payment-gateway-payfabric 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-payfabric 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paytm-payments 2.7.7 Editor+.SQLi MEDIUM" "product-gtin-ean-upc-isbn-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "post-to-google-my-business 3.1.14 Reflected.Cross-Site.Scripting MEDIUM" "post-to-google-my-business 3.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postmash No.known.fix Reflected.Cross-Site.Scripting.via.m MEDIUM" "postmash No.known.fix Unauthenticated.SQL.Injection CRITICAL" "product-delivery-date 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "preloader-for-website 1.3 Missing.Authorization.via.plwao_register_settings() MEDIUM" "pretix-widget 1.0.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "progressive-wp No.known.fix Missing.Authorization MEDIUM" "pretty-link 3.6.3 Reflected.Cross-Site.Scripting.via.post_status HIGH" "pretty-link 3.6.4 Plugin.Settings.Update.via.CSRF MEDIUM" "pretty-link 3.4.1 Link.Visit.Stats.Clear.via.CSRF MEDIUM" "pretty-link 2.1.10 Stored.XSS.and.CSV.Injection HIGH" "pretty-link 1.6.8 Authenticated.SQL.Injection MEDIUM" "post-duplicator 2.36 Missing.Authorization MEDIUM" "post-duplicator 2.37 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "post-duplicator 2.32 Missing.Authorization.via.mtphr_duplicate_post MEDIUM" "post-duplicator 2.27 Admin+.Stored.Cross-Site.Scripting LOW" "propertyshift No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "plenigo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.13.8 Authentication.Bypass.via.pms_payment_id CRITICAL" "paid-member-subscriptions 2.13.5 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "paid-member-subscriptions 2.13.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "paid-member-subscriptions 2.12.9 Reflected.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.11.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.pms_stripe_connect_handle_authorization_return MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.creating_pricing_table_page MEDIUM" "paid-member-subscriptions 2.10.5 Cross-Site.Request.Forgery.via.ajax_add_log_entry MEDIUM" "paid-member-subscriptions 2.4.2 Authenticated.SQL.Injection MEDIUM" "paid-member-subscriptions 2.4.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "property-hive-mortgage-calculator 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.price.Parameter MEDIUM" "philantro 5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.donate.Shortcode MEDIUM" "philantro 5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paypal-promotions-and-insights No.known.fix Missing.Authorization MEDIUM" "product-filter-widget-for-elementor 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "popup-by-supsystic 1.10.30 Admin+.Remote.Code.Execution MEDIUM" "popup-by-supsystic 1.10.28 Missing.Authorization MEDIUM" "popup-by-supsystic 1.10.20 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "popup-by-supsystic 1.10.19 Prototype.Pollution MEDIUM" "popup-by-supsystic 1.10.9 Unauthenticated.Subscriber.Email.Addresses.Disclosure HIGH" "popup-by-supsystic 1.10.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "popup-by-supsystic 1.7.9 Cross-Site.Request.Forgery.(CSRF) HIGH" "printfriendly 5.5.2 Admin+.Stored.XSS LOW" "printfriendly 5.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "propovoice-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "post-layouts No.known.fix Contributor+.Stored.XSS MEDIUM" "pmpro-member-directory 1.2.6 Member.Directory.Add.On.<.1.2.6.-.Contributor+.Sensitive.Information.Disclosure.and.SQLi MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS MEDIUM" "premmerce-redirect-manager 1.0.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS LOW" "premmerce-redirect-manager 1.0.11 Cross-Site.Request.Forgery MEDIUM" "premmerce-redirect-manager 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-highlights 2.6.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pdf-viewer-by-themencode 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-by-themencode 2.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "polo-video-gallery No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "portfolleo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "pz-linkcard 2.5.3 Contributor+.SSRF LOW" "pz-linkcard 2.5.3 Reflected.XSS HIGH" "pz-linkcard 2.5.3 Admin+.Stored.XSS LOW" "pz-linkcard 2.5.3 Caching.Management.via.CSRF MEDIUM" "pz-linkcard 2.4.5.3 Reflected.Cross-Site.Scripting MEDIUM" "performance-lab 2.3.0 CSRF MEDIUM" "pop-up-pop-up 1.2.0 Plugin.Installation.via.CSRF MEDIUM" "pop-up-pop-up 1.2.0 Subscriber+.Plugin.Installation MEDIUM" "pop-up-pop-up 1.1.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pkt1-centro-de-envios 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "plugin-logic 1.0.8 Admin+.SQLi MEDIUM" "preloader-plus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "preloader-plus 2.1 Reflected.Cross-Site.Scripting MEDIUM" "protect-uploads-with-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protect-uploads-with-login-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "payhere-payment-gateway 2.2.12 Unauthenticated.Log.Data.Disclosure MEDIUM" "pandavideo 1.4.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pandavideo 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-visibility-by-country-for-woocommerce No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pjw-mime-config No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "post-status-notifier-lite 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "post-status-notifier-lite 1.11.1 Reflected.Cross-Site.Scripting MEDIUM" "post-status-notifier-lite 1.10.1 Reflected.XSS HIGH" "portfolio-builder-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postify-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "padma-advanced 0.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "playlist-for-youtube No.known.fix Editor+.Stored.XSS LOW" "pay-addons-for-elementor 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "posts-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "power-ups-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "power-ups-for-elementor 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photography-portfolio 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "post-list-with-featured-image No.known.fix Reflected.XSS HIGH" "premmerce-woocommerce-brands 1.2.13 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pixel-for-web-stories 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-parts 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "pondol-formmail No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "post-index No.known.fix CSRF.to.Stored.XSS HIGH" "popup-with-fancybox 3.6 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "post-type-archive-mapping No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-archive-mapping 5.3.0 Missing.Authorization.via.REST.Routes MEDIUM" "popup-anything-on-click 2.8.1 Missing.Authorization MEDIUM" "popup-anything-on-click 2.2.2 Popup.Settings.Reset.via.CSRF MEDIUM" "popup-anything-on-click 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "popup-anything-on-click 2.0.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-block 1.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "qr-twitter-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "quote-o-matic No.known.fix Admin+.SQLi MEDIUM" "quickswish 1.1.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "quick-count No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "q2w3-inc-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quotemedia-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-affiliate-store No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quadmenu 2.0.7 Unauthenticated.RCE.via.compiler_save CRITICAL" "quotes-collection No.known.fix Admin+.SQL.Injection MEDIUM" "quotes-collection 2.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quiz-tool-lite No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "qode-instagram-widget 2.0.2 Open.Redirect HIGH" "quiz-maker 8.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 21.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 31.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 31.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 8.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 21.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 6.5.9.9 Admin+.Stored.XSS LOW" "quiz-maker 6.5.8.4 Unauthenticated.SQL.Injection.via.'ays_questions'.Parameter CRITICAL" "quiz-maker 6.5.2.5 Missing.Authorization.to.Unauthenticated.Quiz.Data.Retrieval MEDIUM" "quiz-maker 6.5.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Quiz.Creation.&.Modification MEDIUM" "quiz-maker 6.5.0.6 Denial.of.Service MEDIUM" "quiz-maker 6.5.1.2 Missing.Authorization MEDIUM" "quiz-maker 6.4.9.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "quiz-maker 6.4.9.5 Reflected.Cross-Site.Scripting HIGH" "quiz-maker 6.4.2.7 Reflected.XSS MEDIUM" "quiz-maker 6.2.0.9 Multiple.Authenticated.Blind.SQL.Injections HIGH" "qrmenu-lite No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "quick-edit-template-link No.known.fix Cross-Site.Request.Forgery MEDIUM" "quote-tweet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "quick-restaurant-reservations 1.5.5 CSRF MEDIUM" "quick-restaurant-reservations 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "quick-adsense 2.8.2 Subscriber+.Post.Stats.Reset MEDIUM" "qr-redirector 1.6.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "qr-redirector 1.6 Subscriber+.Arbitrary.QR.Redirect.Response.Status.Update MEDIUM" "quick-call-button No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "quick-code No.known.fix Stored.XSS.via.CSRF HIGH" "quick-chat No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat 4.00 SQL.Injection CRITICAL" "quick-learn No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "quotes-for-woocommerce 2.0.2 Missing.Authorization MEDIUM" "quotes-for-woocommerce 2.0.2 Quote.Status.Update./.Quote.Sending.via.CSRF MEDIUM" "quick-orders-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-orders-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "quote-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-press No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-event-manager 9.8.5.3 Reflected.Cross-Site.Scripting MEDIUM" "quick-event-manager 9.6.5 Admin+.Stored.XSS LOW" "quick-event-manager 9.7.5 Unauthenticated.Stored.XSS HIGH" "quick-event-manager 9.7.5 Registration.Deletion/Update.via.CSRF MEDIUM" "quick-event-manager 9.7.5 Reflected.Cross-Site HIGH" "quick-event-manager 9.2.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qi-blocks 1.3.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-blocks 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-blocks 1.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "quicksand-jquery-post-filter No.known.fix Cross-Site.Request.Forgery.via.renderAdmin MEDIUM" "quicksand-jquery-post-filter No.known.fix Missing.Authorization.via.quicksand_admin_ajax CRITICAL" "quotes-and-tips 1.45 Admin+.Arbitrary.File.Upload MEDIUM" "quotes-and-tips 1.32 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "quotes-and-tips 1.20 Cross-Site.Scripting.(XSS) MEDIUM" "quran-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "qodeblock No.known.fix Missing.Authorization MEDIUM" "qodeblock No.known.fix Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "qr-code-and-barcode-scanner-reader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-pagepost-redirect-plugin 5.2.4 Admin+.Stored.XSS LOW" "quick-pagepost-redirect-plugin 5.2.0 Authenticated.Settings.Update CRITICAL" "quillforms 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.4.0 Cross-Site.Request.Forgery MEDIUM" "qqworld-auto-save-images No.known.fix Missing.Authorization.to.Arbitrary.Post.Content.Retrieval MEDIUM" "qs-dark-mode 3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "qtranslate-x No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "qtranslate-x 3.4.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quran-text-multilanguage 2.3.22 Reflected.Cross-Site.Scripting.via.sourate.and.lang.Parameters MEDIUM" "qi-addons-for-elementor 1.8.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-addons-for-elementor 1.8.1 Sensitive.Information.Exposure MEDIUM" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "qi-addons-for-elementor 1.7.1 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.8 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.5 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qyrr-code 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "qyrr-code 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qyrr-code 0.7 Authenticated.(contributor+).Stored.XSS MEDIUM" "qode-twitter-feed 2.0.1 Open.Redirect HIGH" "quick-subscribe No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "qr-code-composer 2.0.4 Subscriber+.Stored.XSS HIGH" "qode-essential-addons 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qode-essential-addons 1.5.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation MEDIUM" "querywall No.known.fix Admin+.SQLi MEDIUM" "quotes-llama 3.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 1.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "quick-interest-slider 2.9.5 Cross-Site.Request.Forgery MEDIUM" "quick-interest-slider 2.9.4 Admin+.Stored.XSS LOW" "qrcode-wprhe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "q2w3-post-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quietly-insights No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "quote-requests-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-requests-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quiz-cat 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "qa-heatmap-analytics 4.1.1.2 Unauthenticated.Settings.Update MEDIUM" "quick-audio-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-audio-player No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-paypal-payments 5.7.28 Reflected.Cross-Site.Scripting MEDIUM" "quick-paypal-payments 5.7.26.4 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.26 Contributor+.Stored.XSS MEDIUM" "quick-paypal-payments 5.7.26 Unauthenticated.Stored.XSS HIGH" "quick-paypal-payments 5.7.26 Unauthenticated.Payment.Message.Deletion/Update MEDIUM" "quick-paypal-payments 5.7.26 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qubely 1.8.6 Unauthenticated.Arbitrary.E-mail.Sending MEDIUM" "qubely 1.8.5 Contributor+.Stored.XSS MEDIUM" "qubely 1.8.1 Authenticated.Arbitrary.Settings.Update MEDIUM" "qubely 1.7.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "quick-restaurant-menu 2.1.0 Admin+.Stored.XSS LOW" "quick-restaurant-menu 2.1.0 Subscriber+.Arbitrary.Post.Deletion/Updating MEDIUM" "quick-restaurant-menu 2.1.0 .Menu.Items.Update.via.CSRF MEDIUM" "quick-featured-images 13.7.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Thumbnail.Deletion/Setting MEDIUM" "qr-code-tag No.known.fix Contributor+.Stored.XSS MEDIUM" "quick-view-and-buy-now-for-woocommerce 1.5.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Custom.CSS.Code MEDIUM" "qtranslate-slug No.known.fix Cross-Site.Request.Forgery MEDIUM" "qtranslate-slug No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "qwiz-online-quizzes-and-flashcards 3.62 Admin+.Stored.Cross.Site.Scripting LOW" "qubotchat 1.1.6 Qubotchat.<.1,1,6.–.Admin+.Stored.XSS LOW" "qubotchat 1.1.6 Unauthenticated.Stored.XSS HIGH" "quiz-expert No.known.fix Cross-Site.Request.Forgery MEDIUM" "qards No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quasar-form No.known.fix Subscriber+.SQLi HIGH" "quick-license-manager 2.4.18 Reflected.Cross-Site.Scripting MEDIUM" "quran-phrases-about-most-people-shortcodes 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quform 2.21.0 WordPress.Form.Builder.<.2.21.0.-.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "qt-kentharadio 2.0.2 Unauthenticated.RFI.and.SSRF MEDIUM" "quickiebar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 9.1.3 Author+.Stored.XSS MEDIUM" "quiz-master-next 9.1.1 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.1.0 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Contributor+.SQLi MEDIUM" "quiz-master-next 9.0.2 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Authenticated.(Contributor+).SQL.Injection CRITICAL" "quiz-master-next 8.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.17 Unauthenticated.Unauthorised.Action MEDIUM" "quiz-master-next 8.1.19 Quiz.Results.Deletion.via.CSRF MEDIUM" "quiz-master-next 8.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.19 Multiple.Cross-Site.Request.Forgery MEDIUM" "quiz-master-next 8.1.16 Cross-Site.Request.Forgery.via.'display_results' MEDIUM" "quiz-master-next 8.1.11 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 8.0.8 Text.Message.Setting.Update.via.CSRF MEDIUM" "quiz-master-next 8.0.9 Unauthenticated.Arbitrary.Media.File.Delete MEDIUM" "quiz-master-next 8.0.5 Improper.Input.Validation MEDIUM" "quiz-master-next 8.0.5 Unauthenticated.iFrame.Injection HIGH" "quiz-master-next 7.3.7 Multiple.Author+.IDOR LOW" "quiz-master-next 7.3.11 Sensitive.Information.Disclosure MEDIUM" "quiz-master-next 7.3.11 Subscriber+.XSS MEDIUM" "quiz-master-next 7.3.5 Admin+.SQL.Injection MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 7.3.11 Bypass MEDIUM" "quiz-master-next 7.3.5 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Quiz.Update.via.IDOR LOW" "quiz-master-next 7.3.7 CSRF MEDIUM" "quiz-master-next 7.3.7 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.7 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "quiz-master-next 7.1.14 Reflected.Cross-Site.Scripting HIGH" "quiz-master-next 7.1.18 Reflected.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.19 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.14 Authenticated.SQL.injection.via.Rest.API HIGH" "quiz-master-next 7.1.12 Authenticated.SQL.injection.via.shortcode HIGH" "quiz-master-next 7.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "quiz-master-next 7.0.1 Unauthenticated..Arbitrary.File.Deletion CRITICAL" "quiz-master-next 7.0.1 Arbitrary.File.Upload CRITICAL" "quiz-master-next 7.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quiz-master-next 6.3.5 Authenticated.Reflected.XSS HIGH" "quiz-master-next 6.2.2 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 4.7.9 Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "quiz-master-next 4.4.4 Authenticated.Blind.SQL.Injection MEDIUM" "quick-contact-form 8.0.6.8 Reflected.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.0.4 Admin+.Stored.XSS LOW" "quick-contact-form 8.0.4 Contributor+.Stored.XSS MEDIUM" "quick-contact-form 8.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quizlord No.known.fix Admin+.Stored.XSS LOW" "quttera-web-malware-scanner 3.4.2.1 Admin+.Path.Traversal MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Directory.Listing.to.Sensitive.Data.Exposure MEDIUM" "query-wrangler 1.5.52 Reflected.XSS HIGH" "quote-post-type-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-adsense-reloaded 2.0.85 Missing.Authorization MEDIUM" "recent-backups No.known.fix Remote.File.Download HIGH" "removehide-author-date-category-like-entry-meta No.known.fix Settings.Update.via.CSRF MEDIUM" "responsive-video-embed 0.5.1 Contributor+.Stored.XSS MEDIUM" "rocket-font No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "risk-warning-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "referrer-detector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "rimons-twitter-widget 1.3 XSS MEDIUM" "recipes-writer No.known.fix XSS MEDIUM" "revi-io-customer-and-product-reviews 5.8.0 Reflected.Cross-Site.Scripting MEDIUM" "related-post 2.0.59 Sensitive.Information.Exposure MEDIUM" "related-post 2.0.54 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rise-blocks 3.2 Cross-Site.Request.Forgery MEDIUM" "rvg-optimize-database 5.1 Missing.Authorization.via.'odb_csv_download' MEDIUM" "rvg-optimize-database 5.1.1 Database.Optimization.via.CSRF MEDIUM" "remove-old-slugspermalinks 2.7.0 Cross-Site.Request.Forgery MEDIUM" "remove-duplicate-posts 1.3 Reflected.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.7.1007 Stored.XSS.via.CSRF HIGH" "royal-elementor-addons 1.7.1002 Missing.Authorization LOW" "royal-elementor-addons 1.7.1002 Reflected.Cross-Site.Scripting HIGH" "royal-elementor-addons 1.7.1 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1004 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Google.Maps.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Author+).External.Entity.Injection MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Subscriber+).Private.Post.Disclosure MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "royal-elementor-addons 1.3.985 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Magazine.Grid/Slider.Widget MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Back.to.Top.Widget MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.975 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Flip.Carousel,.Flip.Box,.Post.Grid,.and.Taxonomy.List.Widget.Attributes MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Advanced.Accordion.Title.Tags MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.IP.Spoofing MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.Limited.File.Upload HIGH" "royal-elementor-addons 1.3.95 Contributor+.Stored.Cross-Site.Scriting MEDIUM" "royal-elementor-addons 1.3.92 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Logo.Widget MEDIUM" "royal-elementor-addons 1.3.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.88 Multiple.Cross-Site.Request.Forgery MEDIUM" "royal-elementor-addons 1.3.88 Missing.Authorization.via.wpr_update_form_action_meta MEDIUM" "royal-elementor-addons 1.3.81 Unauthenticated.Arbitrary.Post.Read MEDIUM" "royal-elementor-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.79 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.71 Reflected.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.71 Unauthenticated.API.Key.Disclosure MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Import.Deletion MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Deactivation MEDIUM" "royal-elementor-addons 1.3.60 Reflected.XSS HIGH" "royal-elementor-addons 1.3.60 Subscriber+.Template.Kit.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Template.Condition.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Theme.Activation MEDIUM" "royal-elementor-addons 1.3.60 Menu.Template.Creation.via.CSRF MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Mega.Menu.Settings.Update MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Creation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Deletion HIGH" "royal-elementor-addons 1.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-tabs-for-wpbakery No.known.fix Contributor+.Stored.XSS MEDIUM" "relevant 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "relevant 1.0.8 Cross-Site.Scripting.(XSS) MEDIUM" "review-widgets-for-opentable 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rating-widget 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "rating-widget 3.2.1 Contributor+.Stored.XSS MEDIUM" "rating-widget 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "role-based-pricing-for-woocommerce 1.6.2 Subscriber+.Arbitrary.File.Upload HIGH" "role-based-pricing-for-woocommerce 1.6.3 Subscriber+.PHAR.Deserialization HIGH" "redirect-404-to-parent 1.3.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "responsive-facebook-and-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rss-control 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "rss-control 2.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rss-import No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "radius-blocks 2.2.0 Cross-Site.Request.Forgery MEDIUM" "radius-blocks 2.2.0 Contributor+.Stored.XSS MEDIUM" "reviews-feed 1.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "reviews-feed 1.2.0 Cross-Site.Request.Forgery MEDIUM" "random-featured-post-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rays-grid 1.2.3 CSRF.Bypass MEDIUM" "replace-word No.known.fix Cross-Site.Request.Forgery MEDIUM" "responsive-add-ons 3.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "responsive-add-ons 2.2.6 Unprotected.AJAX.Endpoints CRITICAL" "rio-photo-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "remove-cpt-base 5.9 CPT.Deletion.via.CSRF MEDIUM" "reach-us-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reach-us-contact-form No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reach-us-contact-form No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "robotcpa No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "review-widgets-for-booking-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsivevoice-text-to-speech 1.7.7 Contributor+.Stored.XSS MEDIUM" "randomize No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "rss-news-scroller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rsvp-me No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "rsvp-me No.known.fix Unauthenticated.SQL.Injection HIGH" "restrict-usernames-emails-characters 3.1.4 Admin+.Stored.XSS LOW" "rsvp 2.7.15 Authenticated.(Administrator+).SQL.Injection MEDIUM" "rsvp 2.7.14 Missing.Authorization MEDIUM" "rsvp 2.7.8 Unauthenticated.Entries.Export HIGH" "rsvp 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "rsvp 2.3.8 XSS MEDIUM" "responsive-client-logo-carousel-slider 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rate-own-post No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "rlm-elementor-widgets-pack 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.22 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.22 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Private.Gallery.Title.Disclosure MEDIUM" "robo-gallery 3.2.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "robo-gallery 3.2.20 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Title MEDIUM" "robo-gallery 3.2.20 Cross-Site.Request.Forgery.to.Post.Creation.and.Limited.Data.Loss HIGH" "robo-gallery 3.2.19 Unauthenticated.Information.Exposure MEDIUM" "robo-gallery 3.2.18 Author+.Stored.XSS MEDIUM" "robo-gallery 3.2.16 Admin+.Stored.XSS LOW" "robo-gallery 3.2.13 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.11 Plugin.Activation/Deactivation.via.CSRF MEDIUM" "robo-gallery 3.2.12 Cross-Site.Request.Forgery MEDIUM" "responsive-lightbox 2.4.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "responsive-lightbox 2.4.9 Author+.Stored.XSS MEDIUM" "responsive-lightbox 2.4.8 Missing.Authorization MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "responsive-lightbox 2.4.7 Information.Disclosure MEDIUM" "responsive-lightbox 2.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.name MEDIUM" "responsive-lightbox 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "remove-add-to-cart-woocommerce 1.4.5 Settings.Update.via.CSRF MEDIUM" "remove-add-to-cart-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "recurwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurwp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rollover-tab No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rocket-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "realia No.known.fix User.Email.Change.via.Cross-Site.Request.Forgery HIGH" "realia No.known.fix Unauthenticated.IDOR.leading.to.Arbitrary.Post.Deletion HIGH" "regpack No.known.fix Admin+.Stored.XSS LOW" "remove-footer-credit 1.0.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "remove-footer-credit 1.0.11 Admin+.Stored.Cross-Site.Scripting LOW" "remove-footer-credit 1.0.6 CSRF.to.Stored.Cross-Site.Scripting HIGH" "rb-internal-links No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "relais-2fa No.known.fix Authentication.Bypass CRITICAL" "rich-counter 1.2.0 Cross-Site.Scripting.(XSS) MEDIUM" "redirects No.known.fix Missing.Authorization.via.save MEDIUM" "redirects No.known.fix Missing.Authorization MEDIUM" "rate-my-post 4.2.5 Unauthenticated.Voting.On.Scheduled.Posts MEDIUM" "rate-my-post 3.4.5 Insecure.Direct.Object.Reference MEDIUM" "rate-my-post 3.4.3 IP.Spoofing MEDIUM" "rate-my-post 3.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "rate-my-post 3.3.5 Subscriber+.Votes.Tampering.via.Race.Condition MEDIUM" "rate-my-post 3.3.5 Cross-Site.Request.Forgery MEDIUM" "rife-elementor-extensions 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Widget MEDIUM" "rife-elementor-extensions 1.1.6 Contributor+.Stored.XSS MEDIUM" "reglevel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "redirect-by-cookie 1.07 Reflected.Cross-Site.Scripting MEDIUM" "rss-icon-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "recipe-card-blocks-by-wpzoom 3.3.2 Missing.Authorization MEDIUM" "recipe-card-blocks-by-wpzoom 2.8.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "recipe-card-blocks-by-wpzoom 2.8.1 Reflected.Cross-Site.Scripting HIGH" "recently 3.0.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "recently 3.0.5 Authenticated.Code.Injection HIGH" "rsvpmaker 11.4.6 Missing.Authorization MEDIUM" "rsvpmaker 10.6.7 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') LOW" "rsvpmaker 9.9.4 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') CRITICAL" "rsvpmaker 10.6.7 Admin+.Stored.XSS HIGH" "rsvpmaker 10.6.7 Unauthenticated.PHP.Object.Injection HIGH" "rsvpmaker 10.6.7 Unauthenticated.Stored.XSS HIGH" "rsvpmaker 10.5.5 Admin+.SQL.Injection.(SQLi) HIGH" "rsvpmaker 9.2.7 Unauthenticated.SQLi MEDIUM" "rsvpmaker 9.2.6 Unauthenticated.SQLi CRITICAL" "rsvpmaker 8.7.3 Authenticated.(admin+).SSRF HIGH" "rsvpmaker 7.8.2 Unauthenticated.SQL.Injection HIGH" "rsvpmaker 6.2 SQL.Injection CRITICAL" "regenerate-post-permalinks No.known.fix Cross-Site.Request.Forgery MEDIUM" "redirection 3.6.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "redirection 2.8 Authenticated.Local.File.Inclusion MEDIUM" "ruby-help-desk 1.3.4 Subscriber+.Ticket.Update.via.IDOR MEDIUM" "reveal-template No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "recent-posts-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "recent-posts-slider No.known.fix Unauthenticated.Stored.XSS HIGH" "review-widgets-for-arukereso 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "republish-old-posts 1.27 Cross-Site.Request.Forgery.via.rop_options_page MEDIUM" "read-more-without-refresh 3.2 Admin+.Stored.Cross-Site.Scripting LOW" "redirection-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 24.1015 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 24.0712 Missing.Authorization MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 21.0426 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "restricted-content 2.2.9 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restricted-content 2.2.5 Reflected.XSS HIGH" "restricted-content 2.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revision-manager-tmc 2.8.20 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "revision-manager-tmc 2.8.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "review-stream 1.6.6 Admin+.Stored.XSS LOW" "rock-form-builder 2.5 Privilege.Escalation HIGH" "rest-routes 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "rest-routes 4.24.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.8.8 Authenticated.(Administrator+).SQL.Injection HIGH" "redirect-404-error-page-to-homepage-or-custom-page 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.7.9 Log.Deletion.via.CSRF MEDIUM" "revolut-gateway-for-woocommerce 4.17.4 Missing.Authorization.to.Unauthenticated.Order.Status.Update MEDIUM" "revolut-gateway-for-woocommerce 4.9.8 Missing.Authorization MEDIUM" "revolution-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revolution-for-elementor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rsvpmaker-excel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rotatingtweets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "reflex-gallery 3.1.5 jQuery.prettyPhoto.DOM.Cross-Site.Scripting.(XSS) MEDIUM" "restrict-content 3.2.14 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restrict-content 3.2.9 Missing.Authorization MEDIUM" "restrict-content 3.2.8 Information.Exposure.via.legacy.log.file MEDIUM" "restrict-content 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "restrict-content 3.2.3 Restrict.Content.<.3.2.3.-.Reflected.XSS HIGH" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).SQL.Injection CRITICAL" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.XSS HIGH" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.Cross-Site.Scripting MEDIUM" "radio-forge No.known.fix Reflected.Cross-Site.Scripting HIGH" "really-simple-google-tag-manager 1.0.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "refer-a-friend-widget-for-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "really-simple-ssl 9.2.0 Cross-Site.Request.Forgery MEDIUM" "really-simple-ssl 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "really-simple-ssl 8.0.0 Admin+.Server-Side.Request.Forgery MEDIUM" "related-post-shortcode No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "role-based-bulk-quantity-pricing 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "review-widgets-for-szallas-hu 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "remove-slug-from-custom-post-type No.known.fix Settings.Update.via.CSRF MEDIUM" "rara-one-click-demo-import 1.3.0 Arbitrary.File.Upload.via.CSRF HIGH" "related-posts 1.8.2 XSS MEDIUM" "read-and-understood 2.2 Authenticated.Stored.XSS.&.CSRF HIGH" "role-scoper 1.3.67 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "rehub-framework 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "restaurant-reservations 2.6.17 Missing.Authorization MEDIUM" "restaurant-reservations 2.6.8 Reflected.Cross-Site.Scripting HIGH" "restaurant-reservations 2.4.12 Unauthenticated.Arbitrary.Payment.Status.Update.to.Stored.XSS HIGH" "restaurant-reservations 2.4.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "review-widgets-for-amazon 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "review-widgets-for-capterra 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remote-content-shortcode No.known.fix Authenticated(Contributor+).Local.File.Inclusion.via.shortcode MEDIUM" "romethemeform 1.1.6 Missing.Authorization.via.export_entries,.rtformnewform,.and.rtformupdate MEDIUM" "romethemeform 1.1.3 Missing.Authorization MEDIUM" "rocket-maintenance-mode 4.4 Admin+.Stored.XSS LOW" "rocket-maintenance-mode 4.4 Reflected.Cross-Site.Scripting MEDIUM" "rocket-maintenance-mode 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revy No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "revy No.known.fix Unauthenticated.SQL.Injection HIGH" "robin-image-optimizer 1.7.0 Missing.Authorization MEDIUM" "rough-chart No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "role-and-customer-based-pricing-for-woocommerce 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "raygun4wp 1.8.3 XSS MEDIUM" "raygun4wp 1.8.1 Unauthenticated.Reflected.XSS MEDIUM" "reviewscouk-for-woocommerce 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-google-maps 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rock-convert 3.0.0 Admin+.Stored.XSS LOW" "rock-convert 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "rock-convert 2.11.0 Admin+.Stored.Cross-Site.Scripting LOW" "rating-bws 1.6 Rating.Denial.of.Service MEDIUM" "rating-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "reciply 1.1.8 Unauthenticated.File.Upload MEDIUM" "ravpage 2.25 Reflected.Cross-Site.Scripting MEDIUM" "responsive-lightbox2 1.0.4 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox2 1.0.3 Authenticated.Stored.Cross-Site.Scripting LOW" "responsive-flipbook No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviewpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "restaurant-pickup-delivery-dine-in No.known.fix Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.15 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.11 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.14 Settings.Update.via.CSRF MEDIUM" "responsive-gallery-grid 2.3.9 Contributor+.Stored.XSS MEDIUM" "reservation-studio-widget 1.0.12 Admin+.Stored.XSS LOW" "reservation-studio-widget 1.0.12 Cross-Site.Request.Forgery MEDIUM" "real-time-auto-find-and-replace 1.6.2 Unauthenticated.PHP.Object.Injection HIGH" "real-time-auto-find-and-replace 1.3.6 Admin+.SQLi MEDIUM" "real-time-auto-find-and-replace 1.2.9 Reflected.Cross-Site.Scripting HIGH" "responsive-menu 4.1.8 Subscriber+.Arbitrary.File.Upload./.Theme.Deletion./.Plugin.Settings.Update HIGH" "responsive-menu 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "responsive-menu 3.1.4 XSS.and.CSRF HIGH" "rockhoist-badges No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "rss-chimp 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "rss-chimp 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rotating-posts No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.6.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.4 Missing.Authorization.via.multiple.AJAX.functions LOW" "restaurant-cafe-addon-for-elementor 1.5.3 Cross-Site.Request.Forgery MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.3 Missing.Authorization MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviews-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "responsive-youtube-videos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rest-api-to-miniprogram 4.7.6 Unauthenticated.Arbitrary.User.Email.Update.and.Privilege.Escalation.via.Account.Takeover CRITICAL" "rest-api-to-miniprogram No.known.fix Unauthenticated.SQL.Injection HIGH" "rest-api-to-miniprogram No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "reset-course-progress-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reset-course-progress-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "recaptcha-jetpack No.known.fix Settings.Update.via.CSRF MEDIUM" "recaptcha-jetpack No.known.fix Stored.XSS.via.CSRF HIGH" "rich-table-of-content 1.3.9 Contributor+.Stored.XSS MEDIUM" "rss-feed-widget 3.0.1 Reflected.XSS MEDIUM" "rss-feed-widget 3.0.0 Contributor+.Stored.XSS MEDIUM" "rss-feed-widget 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rfw-youtube-videos.Shortcode MEDIUM" "rss-feed-widget 2.9.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "rss-feed-widget 2.8.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "realtycandy-idx-broker-extended No.known.fix Cross-Site.Request.Forgery MEDIUM" "registrations-for-the-events-calendar 2.12.4 Unauthenticated.Stored.XSS HIGH" "registrations-for-the-events-calendar 2.12.2 Missing.Authorization MEDIUM" "registrations-for-the-events-calendar 2.12.3 Authenticated.(Contributor+).SQL.Injection CRITICAL" "registrations-for-the-events-calendar 2.7.10 Reflected.Cross-Site.Scripting HIGH" "registrations-for-the-events-calendar 2.7.6 Unauthenticated.SQL.Injection HIGH" "registrations-for-the-events-calendar 2.7.5 Reflected.Cross-Site.Scripting HIGH" "run-time-image-resizing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "run-time-image-resizing No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "realbig-media 1.0.7 Settings.Update.via.CSRF MEDIUM" "responsive-iframe No.known.fix Contributor+.Stored.XSS HIGH" "responsive-header-image-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "rapidexpcart No.known.fix Stored.XSS.via.CSRF CRITICAL" "restaurant-solutions-checklist No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "real-wysiwyg No.known.fix Reflected.Cross-Site.Scripting HIGH" "related-youtube-videos 1.9.9 CSRF.&.XSS HIGH" "responsive-jquery-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "really-simple-ssl-pro-multisite 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "responsive-accordion-tabs 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "radio-player No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.79 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Deletion MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Settings.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization MEDIUM" "radio-player 2.0.74 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "radio-player 2.0.74 Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.74 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "radio-player 2.0.74 Missing.Authorization.via.get_players MEDIUM" "radio-player 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-player 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "restropress 3.1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restropress 3.1.2.1 Cross-Site.Request.Forgery.via.rpress_orders_list_table_process_bulk_actions MEDIUM" "restropress 2.8.3.1 Unauthorised.AJAX.Calls HIGH" "restropress 2.8.3 Cart.Manipulation.via.CSRF MEDIUM" "reviews-widgets-for-yelp 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "real-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-kit 5.1.1 Contributor+.Stored.XSS MEDIUM" "real-estate-pro 1.7.1 Subscriber+.Privilege.Escalation CRITICAL" "redirect-redirection 1.2.0 Subscriber+.Unauthorised.Action.Calls MEDIUM" "redirect-redirection 1.1.4 Plugin.Installation.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Subscriber+.Plugin.Installation MEDIUM" "redirect-redirection 1.1.5 Plugin.Reset.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Redirect.Creation.via.CSRF MEDIUM" "reusable-text-blocks No.known.fix Author+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "restrict-user-access 2.6 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.6 Information.Exposure MEDIUM" "restrict-user-access 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "redirect-after-login No.known.fix Admin+.Stored.XSS LOW" "review-schema 2.2.0 Missing.Authorization.to.Arbitrary.Review.Update MEDIUM" "restricted-site-access 7.3.2 Access.Bypass.via.IP.Spoofing MEDIUM" "rig-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rsv-360-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-filterable-portfolio 1.0.9 Authenticated.(Admin+).SQL.Injection MEDIUM" "responsive-filterable-portfolio 1.0.23 Server-Side.Request.Forgery MEDIUM" "responsive-filterable-portfolio 1.0.20 Reflected.XSS HIGH" "rs-members No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "review-engine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-engine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rover-idx 3.0.0.2906 Authenticated.(Subscriber+).Authentication.Bypass.to.Administrator HIGH" "rover-idx 3.0.0.2905 Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "responsive-owl-carousel-elementor 1.2.1 Local.File.Inclusion HIGH" "raise-prices-with-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "raise-prices-with-sales-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "randomtext No.known.fix Subscriber+.SQLi HIGH" "realteo 1.2.4 Arbitrary.Property.Deletion.via.IDOR HIGH" "realteo 1.2.4 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "real-media-library-lite 4.11.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real-media-library-lite 4.22.8 Contributor+.Stored.XSS MEDIUM" "real-media-library-lite 4.18.29 Author+.Stored.XSS MEDIUM" "real-media-library-lite 4.14.2 Author.Stored.Cross-Site.Scripting MEDIUM" "responsive-cookie-consent 1.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "rightmessage No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "resume-builder No.known.fix Subscriber+.Stored.XSS HIGH" "reader-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reviewx 1.6.29 Insufficient.Rating.Validation MEDIUM" "reviewx 1.6.28 Missing.Authorization MEDIUM" "reviewx 1.6.22 Missing.Authorization MEDIUM" "reviewx 1.6.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reviewx 1.6.14 Subscriber+.Privilege.Escalation HIGH" "reviewx 1.6.4 Subscriber+.SQLi HIGH" "reviewx 1.2.9 Unauthorised.AJAX.call.via.CSRF MEDIUM" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "review-buddypress-groups 2.8.4 Subscriber+.Arbitrary.Settings.Update.&.Review.Modification MEDIUM" "review-buddypress-groups 2.8.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "razorpay-payment-button-elementor 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "responsive-css-editor No.known.fix Admin+.SQLi MEDIUM" "retain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "recencio-book-reviews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remove-schema 1.6 Cross-Site.Request.Forgery MEDIUM" "remove-schema 1.6 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "racar-clear-cart-for-woocommerce 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-addons-for-elementor 1.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 2.1 Missing.Authorization MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.9 Reflected.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reservit-hotel 3.0 Admin+.Stored.XSS LOW" "resize-at-upload-plus No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "rescue-shortcodes 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rescue_progressbar.Shortcode MEDIUM" "rescue-shortcodes 2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rescue-shortcodes 2.6 Contributor+.Stored.XSS MEDIUM" "rsv-pdf-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "review-widgets-for-foursquare 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "revslider 6.7.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "revslider 6.7.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Elementor.wrapperid.and.zindex MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Add.Layer.class,.id,.and.title.Attributes MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.0 Missing.Authorization MEDIUM" "revslider 6.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.htmltag.Parameter MEDIUM" "revslider 6.7.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.19 Author+.Insecure.Deserialization.leading.to.RCE HIGH" "revslider 6.6.16 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "revslider 6.6.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.13 Author+.Remote.Code.Execution MEDIUM" "revslider 4.1.5 Local.File.Disclosure HIGH" "revslider 3.0.96 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "read-more No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Read.More.Button.Deletion MEDIUM" "read-more No.known.fix Cross-Site.Request.Forgery MEDIUM" "remove-wp-update-nags 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "remove-wp-update-nags 1.4.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "root-cookie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "rich-event-timeline No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "real-estate-listing-realtyna-wpl 4.14.14 Admin+.Arbitrary.File.Upload MEDIUM" "real-estate-listing-realtyna-wpl 4.14.8 Reflected.XSS HIGH" "real-estate-listing-realtyna-wpl 4.14.8 Unauthenticated.SQLi HIGH" "random-banner No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "random-banner No.known.fix Admin+.Stored.XSS LOW" "random-banner 4.1.6 Admin+.Stored.Cross-Site.Scripting LOW" "random-banner 2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "reviewstap 1.1.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "react-webcam No.known.fix Contributor+.Stored.XSS MEDIUM" "resume-upload-form No.known.fix Captcha.Bypass MEDIUM" "re-attacher 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "real-time-find-and-replace 4.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "rolo-slider No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Settings.Change MEDIUM" "read-offline No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "read-offline No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "request-a-quote 2.4.1 Admin+.Stored.XSS LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.4 Authenticated.Stored.XSS MEDIUM" "report-broken-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "razorpay-payment-button 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "responsive-menu-pro 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu-pro 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "responsive-menu-pro 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "r-animated-icon No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "rsv-google-maps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "require-taxonomy-image-category-tag 1.27 Reflected.Cross-Site.Scripting MEDIUM" "review-widgets-for-airbnb 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "relevanssi 4.23.1 Contributor+.Stored.XSS MEDIUM" "relevanssi 4.23.0 Unauthenticated.Information.Exposure MEDIUM" "relevanssi 4.22.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi 4.22.1 Unauthenticated.Query.Log.Export MEDIUM" "relevanssi 4.22.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi 4.14.6 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi 4.14.3 A.Better.Search.<.4.14.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "relevanssi 4.0.5 Cross-Site.Scripting.(XSS) MEDIUM" "relevanssi 3.6.1 Authenticated.Admin.SQL.Injection MEDIUM" "real-cookie-banner 3.4.10 Contributor+.Stored.XSS MEDIUM" "real-cookie-banner 2.18.2 Reflected.Cross-Site.Scripting MEDIUM" "real-cookie-banner 2.14.2 Settings.Reset.via.CSRF MEDIUM" "rk-responsive-contact-form No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "rustolat No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "rest-api-fns No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "rest-api-fns No.known.fix Privilege.Escalation CRITICAL" "recall-products No.known.fix Authenticated.SQL.Injection MEDIUM" "recall-products No.known.fix Authenticated.Cross-Site.Scripting MEDIUM" "rate-star-review 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rate-star-review 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.11 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 4.0.7 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 2.2.7 Editor+.Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.6 Authenticated.(Contributor+).Content.Injection MEDIUM" "responsive-tabs 4.0.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "redux-framework 4.4.18 .4.4.17.-.Unauthenticated.JSON.File.Upload.to.Stored.Cross-Site.Scripting HIGH" "redux-framework 4.2.13 Contributor+.Arbitrary.Plugin.Installation.and.Post.Deletion HIGH" "redux-framework 4.2.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "redux-framework 4.1.21 CSRF.Nonce.Validation.Bypass MEDIUM" "redux-framework 4.1.24 4.1.23.-.CSRF.Nonce.Validation.Bypass MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.2.0 Missing.Authorization.via.handleRequest HIGH" "rw-divi-unite-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rw-divi-unite-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rw-divi-unite-gallery No.known.fix Security.Bypass.via.Outdated.Freemius CRITICAL" "recipepress-reloaded No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realty-workstation No.known.fix Missing.Authorization MEDIUM" "realty-workstation No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "realty-workstation 1.0.15 Agent.SQLi HIGH" "rss-for-yandex-turbo 1.31 Admin+.Stored.Cross-Site.Scripting LOW" "rss-for-yandex-turbo 1.30 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rometheme-for-elementor 1.5.3 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.5.3 Contributor+.Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "rometheme-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rometheme-for-elementor 1.4.2 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "really-simple-ssl-pro 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "responsive-coming-soon-page No.known.fix Unauthenticated.Information.Exposure MEDIUM" "responsive-coming-soon-page 1.6.0 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "rich-web-share-button No.known.fix Unauthenticated.SQL.Injection CRITICAL" "rich-web-share-button No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "rewp 1.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "rankbear No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rankbear No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resads No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "resads No.known.fix Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "resads 1.0.2 .Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "reftagger-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restrict-categories No.known.fix Reflected.XSS HIGH" "rsvpmaker-for-toastmasters 6.2.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "responsive-column-widgets No.known.fix Reflected.XSS HIGH" "responsive-column-widgets No.known.fix Open.Redirect.via.responsive_column_widgets_link MEDIUM" "rate-limiting-for-contact-form-7 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "roi-calculator 1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "really-simple-featured-video 0.7.2 Reflected.Cross-Site.Scripting MEDIUM" "really-simple-featured-video 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resmushit-image-optimizer 0.4.4 Subscriber+.AJAX.Calls MEDIUM" "resmushit-image-optimizer 0.4.7 Multiple.CSRF MEDIUM" "resmushit-image-optimizer 0.4.6 Admin+.Cross-Site.Scripting LOW" "resermy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "resermy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resermy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "remove-add-to-cart-button-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "remove-add-to-cart-button-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rencontre 3.11 Unauthenticated.Arbitrary.File.Upload CRITICAL" "rencontre 3.11.2 Subscriber+.PHP.Object.Injection HIGH" "rencontre 3.11 Privilege.Escalation CRITICAL" "rencontre 3.2.3 Multiple.CSRF CRITICAL" "rsfirewall 1.1.25 IP.Block.Bypass MEDIUM" "real-wp-shop-lite No.known.fix Admin+.Stored.XSS LOW" "registered-user-sync-activecampaign No.known.fix Missing.Authorization MEDIUM" "reactflow-session-replay-heatmap No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "radio-station 2.5.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "radio-station 2.5.0 Reflected.XSS HIGH" "radio-station 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-station 2.4.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ratings-shorttags No.known.fix Stored.XSS.via.CSRF HIGH" "restrict-for-elementor 1.0.8 Protection.Mechanism.Bypass MEDIUM" "restrict-for-elementor 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviews-plus 1.3.5 Missing.Authorization.to.Notice.Dismissal MEDIUM" "reviews-plus 1.2.14 Subscriber+.Reviews.DoS LOW" "ragic-shortcode 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-data-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "responsive-flickr-gallery No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "robokassa 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "relevanssi-live-ajax-search 2.5 Unauthenticated.WP_Query.Argument.Injection MEDIUM" "rename-wp-login No.known.fix Secret.URL.Update.via.CSRF MEDIUM" "recurring-donation 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rm-mailchimp-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rm-mailchimp-manager No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rezgo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "rezgo 4.1.8 Reflected.Cross-Site-Scripting MEDIUM" "rezgo 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "restrict-anonymous-access 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.section_tag.Parameter MEDIUM" "responsive-block-editor-addons 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "recently-viewed-and-most-viewed-products No.known.fix Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "rss-feed-post-generator-echo 5.4.7 Unauthenticated.Privilege.Escalation CRITICAL" "royal-slider 3.2.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rename-author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "real-estate-manager No.known.fix Subscriber+.Privilege.Escalation HIGH" "real-estate-manager 7.0 Subscriber+.Settings.Update MEDIUM" "rduplicator No.known.fix Contributor+.SQLi HIGH" "rearrange-woocommerce-products 3.0.8 Subscriber+.SQL.Injection HIGH" "ra-qrcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rucy No.known.fix Cross-Site.Request.Forgery MEDIUM" "rucy No.known.fix CSRF.Bypass MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery MEDIUM" "revisionary 3.5.16 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "revisionary 3.5.15 Reflected.Cross-Site.Scripting MEDIUM" "rich-snippets-vevents No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "realty 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realty 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rentpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rccp-free No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "relogo No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "real3d-flipbook-lite 4.8.5 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "real3d-flipbook-lite 3.72 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real3d-flipbook-lite 3.63 Reflected.Cross-Site.Scripting MEDIUM" "rabbit-loader 2.21.1 Reflected.Cross-Site.Scripting MEDIUM" "rabbit-loader 2.19.14 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "rafflepress 1.12.16 Editor+.Stored.XSS LOW" "rafflepress 1.12.14 Editor+.Stored.XSS LOW" "rafflepress 1.12.5 Missing.Authorization MEDIUM" "rafflepress 1.12.11 IP.Spoofing MEDIUM" "rafflepress 1.12.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "rafflepress 1.12.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rafflepress 1.11.3 Contributor+.Stored.XSS MEDIUM" "responsive-vector-maps 6.4.2 Responsive.Vector.Maps.<.6.4.2.-.Subscriber+.Arbitrary.File.Read HIGH" "related-posts-for-wp 2.2.2 Cross-Site.Request.Forgery MEDIUM" "related-posts-for-wp 2.0.5 Authenticated.Stored.XSS.&.XFS MEDIUM" "related-posts-for-wp 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "related-posts-for-wp 1.8.2 Cross-Site.Scripting.(XSS) CRITICAL" "recently-viewed-most-viewed-and-sold-products-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "restaurantconnect-reswidget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-widgets-for-hotels-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "review-widgets-for-tripadvisor 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rich-reviews No.known.fix Arbitrary.Reviews.Deletion.via.CSRF MEDIUM" "rich-reviews 1.9.6 Admin+.SQL.Injection MEDIUM" "remember-me-controls 2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "rename-media-files No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "relevanssi-premium 2.25.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi-premium 2.25 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "relevanssi-premium 2.25.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi-premium 2.16.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi-premium 1.14.6.1 SQL.Injection.&.PHP.Object.Injection HIGH" "responsive-coming-soon 2.2.2 Maintenance.Mode.Bypass MEDIUM" "responsive-coming-soon 1.8.2 Arbitrary.Settings.Reset MEDIUM" "replace-image 1.1.11 Insecure.Direct.Object.Reference MEDIUM" "relicwp-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "required-taxonomies 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "required-taxonomies 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ruven-toolkit No.known.fix tinymce/popup.php.popup.Parameter.Reflected.XSS MEDIUM" "seguro-viagem No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smart-slider-3 3.5.1.23 Contributor+.Stored.XSS.via.SVG.Upload MEDIUM" "smart-slider-3 3.5.1.14 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 PHP.Object.Injection MEDIUM" "smart-slider-3 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "serped-net 4.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "sfwd-lms 4.20.0.3 Missing.Authorization MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.3 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.assignments MEDIUM" "sfwd-lms 4.5.3.1 SQL.Injection MEDIUM" "sfwd-lms 4.6.0.1 User.Account.Takeover.via.Insecure.Direct.Object.References HIGH" "sfwd-lms 3.1.6 Unauthenticated.SQL.Injection CRITICAL" "sfwd-lms 3.1.2 Reflected.Cross.Site.Scripting.(XSS).issue.on.the.[ld_profile].search.field. MEDIUM" "sfwd-lms 2.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "sendpress No.known.fix Admin+.Stored.XSS.via.Settings LOW" "sendpress No.known.fix Admin+.Stored.XSS.via.Form.Settings LOW" "sendpress No.known.fix Reflected.XSS HIGH" "sendpress 1.23.11.6 Contributor+.Stored.XSS MEDIUM" "sendpress No.known.fix Admin+.Stored.XSS LOW" "sendpress No.known.fix CSRF MEDIUM" "sendpress 1.20.7.13 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sendpress 1.2 Authenticated.SQL.Injection MEDIUM" "seo-automated-link-building 2.5.3 Missing.Authorization MEDIUM" "seo-automated-link-building 2.1.1 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "slingblocks 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slicko-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-link-pages No.known.fix Missing.Authorization.to.Arbitrary.Page.Creation.and.Cross-Site.Scripting HIGH" "save-grab No.known.fix Cross-Site.Request.Forgery MEDIUM" "save-grab No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.SQLi HIGH" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.Unauthorised.Actions MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Multiple.CSRF MEDIUM" "smsify 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "simple-cod-fee-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-cloudflare-turnstile 1.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-urls 121 Arbitrary.Actions.via.CSRF MEDIUM" "simple-urls 118 Reflected.XSS HIGH" "simple-urls 115 Multiple.Reflected.XSS HIGH" "simple-urls 115 Subscriber+.SQLi HIGH" "seriously-simple-podcasting 3.6.0 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "seriously-simple-podcasting 3.3.0 Admin+.Stored.XSS LOW" "seriously-simple-podcasting 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.0.0 Unauthenticated.Administrator.Email.Disclosure MEDIUM" "seriously-simple-podcasting 2.19.1 Contributor+.Stored.XSS MEDIUM" "seriously-simple-podcasting 2.16.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "spotlightr 0.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stop-wp-emails-going-to-spam 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "skyword-plugin 2.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "send-users-email 1.5.2 Unauthenticated.Information.Exposure MEDIUM" "send-users-email 1.4.4 Sensitive.Information.Exposure.via.Error.Logs MEDIUM" "send-users-email 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "simply-exclude No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-events-calendar No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "sonawp-simple-payment-block 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "soumettre-fr 2.1.4 Missing.Authorization MEDIUM" "scan-external-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "securimage-wp-fixed No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "schema-app-structured-data-for-schemaorg 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Cross-Site.Request.Forgery MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Missing.Authorization MEDIUM" "schema-app-structured-data-for-schemaorg 1.22.4 Missing.Authorization.via.page_init MEDIUM" "searchwp-live-ajax-search 1.6.3 Unauthenticated.Local.File.Inclusion MEDIUM" "searchwp-live-ajax-search 1.6.2 Unauthenticated.Arbitrary.Post.Title.Disclosure MEDIUM" "signup-page No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "stageshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-provenexpert 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-provenexpert 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "side-menu 3.1.5 Authenticated.(admin+).SQL.Injection HIGH" "supportflow 0.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sticky-header-oceanwp No.known.fix CSRF MEDIUM" "sopa-blackout No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "stop-registration-spam 1.24 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "sovratec-case-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "simple-code-insert-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "simple-user-listing 1.9.3 Reflected.XSS HIGH" "sendpulse-web-push 1.3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "sendpulse-web-push 1.3.2 CSRF MEDIUM" "small-package-quotes-wwe-edition 5.2.18 Unauthenticated.SQL.Injection HIGH" "social-lite 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "salesking 1.6.30 Unauthenticated.Sensitive.Information.Exposure HIGH" "salesking 1.6.30 Unauthenticated.Privilege.Escalation CRITICAL" "salesking 1.6.30 Missing.Authorization.to.Settings.Change MEDIUM" "simply-show-hooks No.known.fix Injected.Backdoor CRITICAL" "styler-for-ninja-forms-lite No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Deletion.via.deactivate_license MEDIUM" "skaut-bazar 1.3.3 Reflected.Cross-Site.Scripting HIGH" "socialmark 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "socialmark 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smooth-page-scroll-updown-buttons 1.4.1 Authenticated.Stored.XSS.via.psb_positioning LOW" "smooth-page-scroll-updown-buttons 1.4 Authenticated.Stored.XSS MEDIUM" "service No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "simple-site-verify 1.0.8 Admin+.Stored.XSS LOW" "simple-presenter 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "sender-net-automated-emails 2.6.16 Reflected.Cross-Site.Scripting MEDIUM" "sender-net-automated-emails 2.6.19 Cross-Site.Request.Forgery MEDIUM" "smart-donations No.known.fix Cross-Site.Request.Forgery MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Stored.XSS.via.CSRF HIGH" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Admin+.SQLi MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Reflected.XSS HIGH" "site-reviews 7.0.0 IP.Spoofing MEDIUM" "site-reviews 6.11.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "site-reviews 6.11.7 Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.display.name MEDIUM" "site-reviews 6.10.3 Missing.Authorization MEDIUM" "site-reviews 6.7.1 Admin+.Stored.XSS LOW" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.4.0 Unauthenticated.CSV.Injection MEDIUM" "site-reviews 5.17.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "site-reviews 5.13.1 Admin+.Stored.XSS LOW" "site-reviews 2.15.3 Cross-Site.Scripting.(XSS) MEDIUM" "stripe-manager No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "shopping-pages No.known.fix Stored.XSS.via.CSRF HIGH" "shortcodes-ui No.known.fix Contributor+.Stored.XSS MEDIUM" "shortcodes-ui No.known.fix CSRF MEDIUM" "sayfa-sayac No.known.fix Unauthenticated.SQL.Injection CRITICAL" "sayfa-sayac No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "simple-bitcoin-faucets No.known.fix Unauthorised.AJAX.Call.to.Stored.XSS MEDIUM" "subscribe-sidebar No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "shortcode-addons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-addons No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "shortcode-addons 3.2.0 Authenticated.Arbitrary.Options.Update MEDIUM" "shortcode-addons 3.1.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "simple-nav-archives No.known.fix Settings.Update.via.CSRF MEDIUM" "sagepay-server-gateway-for-woocommerce 1.0.9 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "skype-online-status No.known.fix Contributor+.Stored.XSS MEDIUM" "subscriptions-memberships-for-paypal 1.1.3 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "scripts-organizer 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "standout-color-boxes-and-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-blog-card 1.32 Subscriber+.Arbitrary.Post.Access MEDIUM" "simple-blog-card 1.31 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "skt-addons-for-elementor 3.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "skt-addons-for-elementor 3.2 Contributor+.Stored.XSS MEDIUM" "skt-addons-for-elementor 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate.and.Creative.Slider.Widgets HIGH" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Block MEDIUM" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Page.Title MEDIUM" "smartsoftbutton-widget-de-botones-de-chat No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF HIGH" "super-socializer 7.14.1 Unauthenticated.Limited.SQL.Injection.via.'SuperSocializerKey' MEDIUM" "super-socializer 7.14 Authentication.Bypass HIGH" "super-socializer 7.13.64 Editor+.Stored.XSS MEDIUM" "super-socializer 7.13.55 Missing.Authorization MEDIUM" "super-socializer 1.13.53 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.52 Reflected.XSS HIGH" "super-socializer 7.13.44 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.30 Reflected.Cross-Site.Scripting MEDIUM" "super-socializer 7.11 Authentication.Bypass CRITICAL" "shoutcast-icecast-html5-radio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spider-event-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spider-event-calendar 1.5.52 Admin+.SQL.injection MEDIUM" "spider-event-calendar 1.5.52 Authenticated.Blind.SQL.Injection CRITICAL" "spider-event-calendar 1.4.14 Unauthenticated.SQL.Injection HIGH" "squelch-tabs-and-accordions-shortcodes 0.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tab.Shortcode MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.8 Cross-Site.Request.Forgery MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accordions.Shortcode MEDIUM" "stockists-manager No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "sb-random-posts-widget 1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "swift-performance-lite 2.3.7.2 Unauthenticated.Local.PHP.File.Inclusion.via.'ajaxify' HIGH" "swift-performance-lite 2.3.6.21 Cross-Site.Request.Forgery MEDIUM" "swift-performance-lite 2.3.6.19 Subscriber+.Settings.Update MEDIUM" "swift-performance-lite 2.3.6.15 Unauthenticated.Configuration.Export MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "salesmanago 3.2.5 Log.Injection.via.Weak.Authentication.Token MEDIUM" "supreme-modules-for-divi 2.5.52 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "supreme-modules-for-divi 2.5.4 Contrib+.DOM-Based.Cross-Site.Scripting MEDIUM" "superfly-menu 5.0.30 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "superfly-menu No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "show-posts 1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sponsors-carousel No.known.fix Admin+.Stored.XSS LOW" "shortcodehub 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "supportbubble No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supportbubble No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shockingly-simple-favicon No.known.fix Settings.Update.via.CSRF MEDIUM" "simple-news No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.news.Shortcode MEDIUM" "s-dev-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scratch-win-giveaways-for-website-facebook 2.8.0 Cross-Site.Request.Forgery.via.reset_installation.Function MEDIUM" "scratch-win-giveaways-for-website-facebook 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-youtube-responsive 3.0 Contributor+.Stored.XSS MEDIUM" "snapshot-backup No.known.fix Stored.XSS.via.CSRF HIGH" "shortcode-imdb No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode-imdb No.known.fix Admin+.SQLi MEDIUM" "store-credit-for-woocommerce 1.0.49.47 Reflected.Cross-Site.Scripting MEDIUM" "simplified-content 1.0.1 XSS MEDIUM" "simple-media-directory 1.4.4 Contributor+.Stored.XSS MEDIUM" "simple-media-directory 1.4.3 Unauthenticated.SQLi HIGH" "seo-optimized-images 2.1.4 Injected.Backdoor CRITICAL" "seo-optimized-images 2.1 Reflected.Cross-Site.Scripting MEDIUM" "sksdev-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sign-in-with-google No.known.fix Authentication.Bypass.in.authenticate_user CRITICAL" "structured-content 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "structured-content 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Classic.Editor.Shortcode MEDIUM" "structured-content 1.6 Contributor+.PHP.Object.Injection HIGH" "structured-content 1.6 Contributor+.Stored.XSS MEDIUM" "structured-content 1.5.1 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "save-as-pdf-by-pdfcrowd 4.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 4.0.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.1 Missing.Authorization MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.0 Admin+.Stored.XSS LOW" "save-as-pdf-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "salvador-ai-image-generator No.known.fix Missing.Authorization MEDIUM" "share-on-diaspora 0.7.2 XSS MEDIUM" "social-media-widget 4.0.9 Admin+.Stored.XSS LOW" "simplesamlphp-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "streamweasels-kick-integration 1.1.2 Blocks.and.Shortcodes.for.Embedding.Kick.Streams.<.1.1.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-kick-embed.Shortcode MEDIUM" "svt-simple No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "splashscreen No.known.fix Settings.Update.via.CSRF MEDIUM" "slider-blocks 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "socialdriver-framework 2024.04.30 Contributor+.Stored.XSS MEDIUM" "socialdriver-framework 2024.04.30 Reflected.XSS HIGH" "socialdriver-framework 2024.04.30 Admin+.Stored.XSS.via.Settings LOW" "socialdriver-framework 2024.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "simplepress 6.10.12 Reflected.Cross-Site.Scripting MEDIUM" "simplepress 6.8.1 Unauthenticated.Stored.XSS.via.Forum.Replies HIGH" "simplepress 6.8.1 Admin+.Arbitrary.File.Update LOW" "simplepress 6.8.1 Subscriber+.Arbitrary.File.Deletion HIGH" "simplepress 6.8.1 Subscriber+.Stored.XSS.via.Profile.Signatures MEDIUM" "simplepress 6.6.1 Broken.Access.Control.leading.to.RCE CRITICAL" "shopp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "stetic 1.0.9 CSRF.to.Stored.Cross-Site.Scripting HIGH" "surly No.known.fix Missing.Authorization MEDIUM" "security-ninja 5.159 Reflected.Cross-Site.Scripting MEDIUM" "security-ninja 5.135 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "squeeze 1.4.1 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "sully 4.3.1 Reflected.XSS HIGH" "sully 4.3.1 Plugin.Reset.via.CSRF MEDIUM" "sully 4.3.1 Admin+.Stored.XSS LOW" "sully 4.3.1 Admin+.Stored.XSS.via.CSRF HIGH" "ssl-atlas-free-ssl-certificate-https-redirect 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-scroll-to-top-lite 1.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "simple-post No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "subscribers-com 1.5.4 Free.Web.Push.Notifications.<.1.5.4.-.Admin+.Stored.XSS LOW" "star-cloudprnt-for-woocommerce 2.0.4 Reflected.XSS HIGH" "star-cloudprnt-for-woocommerce No.known.fix Reflected.XSS HIGH" "simple-file-downloader No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "slide No.known.fix Missing.Authorization.to.Content.Injection MEDIUM" "slide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slide No.known.fix Missing.Authorization MEDIUM" "system-dashboard No.known.fix Reflected.Cross-Site.Scripting.via.Filename.Parameter MEDIUM" "system-dashboard 2.8.15 Unauthenticated.Stored.XSS HIGH" "system-dashboard 2.8.15 Admin+.Path.Traversal MEDIUM" "system-dashboard 2.8.10 XSS.via.Header.Injection LOW" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_php_info) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_global_value) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_constants) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_db_specs) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_option_value) MEDIUM" "seo-meta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-facebook-twitter-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-facebook-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stock-ticker 3.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stock_ticker.Shortcode MEDIUM" "stock-ticker 3.23.5 Authenticated.(Contributor+).Stored.Cross-Site.Scritping MEDIUM" "stock-ticker 3.23.4 Reflected.XSS HIGH" "stock-ticker 3.23.3 Reflected.XSS HIGH" "stock-ticker 3.23.1 Missing.Authorization.in.AJAX.Actions MEDIUM" "service-updates-for-customers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-booster 3.8.10 Cross-Site.Request.Forgery MEDIUM" "seo-booster 3.8.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-booster 3.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-booster 3.8 Admin+.SQL.Injection MEDIUM" "store-locator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "store-locator 3.98.8 Settings.Update.via.CSRF MEDIUM" "store-locator 3.34 SQL.Injection CRITICAL" "simple-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "send-pdf-for-contact-form-7 1.0.2.4 Missing.Authorization MEDIUM" "send-pdf-for-contact-form-7 0.9.9.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smooth-slider 2.8.7 Authenticated.SQL.Injection HIGH" "smooth-slider 2.7 Authenticated.SQL.Injection HIGH" "shortcut-macros No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "sumo-divi-modules No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sumo-divi-modules 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-payment 2.3.8 Reflected.Cross-Site.Scripting MEDIUM" "simple-form 2.12.2 Admin+.Stored.XSS LOW" "search-logger No.known.fix Admin+.SQLi MEDIUM" "splash-connector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sticky-popup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "simple-login-log 1.1.2 Authenticated.SQL.Injection CRITICAL" "smart-blocks 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.8.2 Reflected.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spoki 2.15.16 Contributor+.Stored.XSS MEDIUM" "shortcode-factory 2.8 Local.File.Inclusion CRITICAL" "shortcode-factory 1.1.1 XSS MEDIUM" "surecart 2.29.4 Reflected.Cross-Site.Scripting MEDIUM" "surecart 2.5.1 Admin+.Stored.XSS LOW" "split-test-for-elementor 1.7.0 Cross-Site.Request.Forgery MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Reflected.Cross-Site.Scripting.via.monthly_sales_current_year.Parameter MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update./.Data.Access MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Arbitrary.File.Upload CRITICAL" "standard-box-sizes 1.6.14 Missing.Authorization MEDIUM" "secure-ip-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "secure-ip-logins No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slick-social-share-buttons No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "simple-staff-list 2.2.5 Missing.Authorization.via.ajax_flush_rewrite_rules.and.staff_member_export MEDIUM" "simple-staff-list 2.2.4 Editor+.Stored.XSS MEDIUM" "simple-staff-list 2.2.3 Contributor+.Stored.XSS MEDIUM" "simple-popup-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "smaily-for-wp No.known.fix Contributor+.Stored.XSS MEDIUM" "shine-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "saksh-escrow-system No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "seo-wizard No.known.fix Unauthorised.AJAX.Calls HIGH" "seo-wizard No.known.fix Unauthorised.robots.txt.&..htaccess.Edit.via.CSRF HIGH" "show-all-comments-in-one-page 7.0.1 Reflected.XSS HIGH" "selar-co-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sailthru-triggermail No.known.fix Subscriber+.Stored.XSS HIGH" "sailthru-triggermail No.known.fix Reflected.XSS HIGH" "sailthru-triggermail No.known.fix Admin+.Stored.XSS LOW" "social-media-sharing No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simply-excerpts No.known.fix Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.43 Admin+.Template.Injection.to.RCE MEDIUM" "simply-schedule-appointments 1.6.7.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.6.24 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.9 Authenticated.(Subscriber+).SQL.Injection HIGH" "simply-schedule-appointments 1.6.7.9 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "simply-schedule-appointments 1.6.6.24 Cross-Site.Request.Forgery.to.Plugin.Data.Reset MEDIUM" "simply-schedule-appointments 1.6.6.1 Authenticated(Administrator+).SQL.Injection MEDIUM" "simply-schedule-appointments 1.5.7.7 Admin+.Stored.Cross-Site.Scripting LOW" "simply-schedule-appointments 1.5.7.7 Unauthenticated.Email.Address.Disclosure MEDIUM" "smooth-streaming-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "search-filter 1.2.16 Contributor+.Stored.XSS MEDIUM" "super-social-content-locker-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slider-range-htapps 1.1.6 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-file-list 6.1.13 Reflected.Cross-Site.Scripting HIGH" "simple-file-list 6.1.10 Admin+.Stored.XSS LOW" "simple-file-list 6.1.10 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "simple-file-list 6.0.10 Admin+.Stored.XSS LOW" "simple-file-list 4.4.13 Page.Creation.via.CSRF MEDIUM" "simple-file-list 4.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "simple-file-list 4.4.12 Reflected.Cross-Site.Scripting MEDIUM" "simple-file-list 4.2.8 Authenticated.Arbitrary.File.Deletion HIGH" "simple-file-list 4.2.3 Unauthenticated.Arbitrary.File.Upload.RCE CRITICAL" "simple-file-list 3.2.8 Unauthenticated.Arbitrary.File.Download HIGH" "sliding-widgets No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "simple-support-ticket-system 1.2.1 Unauthenticated.SQL.Injection CRITICAL" "simple-feature-requests 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-feature-requests 2.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "so-widgets-bundle 1.64.1 Missing.Authorization LOW" "so-widgets-bundle 1.62.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Image.Grid.widget MEDIUM" "so-widgets-bundle 1.62.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SiteOrigin.Blog.Widget MEDIUM" "so-widgets-bundle 1.61.0 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "so-widgets-bundle 1.58.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.2 Contributor+.Stored.XSS MEDIUM" "so-widgets-bundle 1.51.0 Admin+.Local.File.Inclusion MEDIUM" "sidebar-manager 1.1.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "sidebar-manager 1.1.5 Cross-Site.Request.Forgery MEDIUM" "sky-login-redirect 3.7.3 Reflected.Cross-Site.Scripting MEDIUM" "sky-login-redirect 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "syndication-links 1.0.2.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "srbtranslatin 2.4.1 Cross-Site.Scripting.From.Third-party.Library HIGH" "srbtranslatin 1.47 Stored.XSS.&.CSRF HIGH" "scroll-post-excerpt No.known.fix Admin+.Stored.XSS LOW" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sql-chart-builder No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "simple-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Alert.Shortcode MEDIUM" "safety-exit 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "search-meter 2.13.3 CSV.Injection MEDIUM" "snow-monkey-forms 5.0.7 Unauthenticated.Path.Traversal MEDIUM" "share-one-drive 1.15.3 Reflected.Cross-Site.Scripting MEDIUM" "simple-project-managment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-header-and-footer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-sponsorships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-sponsorships 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spice-post-slider 2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "spice-post-slider 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "smtp-mail 1.3.21 Cross.Site.Request.Forgery MEDIUM" "smtp-mail No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mail 1.2.2 Authenticated.SQL.Injections MEDIUM" "smtp-mail 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "stars-testimonials-with-slider-and-masonry-grid 3.3.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stars-testimonials-with-slider-and-masonry-grid 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stars_testimonials.Shortcode MEDIUM" "stream 4.0.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "stream 3.9.3 Missing.Authorization.via.load_alerts_settings MEDIUM" "stream 3.9.3 CSRF MEDIUM" "stream 3.9.2 Subscriber+.Alert.Creation MEDIUM" "stream 3.8.2 Admin+.SQL.Injection MEDIUM" "simplelender-by-umatidocs-com No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sb-child-list No.known.fix Settings.Update.via.CSRF MEDIUM" "sinking-dropdowns No.known.fix Cross-Site.Request.Forgery HIGH" "seo-dashboard-by-gutewebsites-de No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "sell-media-file No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sucuri-scanner 1.8.34 Event.log.Entry.Creation.via.CSRF MEDIUM" "spacer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Information.Disclosure LOW" "spacer 3.0.7 Admin+.Stored.XSS LOW" "shortcode-for-redirection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spider-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stop-spam-comments No.known.fix Access.Token.Bypass LOW" "simple-job-board 2.12.4 Authenticated.(Editor+).PHP.Object.Injection HIGH" "simple-job-board 2.12.2 Admin+.Stored.XSS LOW" "simple-job-board 2.12.6 Unauthenticated.Resumes.Download LOW" "simple-job-board 2.11.1 Unauthenticated.PHP.Object.Injection.via.Job.Application.Fields CRITICAL" "simple-job-board 2.11.0 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "simple-job-board 2.10.7 Cross-Site.Request.Forgery MEDIUM" "simple-job-board 2.10.6 Missing.Authorization MEDIUM" "simple-job-board 2.10.4 Settings.Update.via.CSRF MEDIUM" "simple-job-board 2.10.0 Resume.Disclosure.via.Directory.Listing MEDIUM" "simple-job-board 2.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "simple-job-board 2.9.4 Authenticated.Path.Traversal.Leading.to.Arbitrary.File.Download HIGH" "simple-job-board 2.4.4 Reflected.XSS MEDIUM" "seo-for-local 9.2.1 Reflected.Cross-Site.Scripting MEDIUM" "seo-for-local 9.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "solid-affiliate No.known.fix Sensitive.Information.Exposure MEDIUM" "sf-booking 3.2 Unauthenticated.Local.File.Disclosure HIGH" "salon-booking-system 10.9.1 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "salon-booking-system 1.9.4 Admin+.Stored.XSS LOW" "salon-booking-system 10.9 Unauthenticated.Open.Redirect MEDIUM" "salon-booking-system 10.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "salon-booking-system 10.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 10.0 Missing.Authorization MEDIUM" "salon-booking-system 10.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "salon-booking-system 9.6.6 Editor+.Stored.XSS LOW" "salon-booking-system 9.6.6 Editor+.Stored.XSS.via.Email.Settings LOW" "salon-booking-system 9.6.6 Settings.Update.via.CSRF MEDIUM" "salon-booking-system 9.5.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 8.7 Authenticated.(Editor+).Privilege.Escalation HIGH" "salon-booking-system 8.4.9 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 8.4.8 User.Role.change.via.CSRF MEDIUM" "salon-booking-system 7.9.4 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "salon-booking-system 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-system 7.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salon-booking-system 6.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "scheduled-announcements-widget 1.0 Contributor+.Stored.XSS MEDIUM" "super-testimonial-pro 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "smart-google-code-inserter 3.5 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "smart-google-code-inserter 3.5 Unauthenticated.SQL.Injection CRITICAL" "simple-page-transition No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "stock-in No.known.fix Authenticated.SQL.Injection MEDIUM" "stock-in No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shortcode-gallery-for-matterport-showcase 2.2.0 Cross-Site.Request.Forgery MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.7 Reflected.XSS HIGH" "shortcode-gallery-for-matterport-showcase 2.1.5 Contributor+.Stored.XSS MEDIUM" "supersaas-appointment-scheduling 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shareaholic 9.7.12 Missing.Authorization.via.accept_terms_of_service MEDIUM" "shareaholic 9.7.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shareaholic 9.7.6 Information.Disclosure MEDIUM" "slider-for-writers No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sportspress 2.7.22 Admin+.Stored.XSS LOW" "sportspress 2.7.21 Missing.Authorization.to.Notice.Dismissal LOW" "sportspress 2.7.18 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "sportspress 2.7.9 Reflected.Cross-Site.Scripting HIGH" "sportspress 2.7.2 Authenticated.Stored.Cross-Site.Scripting HIGH" "server-status-by-hostnameip No.known.fix Authenticated.SQL.Injection HIGH" "social-pug 1.33.2 PHP.Object.Injection HIGH" "social-pug 1.33.1 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "social-pug 1.32.0 Admin+.Stored.XSS LOW" "social-pug 1.30.1 Missing.Authorization.via.multiple.admin_init.actions MEDIUM" "social-pug 1.19.0 Reflected.Cross-Site.Scripting MEDIUM" "social-pug 1.2.6 Social.Pug.<=.1.2.5.-.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "search-console 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "search-field-for-gravity-forms 0.6 Reflected.Cross-Site.Scripting MEDIUM" "svegliat-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-for-amp-web-stories-and-elementor-widget 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stout-google-calendar No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "scrollto-top No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "smoove-elementor 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "social-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "security-malware-firewall 2.145.1 Authorization.Bypass.via.Reverse.DNS.Spoofing.to.Unauthenticated.SQL.Injection HIGH" "security-malware-firewall 2.121 IP.Spoofing MEDIUM" "security-malware-firewall 2.51 Security.Nonce.Leak.leading.to.Unauthorised.AJAX.call HIGH" "smarty-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "smarty-for-wordpress No.known.fix Settings.Update.via.CSRF MEDIUM" "smpl-shortcodes No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "simple-long-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "showhide-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slider-pro-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seamless-donations 5.1.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "smart-manager-for-wp-e-commerce 8.53.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smart-manager-for-wp-e-commerce 8.46.0 Missing.Authorization MEDIUM" "smart-manager-for-wp-e-commerce 8.28.0 Admin+.SQL.Injection MEDIUM" "simple-buttons-creator No.known.fix Unauthenticated.Stored.XSS HIGH" "simple-buttons-creator No.known.fix Aribtrary.Button.Deletion.via.CSRF MEDIUM" "support-x 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-recent-posts-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "soccer-engine-lite 1.13 Cross-Site.Request.Forgery MEDIUM" "stax-buddy-builder 1.8.0 Contributor+.Post.Disclosure MEDIUM" "spectra-pro 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.IDs MEDIUM" "spectra-pro 1.1.6 Authenticated.(Author+).Privilege.Escalation HIGH" "social-pixel No.known.fix Admin+.Stored.XSS LOW" "stop-spammer-registrations-plugin 2024.5 Cross-Site.Request.Forgery.(CSRF).via.sfs_process MEDIUM" "stop-spammer-registrations-plugin 2023 Admin+.Stored.XSS LOW" "stop-spammer-registrations-plugin 2023 Reflected.XSS HIGH" "stop-spammer-registrations-plugin 2022.6 Unauthenticated.PHP.Object.Injection MEDIUM" "stop-spammer-registrations-plugin 2021.18 Authenticated.Stored.XSS LOW" "stop-spammer-registrations-plugin 2021.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shortcodes-ultimate-pro 7.2.1 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate-pro 7.1.5 Contributor+.Stored.Cross-Site.Scripting.XSS MEDIUM" "simple-proxy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Deletion MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Edit/Creation MEDIUM" "splash-header 1.20.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "secupress 2.2.5.2 Cross-Site.Request.Forgery.to.Banned.IP.Address MEDIUM" "secupress 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "softtemplates-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-jquery-image-gallery No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "slideshow-jquery-image-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-jquery-image-gallery 2.2.22 Option.Value.Disclosure HIGH" "social-media-buttons-toolbar No.known.fix Admin+.Stored.XSS MEDIUM" "smtp2go 1.5.0 Admin+.Stored.XSS LOW" "sided No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "strong-testimonials 3.1.17 Missing.Authorization MEDIUM" "strong-testimonials 3.1.13 Authenticated(Contributor+).Improper.Authorization.to.Views.Modification MEDIUM" "strong-testimonials 3.1.12 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.1.11 Settings.Update.via.CSRF MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "strong-testimonials 2.51.3 Unauthorised.AJAX.Call MEDIUM" "strong-testimonials 2.40.1 Stored.Cross.Site.Scripting.(XSS) MEDIUM" "simple-custom-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-headline-rotator No.known.fix Stored.XSS.via.CSRF HIGH" "sitemap-index No.known.fix Admin+.XSS LOW" "simpul-events-by-esotech No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sprout-clients No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sprout-clients 3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sprout-clients 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "simple-testimonials-showcase No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Cross-Site.Request.Forgery MEDIUM" "smartsupp-live-chat 3.7 Cross-Site.Request.Forgery MEDIUM" "support-genix-lite 1.2.4 Missing.Authorization MEDIUM" "stockdio-historical-chart 2.8.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stockdio-historical-chart 2.8.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sky-elementor-addons 2.6.3 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.2 Cross-Site.Request.Forgery.to.Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Switcher.Widget.Elementor.Template MEDIUM" "sky-elementor-addons 2.5.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.8 Contributor+.Stored.XSS MEDIUM" "sky-elementor-addons 2.5.0 Authenticated(Contributor+).Stored.Cross-site.scripting.via.Wrapper.Link.URL MEDIUM" "ssl-wireless-sms-notification 3.6.0 Unauthenticated.SQL.Injection HIGH" "ssl-wireless-sms-notification No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "slick-engagement 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slick-grid.Shortcode MEDIUM" "square-thumbnails 1.1.2 Missing.Authorization MEDIUM" "stripe-payments 2.0.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accept_stripe_payment_ng.Shortcode MEDIUM" "stripe-payments 2.0.80 Insecure.Direct.Object.Reference MEDIUM" "stripe-payments 2.0.64 Admin+.Stored.Cross-Site.Scripting LOW" "stripe-payments 2.0.40 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sureforms 1.2.3 Missing.Authorization.to.Unauthenticated.Protected.Post.Disclosure MEDIUM" "stock-locations-for-woocommerce 2.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "skillbars 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "startend-subscription-add-on-for-gravityforms 4.0.6 Reflected.Cross-Site.Scripting MEDIUM" "surbma-salesautopilot-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-for-woocommerce 1.6.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "scroll-baner No.known.fix CSRF.to.RCE CRITICAL" "sticky-add-to-cart-for-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sparkle-elementor-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slider-factory 1.3.6 Subscriber+.Arbitrary.Post.Access MEDIUM" "slider-factory 1.3.2 Slider.Clone/Save/Delete.via.CSRF MEDIUM" "secondary-title 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.18 Authenticated.(Author+).Limited.Local.File.Inclusion HIGH" "slideshow-se No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.6 Subscriber+.Stored.XSS HIGH" "slideshow-se 2.5.6 Author+.Stored.XSS MEDIUM" "stylish-price-list 7.1.8 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.0.18 Missing.Authorization MEDIUM" "stylish-price-list 6.9.0 Unauthenticated.Arbitrary.Image.Upload MEDIUM" "stylish-price-list 6.9.1 Subscriber+.Arbitrary.Image.Upload MEDIUM" "scrollup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slick-popup 1.7.15 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slick-popup 1.7.2 Privilege.Escalation HIGH" "seo-301-meta No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "site-is-offline-plugin No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "sb-core No.known.fix Authentication.Bypass CRITICAL" "starfish-reviews 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "starfish-reviews 3.0.26 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "starfish-reviews 2.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "simple-notification No.known.fix Missing.Authorization MEDIUM" "scrollbar-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-icons-widget-by-wpzoom 4.2.18 Admin+.Stored.XSS LOW" "social-icons-widget-by-wpzoom 4.2.16 Missing.Authorization MEDIUM" "show-hidecollapse-expand 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "show-hidecollapse-expand No.known.fix Subscriber+.Settings.Update MEDIUM" "sikshya 0.0.22 Reflected.Cross-Site.Scripting.via.page.Parameter MEDIUM" "simple-download-counter 1.6.1 Contributor+.Stored.XSS MEDIUM" "scheduled-notification-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "suki-sites-import No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "simply-rets 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sp-rental-manager No.known.fix Unauthenticated.SQL.Injection HIGH" "simple-social-share-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.3.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox.Shortcode MEDIUM" "shortcodes-ultimate 7.1.6 Contributor+.Stored.XSS.via.su_members.Shortcode MEDIUM" "shortcodes-ultimate 7.1.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox MEDIUM" "shortcodes-ultimate 7.1.0 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.Cross-Site.Scripting.via.'note_color'.Shortcode MEDIUM" "shortcodes-ultimate 7.0.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "shortcodes-ultimate 7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Insecure.Direct.Object.Reference.to.Information.Disclosure MEDIUM" "shortcodes-ultimate 5.13.1 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.User.Meta.Disclosure MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.Arbitrary.Post.Access MEDIUM" "shortcodes-ultimate 5.12.7 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.Arbitrary.File.Access MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.SSRF MEDIUM" "shortcodes-ultimate 5.12.1 Stored.XSS.via.CSRF MEDIUM" "shortcodes-ultimate 5.12.1 Settings.Preset.Update.via.CSRF MEDIUM" "shortcodes-ultimate 5.10.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.0.1 Authenticated.Contributor.Code.Execution CRITICAL" "shortcodes-ultimate 4.10.0 Authenticated.Directory.Traversal MEDIUM" "singsong No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-facebook-plugin 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-facebook-plugin 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "swifty-page-manager No.known.fix Page.Creation/Deletion.via.CSRF MEDIUM" "swifty-page-manager No.known.fix Admin+.Stored.XSS LOW" "saoshyant-element No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spendino No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "sheets-to-wp-table-live-sync 3.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-ck 1.4.10 Admin+.Stored.Cross-Site.Scripting LOW" "subscribe-to-category No.known.fix Unauthenticated.SQLi HIGH" "syncfields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.16 Cross-Site.Request.Forgery MEDIUM" "social-auto-poster 5.3.16 Reflected.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.via.Multiple.Functions HIGH" "social-auto-poster 5.3.15 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "social-auto-poster 5.3.15 Cross-Site.Request.Forgery.via.Multiple.Functions MEDIUM" "social-auto-poster 5.3.15 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "social-auto-poster 5.3.15 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.via.wpw_auto_poster_update_tweet_template MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "store-locator-le No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "store-locator-le 5.9 Unauthenticated.Stored.XSS HIGH" "store-locator-le 5.9 Authenticated.Privilege.Escalation CRITICAL" "smart-custom-fields No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-custom-fields 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Disclosure MEDIUM" "stylish-internal-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "svg-support 2.5.8 Author+.Cross-Site.Scripting.via.SVG MEDIUM" "svg-support 2.5.2 Author+.Stored.XSS MEDIUM" "svg-support 2.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "svg-support 2.3.20 Admin+.Stored.Cross-Site.Scripting LOW" "stop-comment-spam 0.5.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sparkle-demo-importer 1.4.8 Missing.Authorization.to.Authorized(Subscriber+).Post/Pages/Attachements.Deletion.and.Demo.Data.Import MEDIUM" "seo-title-tag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "swift-framework No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "swift-framework No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "send-to-twitter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-tape No.known.fix CSRF.to.Stored.XSS HIGH" "spin360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "staff-directory-pro 4.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "staff-directory-pro 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "svgmagic No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "sis-handball No.known.fix Settings.Update.via.CSRF MEDIUM" "slickr-flickr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "stacks-mobile-app-builder No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "stacks-mobile-app-builder No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "stacks-mobile-app-builder No.known.fix Authentication.Bypass CRITICAL" "shortcode-for-current-date 2.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sportspress-tv No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sweepwidget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spam-byebye 2.2.2 Cross-Site.Scripting.(XSS) MEDIUM" "smartcrawl-seo 3.10.9 Unauthenticated.Full.Path.Disclosure MEDIUM" "smartcrawl-seo 3.10.3 Missing.Authorization MEDIUM" "smartcrawl-seo 3.8.3 Unauthenticated.Password.Protected.Post.Disclosure MEDIUM" "sell-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-media-shortcodes 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scoutnet-kalender No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "svg-block 1.1.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "svg-block 1.1.20 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "section-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-slider No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "section-slider No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "semalt No.known.fix Admin+.Stored.XSS LOW" "squirrly-seo-pack No.known.fix Advanced.Pack.<=.2.3.8.-.Authenticated(Administrator+).SQL.Injection MEDIUM" "sola-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "sola-testimonials No.known.fix Cross-Site.Request.Forgery MEDIUM" "securimage-wp No.known.fix Cross-Site.Request.Forgery MEDIUM" "swifty-bar 1.2.11 Admin+.Stored.XSS LOW" "sitemap-by-click5 1.0.36 Unauthenticated.Arbitrary.Options.Update CRITICAL" "survey-maker 5.1.3.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Survey.Question MEDIUM" "survey-maker 5.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.9.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.2.9 Admin+.Stored.XSS.via.Plugin.Settings LOW" "survey-maker 4.1.0 IP.Address.Spoofing MEDIUM" "survey-maker 3.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "survey-maker 4.0.7 Reflected.Cross-Site.Scripting MEDIUM" "survey-maker 4.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 3.4.7 Reflected.XSS HIGH" "survey-maker 3.1.2 Subscriber+.SQLi HIGH" "survey-maker 3.1.4 Unauthenticated.Stored.XSS HIGH" "survey-maker 2.0.7 Unauthenticated.Store.Cross-Site.Scripting MEDIUM" "survey-maker 1.5.6 Reflected.Cross-Site.Scripting.(XSS) HIGH" "survey-maker 1.5.6 Authenticated.Blind.SQL.Injections HIGH" "scrollbar-by-webxapp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.6.11 Cross-Site.Request.Forgery MEDIUM" "spotlight-social-photo-feeds 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.4.3 Contributor+.Stored.XSS MEDIUM" "spotlight-social-photo-feeds 0.10.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-student-result 1.8.0 Unauthorised.REST.Calls MEDIUM" "simple-student-result 1.7.5 Stored.Cross.Site.Scripting.via.CSRF MEDIUM" "simple-student-result 1.6.4 Auth.Bypass CRITICAL" "smart-forms 2.6.92 Missing.Authorization.to.Notice.Dismissal MEDIUM" "smart-forms 2.6.96 Admin+.Stored.XSS LOW" "smart-forms 2.6.94 Edit.Entries.via.CSRF MEDIUM" "smart-forms 2.6.94 Subscriber+.Edit.Entries.via.Broken.Access.Control MEDIUM" "smart-forms 2.6.87 Subscriber+.Arbitrary.Entry.Deletion MEDIUM" "smart-forms 2.6.85 Subscriber+.Arbitrary.Options.Update HIGH" "smart-forms 2.6.71 Subscriber+.Form.Data.Download MEDIUM" "smart-forms 2.6.16 Cross-Site.Request.Forgery.(CSRF) HIGH" "stop-referrer-spam 1.3.1 CSRF MEDIUM" "sparkpost 2.3.6 Admin+.Stored.XSS LOW" "site-pin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-vertical-timeline No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-locker No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "social-locker 4.2.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "social-web-suite 4.1.12 Directory.Traversal.to.Arbitrary.File.Download HIGH" "sitekit 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sitekit 1.4 Contributor+.Stored.XSS MEDIUM" "sitekit 1.5 Contributor+.Stored.XSS MEDIUM" "simple-post-gallery No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "seo-checklist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-checklist No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sirv 7.3.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Option.Deletion HIGH" "sirv 7.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sirv 7.2.8 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "sirv 7.2.8 Authenticated(Subscriber+).Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "sirv 7.2.7 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "sirv 7.2.3 Missing.Authorization.to.Arbitrary.Options.Update CRITICAL" "sirv 7.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "sirv 7.2.1 Missing.Authorization MEDIUM" "sirv 7.1.3 Missing.Authorization.via.sirv_disconnect MEDIUM" "sirv 6.8.1 Admin+.Stored.XSS LOW" "sirv 1.3.2 Authenticated.SQL.Injection HIGH" "seed-social 2.0.4 Admin+.Stored.XSS LOW" "script-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "script-planner No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smartsearchwp 2.4.6 Unauthenticated.OpenAI.Key.Disclosure MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.Log.Purge MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.SQLi HIGH" "smartsearchwp 2.4.5 Unauthenticated.Stored.XSS HIGH" "social-photo-gallery No.known.fix Remote.Code.Execution.(RCE) HIGH" "sales-page-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shipping-labels-for-woo 2.3.9 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting LOW" "socialsnap 1.3.6 Missing.Authorization MEDIUM" "sheet-to-wp-table-for-google-sheet 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STWT_Sheet_Table.Shortcode MEDIUM" "sw-contact-form No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slider-image 2.8.7 Authenticated.Blind.SQL.Injection HIGH" "search-order-by-product-sku-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "step-by-step No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sharethis-share-buttons 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sharethis-inline-buttons.Shortcode MEDIUM" "simple-responsive-image-gallery No.known.fix Reflected.Cross-Site.Scripting HIGH" "soundy-background-music No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "seo-blogger-to-wordpress-301-redirector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sb-elementor-contact-form-db 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "sb-elementor-contact-form-db 1.6 Unauthenticated.&.Unauthorised.Form.Submissions.Export HIGH" "sb-elementor-contact-form-db 1.6 Plugin.Settings.Cross-Site.Request.Forgery MEDIUM" "smart-marketing-for-wp 5.0.5 Missing.Authorization MEDIUM" "smart-marketing-for-wp 2.0.0 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-yearly-archive 2.1.9 Admin+.Stored.XSS LOW" "sermon-browser No.known.fix Arbitrary.File.Upload.via.CSRF MEDIUM" "sermon-browser 0.45.16 Multiple.XSS MEDIUM" "simple-downloads-list 1.4.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "shortcode-in-comment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "show-google-analytics-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "soundy-audio-playlist No.known.fix XSS MEDIUM" "spiderpowa-embed-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seedprod-coming-soon-pro-5 No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "seedprod-coming-soon-pro-5 6.18.14 Authenticated.(Editor+).Remote.Code.Execution HIGH" "seedprod-coming-soon-pro-5 No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "simple-theme-options 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "spam-control-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "ssv-mailchimp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "serial-codes-generator-and-validator 2.4.15 Admin+.Stored.XSS LOW" "simply-gallery-block 3.2.4.3 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.galleryID.and.className.Parameters MEDIUM" "simply-gallery-block 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.0.8 Subscriber+.Arbitrary.Options.Update HIGH" "simply-gallery-block 2.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simply-gallery-block 2.2.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.6.0 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Sina.Image.Differ MEDIUM" "sina-extension-for-elementor 3.5.8 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Sina.Modal.Box.Widget.Elementor.Template MEDIUM" "sina-extension-for-elementor 3.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.read_more_text.Parameter MEDIUM" "sina-extension-for-elementor 3.5.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).Stored.Cross-site.Scriping.via.'Sina.Particle.Layer' MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).DOM-Based.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sina-extension-for-elementor 3.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sina.Fancy.Text.Widget MEDIUM" "sina-extension-for-elementor 3.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.3.12 Contributor+.Stored.XSS MEDIUM" "sina-extension-for-elementor 2.2.1 LFI HIGH" "sitepress-multilingual-cms 4.6.13 Contributor+.RCE.via.Twig.Server-Side.Template.Injection CRITICAL" "sitepress-multilingual-cms 4.6.1 Reflected.Cross-Site.Scripting HIGH" "sitepress-multilingual-cms 4.5.11 Subscriber+.Settings.Update MEDIUM" "sitepress-multilingual-cms 4.5.14 CSRF MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Translation.Job.Status.Update MEDIUM" "sitepress-multilingual-cms 4.3.7 Authenticated.Cross.Site.Request.Forgery.leading.to.Remote.Code.Execution HIGH" "sitepress-multilingual-cms 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sitepress-multilingual-cms 3.2.7 Cross-Site.Scripting.(XSS).in.Accept-Language.Header MEDIUM" "skt-builder 4.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "skt-builder 4.2 Missing.Authorization.to.Authenticated(Subscriber+).Content.Injection MEDIUM" "swipehq-payment-gateway-woocommerce No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "shortcode-variables 4.1.7 Authenticated.(Subscriber+).Shortcode.Deletion MEDIUM" "shortcode-variables 4.1.5 Cross-Site.Request.Forgery MEDIUM" "simpleschema-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stars-menu No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-photo-gallery No.known.fix Admin+.SQLi MEDIUM" "stopbadbots 10.24 Missing.Authorization.to.Information.Expsoure MEDIUM" "stopbadbots 7.32 Admin+.Stored.XSS LOW" "stopbadbots 7.24 Subscriber+.Arbitrary.Plugin.Installation HIGH" "stopbadbots 6.930 Unauthenticated.SQLi HIGH" "stopbadbots 6.88 Unauthenticated.SQLi HIGH" "stopbadbots 6.67 Unauthenticated.SQL.Injection CRITICAL" "stopbadbots 6.62 Reflected.Cross-Site.Scripting HIGH" "stopbadbots 6.60 Authenticated.SQL.Injections MEDIUM" "simple-download-button-shortcode No.known.fix Sensitive.Data.Disclosure MEDIUM" "secure-file-manager No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager 2.8.2 Authenticated.Remote.Code.Execution CRITICAL" "shiptimize-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-scroll-posts 2.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "stockholm-core 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "stockholm-core 2.4.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "smart-youtube No.known.fix Cross-Site.Request.Forgery MEDIUM" "spider-facebook No.known.fix Cross-Site.Request.Forgery MEDIUM" "spider-facebook No.known.fix Reflected.XSS HIGH" "seo-local-rank 2.2.4 Unauthenticated.Arbitrary.File.Access.via.Path.Traversal HIGH" "slick-contact-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "social-autho-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smsa-shipping-official 2.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "smart-admin-menu-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-admin-menu-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "site-editor No.known.fix Local.File.Inclusion.(LFI) HIGH" "simple-comment-editing 3.1.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "sunshine-photo-cart 3.2.11 Open.Redirect MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.9 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.2.2 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.1.2 Unauthenticated.PHP.Object.Injection CRITICAL" "sunshine-photo-cart 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.1 Unauthenticated.Sensitive.Information.Exposure.via.Invoice MEDIUM" "sunshine-photo-cart 3.0 Insecure.Direct.Object.Reference.to.Order.Manipulation MEDIUM" "sunshine-photo-cart 2.9.15 Reflected.XSS HIGH" "sunshine-photo-cart 2.9.14 Image.Location.Update.via.CSRF MEDIUM" "sunshine-photo-cart 2.8.29 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "swatchly 1.2.1 Cross-Site.Request.Forgery MEDIUM" "simple-social-buttons 5.1.1 Unauthenticated.Password.Protected.Post.Access MEDIUM" "simple-social-buttons 3.2.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.3 Contributor+.Stored.XSS MEDIUM" "simple-social-buttons 3.2.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.0 Reflected.Cross-Site.Scripting CRITICAL" "simple-social-buttons 2.0.22 Authenticated.Option.Injection HIGH" "small-package-quotes-unishippers-edition 2.4.9 Unauthenticated.SQL.Injection HIGH" "shopconstruct No.known.fix Admin+.Stored.XSS LOW" "slp-extended-data-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extended-data-manager 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simplemodal-contact-form-smcf No.known.fix Admin+.Stored.XSS LOW" "simple-responsive-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sell-photo 1.0.6 Authenticated.Stored.Cross-Site.Scripting LOW" "saan-world-clock No.known.fix Contributor+.Stored.XSS MEDIUM" "simple-gallery-odihost No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "simple-membership 4.5.6 Exposure.of.Private.Personal.Information.to.an.Unauthorized.Actor MEDIUM" "simple-membership 4.5.4 Unauthenticated.Open.Redirect MEDIUM" "simple-membership 4.4.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.3 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "simple-membership 4.4.2 Open.Redirect MEDIUM" "simple-membership 4.3.9 Reflected.Cross-Site.Scripting.Vulnerability.via.environment_mode MEDIUM" "simple-membership 4.3.5 Account.Takeover.via.Password.Reset HIGH" "simple-membership 4.3.5 Privilege.escalation.via.Registration HIGH" "simple-membership 4.3.6 Reflected.XSS HIGH" "simple-membership 4.2.2 Contributor+.Stored.XSS MEDIUM" "simple-membership 4.1.3 Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.3 Unauthenticated.Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-membership 4.1.0 Arbitrary.Transaction.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.9 Arbitrary.Member.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.4 Authenticated.SQL.Injections CRITICAL" "simple-membership 3.8.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "simple-membership 3.5.7 XSS MEDIUM" "simple-membership 3.3.3 Multiple.CSRF HIGH" "simple-table-manager No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "super-interactive-maps 2.2 Unauthenticated.SQL.Injections CRITICAL" "super-interactive-maps 2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "svgplus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sa-post-author-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stock-market-charts-from-finviz 1.0.2 Admin+.Stored.XSS LOW" "sahu-tiktok-pixel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts 1.7 CSRF MEDIUM" "simple-iframe 1.2.0 Contributor+.Stored.XSS MEDIUM" "sogrid 1.5.5 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "sogrid 1.5.7 Unauthenticated.Local.File.Inclusion CRITICAL" "sogrid 1.5.7 Authenticated.(Admin+).Local.File.Inclusion HIGH" "simple-portfolio-gallery No.known.fix Admin+.Stored.XSS MEDIUM" "swiss-toolkit-for-wp 1.0.8 Contributor+.Authentication.Bypass HIGH" "social-testimonials-and-reviews-widget 5.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "social-testimonials-and-reviews-widget 5.00 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.02 CSRF MEDIUM" "supra-csv-parser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "safetymails-forms No.known.fix Cross-Site.Request.Forgery HIGH" "seo-alert No.known.fix Admin+.Stored.XSS LOW" "site-offline 1.5.7 Admin+.Stored.XSS LOW" "site-offline 1.5.3 Access.Bypass MEDIUM" "site-offline 1.4.4 Multiple.Cross-Site.Request.Forgery MEDIUM" "sugar-calendar-lite 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "social-locker-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "starcat-review No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starcat-review 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sync-ecommerce-neo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sync-ecommerce-neo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "super-testimonial 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "sendgrid-email-delivery-simplified No.known.fix Authenticated.Authorization.Bypass MEDIUM" "sticky-social-icons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sticky-social-icons No.known.fix Admin+.Stored.XSS LOW" "slideonline No.known.fix Contributor+.Stored.XSS MEDIUM" "sk-wp-settings-backup No.known.fix Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "subscribe-to-comments-reloaded 240119 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "subscribe-to-comments-reloaded 220502 Multiple.CSRF MEDIUM" "subscribe-to-comments-reloaded 150820 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "sendit No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "shortcodes-finder 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-finder 1.5.4 Reflected.XSS HIGH" "spotify-play-button No.known.fix Contributor+.Stored.XSS MEDIUM" "secupress-pro 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "snipe-nginx-cache No.known.fix Missing.Authorization MEDIUM" "spiffy-calendar 4.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.14 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.13 Authenticated.(Admin+).SQL.Injection MEDIUM" "spiffy-calendar 4.9.12 Authenticated.(Administrator+).SQL.Injection CRITICAL" "spiffy-calendar 4.9.11 Missing.Authorization MEDIUM" "spiffy-calendar 4.9.10 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.9 Broken.Access.Control LOW" "spiffy-calendar 4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.4 Reflected.XSS MEDIUM" "spiffy-calendar 4.9.2 SQL.Injection HIGH" "spiffy-calendar 4.9.1 Subscriber+.Arbitrary.Event.Edition/Deletion.via.IDOR MEDIUM" "spiffy-calendar 4.9.1 Arbitrary.Event.Deletion.via.CSRF MEDIUM" "spiffy-calendar 3.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seos-contact-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "side-menu-lite 5.3.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "side-menu-lite 4.2.1 Menu.Deletion.via.CSRF MEDIUM" "side-menu-lite 4.0.2 Reflected.XSS MEDIUM" "side-menu-lite 2.2.6 Authenticated.SQL.Injection HIGH" "side-menu-lite 2.2.1 Authenticated.SQL.Injection LOW" "send-email-only-on-reply-to-my-comment No.known.fix Reflected.XSS HIGH" "send-email-only-on-reply-to-my-comment No.known.fix Stored.XSS.via.CSRF HIGH" "shortpixel-critical-css 1.0.3 Missing.Authorization MEDIUM" "spamreferrerblock No.known.fix Admin+.Stored.XSS LOW" "spamreferrerblock No.known.fix Cross-Site.Request.Forgery MEDIUM" "smallerik-file-browser No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "shortcode-bootstrap-visuals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stream-status-for-twitch 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-forms-bundle 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "simple-share-buttons-adder 8.5.1 Admin+.Stored.XSS LOW" "simple-share-buttons-adder 8.4.12 Authenticated(Administrator+).Stored.Cross-Site.Scripting.via.CSS.Settings MEDIUM" "simple-share-buttons-adder 8.5.1 CSRF MEDIUM" "simple-share-buttons-adder 6.0.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-tour-guide 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "shiny-buttons No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "seo-slider 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "s3bubble-amazon-s3-audio-streaming No.known.fix Arbitrary.File.Download HIGH" "specific-content-for-mobile 0.1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-stats 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-stats 1.5.2 Reflected.XSS HIGH" "seriously-simple-stats 1.5.1 Podcast.Manager+.SQLi HIGH" "slick-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-embed-code 2.5.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "simple-embed-code 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-embed-code 2.3.7 Authenticated(Contributor+).Denial.of.Service MEDIUM" "social-login-wp No.known.fix CSRF MEDIUM" "sv-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv-forms 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "sv-forms 1.8.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "strx-magic-floating-sidebar-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simplr-registration-form No.known.fix Subscriber+.Arbitrary.User.Password.Change.via.IDOR HIGH" "sexy-contact-form 1.0.0 Shell.Upload CRITICAL" "sg-helper No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "salert 1.2.2 Subscriber+.Missing.Authorization MEDIUM" "salert 1.2.2 Reflected.XSS HIGH" "simple-business-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-support-for-elementor-templates No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortpixel-image-optimiser 5.6.4 Authenticated.(Editor+).SQL.Injection MEDIUM" "shortpixel-image-optimiser 5.6.4 Missing.Authorization MEDIUM" "shortpixel-image-optimiser 5.4.2 Authenticated(Editor+).PHP.Object.Injection MEDIUM" "shortpixel-image-optimiser 4.22.10 Reflected.Cross-Site.Scripting MEDIUM" "seo-beginner-auto-post No.known.fix Missing.Authorization.to.File.Overwrite/Upload.(Remote.Code.Execution) CRITICAL" "simple-photoswipe No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "simple-photoswipe No.known.fix Admin+.Stored.XSS LOW" "shiftnav-responsive-mobile-menu 1.7.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "stylish-cost-calculator 7.0.4 Subscriber+.Unauthorised.AJAX.Calls.to.Stored.XSS HIGH" "site-audit No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "scribble-maps No.known.fix Reflected.Cross-Site.Scripting HIGH" "same-but-different No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20240511 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-basic-contact-form 20240502 Reflected.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20221201 Admin+.Stored.XSS LOW" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.Folder.Name.Update MEDIUM" "sp-client-document-manager No.known.fix Missing.Authorization MEDIUM" "sp-client-document-manager No.known.fix Data.Update.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Subscriber+.File.Download.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Author+).SQL.Injeciton CRITICAL" "sp-client-document-manager No.known.fix Missing.Authorization.Stored.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.70 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "sp-client-document-manager 4.68 Subscriber+.SQLi HIGH" "sp-client-document-manager 4.68 Admin+.Stored.XSS LOW" "sp-client-document-manager 4.68 Subscriber+.Insecure.Direct.Object.References HIGH" "sp-client-document-manager 4.62 Reflected.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.58 Sensitive.File.Disclosure MEDIUM" "sp-client-document-manager 4.26 Reflected.Cross-Site.Scripting HIGH" "sp-client-document-manager 4.24 Subscriber+.Shell.Upload HIGH" "sp-client-document-manager 4.22 Authenticated.Shell.Upload MEDIUM" "simple-image-popup 2.5.3 Admin+.Stored.XSS LOW" "simple-image-popup 2.0.0 Admin+.Stored.XSS LOW" "simpleform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sensly-online-presence No.known.fix Admin+.Stored.XSS LOW" "slideshow-gallery 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-gallery 1.8.2 Authenticated.(Contributor+).SQL.Injection HIGH" "slideshow-gallery 1.7.9 Settings.Reset.via.CSRF MEDIUM" "slideshow-gallery 1.8.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "slideshow-gallery 1.7.9 Contributor+.SQLi MEDIUM" "slideshow-gallery 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-gallery 1.6.9 XSS.and.SQLi CRITICAL" "slideshow-gallery 1.6.6 Multiple.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sandbox No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sandbox.Download MEDIUM" "sandbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-icons 2.7.8 Simple.Icons.<.2.7.8.-.Contributor+.Stored.XSS MEDIUM" "secure-admin-ip No.known.fix Missing.Authorization.via.'saveSettings' MEDIUM" "seo-redirection 9.1 Multiple.CSRF MEDIUM" "seo-redirection 9.1 404.Error.&.History.Deletion.via.CSRF MEDIUM" "seo-redirection 8.2 Subscriber+.SQL.Injection HIGH" "seo-redirection 7.9 Arbitrary.Redirect.Deletion.via.CSRF MEDIUM" "seo-redirection 7.4 Reflected.Cross-Site.Scripting HIGH" "seo-redirection 7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "seo-redirection 6.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "seo-redirection 4.3 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "simple-popup-newsletter No.known.fix Reflected.Cross-Site.Scripting HIGH" "smart-mockups No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stafflist 3.1.7 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.6 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.6 Arbitrary.Staff.Deletion.via.CSRF MEDIUM" "stafflist 3.1.5 Admin+.SQLi MEDIUM" "smtp-mailing-queue 1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mailing-queue 2.0.1 Admin+.Stored.XSS LOW" "svg-flags-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-flags-lite 0.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-pricing-table No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplemap No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "steel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn.Shortcode MEDIUM" "simple-jwt-login 3.2.1 Arbitrary.Settings.Update.to.Site.Takeover.via.CSRF HIGH" "simple-jwt-login 3.3.0 Insecure.Password.Creation LOW" "simple-tags 3.20.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-tags 3.6.5 Editor+.Stored.XSS LOW" "simple-tags 3.4.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-tags 3.0.7.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simply-static 3.1.4 Unauthenticated.Information.Exposure MEDIUM" "simply-static 3.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sticky-related-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "safe-editor 1.2 Unauthenticated.CSS/JS-injection MEDIUM" "service-boxs 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slp-extenders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extenders 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seur 2.2.12 Reflected.Cross-Site.Scripting MEDIUM" "seur 2.2.11 Unauthenticated.SQL.Injection HIGH" "seur 1.7.2 Admin+.Arbitrary.File.Download MEDIUM" "seur 1.7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "smdp-affiliate-platform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-quotation No.known.fix Quote.Creation/Edition.via.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "simple-quotation No.known.fix Subscriber+.SQL.injection HIGH" "saphali-woocommerce-lite 1.9.0 Settings.Update/Reset.via.CSRF MEDIUM" "search-everything 8.1.7 SQL.Injection CRITICAL" "search-everything 8.1.6 SQL.Injection CRITICAL" "slider-responsive-slideshow 1.4.2 Missing.Authorization MEDIUM" "slider-responsive-slideshow 1.4.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "slicknav-mobile-menu 1.9.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sola-support-tickets 3.13 XSS.&.Configuration.Change MEDIUM" "seo-help 6.1.4 Reflected.Cross-Site.Scripting MEDIUM" "sms-ovh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shockingly-big-ie6-warning No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "smartlink-dinamic-urls 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.7 Cross-Site.Request.Forgery MEDIUM" "searchiq 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "searchiq 4.5 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "searchiq 3.9 Unauthenticated.Stored.XSS HIGH" "smart-app-banner 1.1.4 Admin+.Stored.XSS LOW" "smart-app-banner 1.1.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "spice-blocks 1.3 Reflected.Cross-Site.Scripting MEDIUM" "superb-slideshow-gallery 13.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "svgator No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "svgator 1.2.5 API.Token.Update/Deletion.&.Import.Projects.via.CSRF MEDIUM" "sticky-menu-or-anything-on-scroll 2.21 CSRF.&.XSS LOW" "social-connect No.known.fix Authentication.Bypass CRITICAL" "social-gallery-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-gallery-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "super-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-10web No.known.fix Reflected.XSS HIGH" "seo-by-10web 1.2.7 Admin+.Stored.XSS LOW" "simple-schools-staff-directory No.known.fix Admin+.Arbitrary.File.Upload CRITICAL" "support-chat 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsaio_snapchat.Shortcode MEDIUM" "simple-custom-website-data No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "salient-core 2.0.8 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "salient-core 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "salient-core 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shmapper-by-teplitsa 1.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "shmapper-by-teplitsa 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "siteorigin-panels 2.31.1 Contributor+.Stored.XSS.via.Row.Label.Parameter MEDIUM" "siteorigin-panels 2.29.16 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "siteorigin-panels 2.29.7 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.10.16 CSRF.to.Reflected.Cross-Site.Scripting.(XSS) HIGH" "share-woocommerce-email No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "scroll-triggered-animations 3.0.16 Reflected.Cross-Site.Scripting HIGH" "scroll-triggered-animations 3.0.11 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "screenshot-machine-shortcode 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.0.9 Admin+.Stored.XSS LOW" "secure-copy-content-protection 3.9.1 Missing.Authorization MEDIUM" "secure-copy-content-protection 3.7.2 Missing.Authorization MEDIUM" "secure-copy-content-protection 2.8.2 Unauthenticated.SQL.Injection HIGH" "secure-copy-content-protection 2.6.7 Authenticated.Blind.SQL.Injections HIGH" "site-notes No.known.fix Admin.Note.Deletion.via.CSRF MEDIUM" "smart-wishlist-for-more-convert 1.8.8 Unauthenticated.Wishlist.Disclosure.via.download_pdf_file.Function HIGH" "smart-wishlist-for-more-convert 1.7.3 Missing.Authorization MEDIUM" "smart-wishlist-for-more-convert 1.7.9 Missing.Authorization MEDIUM" "sms-alert 3.7.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "sms-alert 3.7.6 WooCommerce.<.3.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sa_subscribe.Shortcode MEDIUM" "sms-alert 3.7.0 Cross-Site.Request.Forgery MEDIUM" "sms-alert 3.4.7 SMS.Alert.Order.Notifications.–.WooCommerce.<.3,4,7.Authenticated.Cross.Site.Scripting LOW" "svg-complete No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "social-media-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sellsy 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aThemes:.Portfolio.Widget MEDIUM" "sydney-toolbox 1.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "sydney-toolbox 1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id MEDIUM" "sydney-toolbox 1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scroll-styler No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "scrollsequence 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scrollsequence 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "scrollsequence 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "searchwp 4.2.6 Subscriber+.Settings.Update MEDIUM" "subscriptiondna 2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-slider-ssp No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "srs-simple-hits-counter 1.1.1 Settings.Update.via.CSRF MEDIUM" "srs-simple-hits-counter 1.1.0 1.0.4.-.Unauthenticated.Blind.SQL.Injection CRITICAL" "sync-post-with-other-site 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Creation.and.Update MEDIUM" "sync-post-with-other-site 1.5.2 Cross-Site.Request.Forgery MEDIUM" "shiftcontroller 4.9.67 Reflected.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.65 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.58 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "shiftcontroller 4.9.24 CSRF MEDIUM" "shiftcontroller 4.9.26 Reflected.Cross-Site.Scripting MEDIUM" "snap-pixel No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "snap-pixel No.known.fix Admin+.Stored.XSS LOW" "spotify-play-button-for-wordpress 2.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spotifyplaybutton.Shortcode MEDIUM" "spotify-play-button-for-wordpress 2.11 Settings.Update.via.CSRF MEDIUM" "spotify-play-button-for-wordpress 2.08 Admin+.Stored.XSS LOW" "spotify-play-button-for-wordpress 2.06 Contributor+.Stored.XSS MEDIUM" "simpleshop-cz 2.10.1 Cross-Site.Request.Forgery MEDIUM" "simpleshop-cz 2.10.3 Missing.Authorization MEDIUM" "seraphinite-discount-for-woocommerce 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "simple-org-chart No.known.fix Settings.Update.via.CSRF MEDIUM" "simple-org-chart No.known.fix Unauthenticated.Tree.Settings.Update MEDIUM" "sketchfab-oembed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spice-starter-sites No.known.fix Missing.Authorization.to.Unauthenticated.Demo.Content.Import MEDIUM" "spice-starter-sites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spice-starter-sites 1.1 Reflected.Cross-Site.Scripting MEDIUM" "scroll-top 1.4.1 Admin+.Stored.Cross-Site.Scripting LOW" "seers-cookie-consent-banner-privacy-policy 8.1.1 Cross-Site.Request.Forgery MEDIUM" "seers-cookie-consent-banner-privacy-policy 8.1.2 Unauthenticated.Cookie.Policy.Update MEDIUM" "smooth-gallery-replacement No.known.fix CSRF.to.Stored.XSS HIGH" "shared-files 1.7.43 Limited.Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "shared-files 1.7.29 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "shared-files 1.7.20 Missing.Authorization MEDIUM" "shared-files 1.7.17 Missing.Authorization.to.Notice.Dismissal MEDIUM" "shared-files 1.7.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "shared-files 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "shared-files 1.6.72 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shared-files 1.6.61 Admin+.Stored.Cross-Site.Scripting LOW" "shared-files 1.6.57 Admin+.Stored.Cross-Site.Scripting LOW" "shortcode-elementor 1.0.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "seatgeek-affiliate-tickets No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "superior-faq No.known.fix CSRF MEDIUM" "simple-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shibboleth 1.8 Cross-Site.Scripting.(XSS) MEDIUM" "shopkeeper-extender 3.7 Contributor+.Stored.XSS MEDIUM" "schedule-posts-calendar 5.3 CSRF MEDIUM" "schedule-posts-calendar 5.3 Admin+.Stored.XSS LOW" "showbizpro No.known.fix Shell.Upload CRITICAL" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "s3bubble-amazon-s3-html-5-video-with-adverts No.known.fix Directory.Traversal.leading.to.Arbitrary.File.Access HIGH" "streamweasels-youtube-integration 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-youtube-integration 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-youtube-embed.Shortcode MEDIUM" "share-print-pdf-woocommerce 2.8.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "syncee-global-dropshipping 1.0.10 Global.Dropshipping.<.1.0.10.-.Authentication.Token.Disclosure HIGH" "smart-email-alerts No.known.fix Reflected.Cross-Site.Scripting HIGH" "shantz-wordpress-qotd No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "secure-downloads 1.2.3 Admin+.Arbitrary.File.Download MEDIUM" "special-feed-items No.known.fix Stored.XSS.via.CSRF HIGH" "simple-al-slider No.known.fix Reflected.XSS HIGH" "send-emails-with-mandrill 1.4.2 Missing.Authorization MEDIUM" "s2member 241216 Authenticated.(Contributor+).Sensitive.Information.Exposure HIGH" "s2member 241216 Unauthenticated.Remote.Code.Execution HIGH" "s2member 240325 Limited.Privilege.Escalation MEDIUM" "s2member 240315 Information.Exposure MEDIUM" "shariff 4.6.14 Unauthenticated.Local.File.Inclusion CRITICAL" "shariff 4.6.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.10 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Admin+.Stored.XSS LOW" "simplemodal No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-content-construction-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "searchie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sip-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sp-announcement 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "solar-wizard-lite 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-ldap-login 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "sr-partner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "static-html-output-plugin 6.0 Reflected.Cross-Site.Scripting MEDIUM" "single-sign-on-client No.known.fix Authentication.Bypass HIGH" "slider-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "slider-slideshow No.known.fix Cross-Site.Request.Forgery HIGH" "sheetpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sheetpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "seed-fonts 2.4.0 Admin+.Stored.XSS LOW" "soundcloud-shortcode 4.0.2 Contributor+.Stored.XSS MEDIUM" "soundcloud-shortcode 4.0.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "salt-shaker 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "simple-link-directory 8.4.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-link-directory 7.7.2 Unauthenticated.SQL.injection HIGH" "simple-link-directory 7.3.5 Cross-Site.Scripting.(XSS) MEDIUM" "simple-booking-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "swipehq-payment-gateway-wp-e-commerce No.known.fix Multiple.XSS.Issues MEDIUM" "seraphinite-post-docx-source 2.16.10 Missing.Authorization MEDIUM" "seraphinite-post-docx-source 2.16.10 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "seraphinite-post-docx-source 2.16.7 Settings.Update/Reset/Import.via.CSRF MEDIUM" "sitetweet-tweets-user-behaviors-on-your-site-on-twitter No.known.fix Stored.XSS.via.CSRF HIGH" "subscriber 1.3.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-locator 2.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-buttons-pack 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "superfast-mailgun-newsletter 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salat-times 3.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "stock-sync-for-woocommerce 2.4.1 Reflected.XSS HIGH" "sticky-banner 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "social-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-proof-testimonials-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spslider-block.Shortcode MEDIUM" "social-proof-testimonials-slider 2.2.4 Admin+.Stored.XSS LOW" "shopello No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "stylist No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-revisions-delete 1.5.4 Cross-Site.Request.Forgery MEDIUM" "shortcoder 6.3.1 Subscriber+.Unauthorised.AJAX.Call MEDIUM" "symbiostock No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "service-provider-profile-cpt No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ssv-events No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "swoop-password-free-authentication No.known.fix Authentication.Bypass CRITICAL" "search-analytics 1.4.11 Reflected.Cross-Site.Scripting MEDIUM" "search-analytics 1.4.10 Missing.Authorization MEDIUM" "search-analytics 1.4.8 Reflected.XSS HIGH" "search-analytics 1.4.6 Admin+.Stored.XSS LOW" "seo-simple-pack 3.3.0 Information.Exposure MEDIUM" "sastra-essential-addons-for-elementor 1.0.15 Missing.Authorization.to.Spexo.Theme.Install MEDIUM" "sastra-essential-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scroll-top-advanced No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "slope-widgets 4.2.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stylish-cost-calculator-premium 7.9.0 Unauthenticated.Stored.XSS HIGH" "shipyaari-shipping-managment No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "simple-ajax-chat 20240412 Admin+.Stored.XSS LOW" "simple-ajax-chat 20240216 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-ajax-chat 20240223 .Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-ajax-chat 20240223 Unauthenticated.Stored.XSS HIGH" "simple-ajax-chat 20220216 Log.Clearing.&.Arbitrary.Chat.Message.Deletion.via.CSRF MEDIUM" "simple-ajax-chat 20220216 Sensitive.Information.Disclosure MEDIUM" "simple-ajax-chat 20220216 Unauthenticated.Stored.XSS MEDIUM" "simple-tooltips No.known.fix Admin+.Stored.XSS LOW" "simple-tooltips 2.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "sprout-invoices 20.8.1 Insecure.Direct.Object.Reference MEDIUM" "sprout-invoices 20.5.4 Sensitive.Information.Exposure MEDIUM" "sprout-invoices 19.0.1 Reflected.Cross-Site.Scripting MEDIUM" "sprout-invoices 19.9.7 Admin+.Stored.Cross-Site.Scripting LOW" "starterblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starterblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "so-pinyin-slugs 2.3.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seo-free No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "show-website-content-in-wordpress-page-or-post 2024.04.09 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sitewide-notice-wp 2.3 Admin+.Stored.XSS LOW" "social-link-groups No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "seo-content-randomizer 3.28.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stops-core-theme-and-plugin-updates 8.0.5 Insufficient.Restrictions.on.Option.Changes MEDIUM" "supportboard 3.4.2 Multiple.Authenticated.SQLi HIGH" "supportboard 3.3.6 Arbitrary.File.Deletion.via.CSRF HIGH" "supportboard 3.3.5 Agent+.Stored.Cross-Site.Scripting MEDIUM" "supportboard 3.3.4 Multiple.Unauthenticated.SQL.Injections CRITICAL" "supportboard 1.2.9 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "supportboard 1.2.4 Stored.Cross-Site.Scripting MEDIUM" "shapepress-dsgvo 3.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shapepress-dsgvo 3.1.24 Unauthenticated.Arbitrary.Post.Deletion HIGH" "shapepress-dsgvo 3.1.24 Unauthenticated.Plugin's.Settings.Update.to.Stored.Cross-Site.Scripting HIGH" "shapepress-dsgvo 2.2.19 Authenticated.Reflected.XSS MEDIUM" "surbma-magyar-woocommerce 2022.0.3 Reflected.Cross-Site.Scripting MEDIUM" "surbma-magyar-woocommerce 30.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-posts-ticker 1.1.6 Admin+.Stored.XSS LOW" "simple-posts-ticker 1.1.6 Contributor+.Stored.XSS MEDIUM" "seo-site-auditor-agency 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-site-auditor-agency 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "semantic-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shared-counts 1.5.0 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "supportcandy 3.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "supportcandy 3.1.7 Subscriber+.SQLi HIGH" "supportcandy 3.1.7 Admin+.SQLi MEDIUM" "supportcandy 3.1.5 Unauthenticated.SQLi HIGH" "supportcandy 2.2.7 CSRF.to.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Arbitrary.Ticket.Deletion.via.CSRF HIGH" "supportcandy 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.5 Unauthenticated.Arbitrary.Ticket.Deletion HIGH" "supportcandy 2.0.1 Arbitrary.File.Upload CRITICAL" "sitesupercharger 5.2.0 Unauthenticated.SQLi HIGH" "super-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "speed-booster-pack 4.3.3.1 Admin+.SQL.Injection MEDIUM" "speed-booster-pack 4.2.0 Authenticated.(admin+).RCE CRITICAL" "slicewp 1.1.24 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.11 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slicewp 1.0.46 Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-custom-post-order 2.5.8 Missing.Authorization MEDIUM" "select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons 1.3.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "synved-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "simple-job-manager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "sg-security 1.5.1 Missing.Authorization.via.hide_notice() MEDIUM" "sg-security 1.3.1 Admin+.SQLi MEDIUM" "sg-security 1.2.6 Authorization.Weakness.to.Authentication.Bypass.via.2-FA.Back-up.Codes HIGH" "sg-security 1.2.6 Authentication.Bypass.via.2-FA.Authentication.Setup CRITICAL" "sql-reporting-services No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sql-reporting-services No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slivery-extender No.known.fix Authenticated(Contributor+).Remote.Code.Execution.via.shortcode HIGH" "spider-contacts No.known.fix Reflected.XSS HIGH" "sakolawp-lite No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "similar-posts No.known.fix Admin+.Stored.XSS LOW" "similar-posts 3.1.6 Admin+.Arbitrary.PHP.Code.Execution HIGH" "slidedeck-lite-for-wordpress No.known.fix Reflected.XSS HIGH" "stax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stax 1.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sermonaudio-widgets No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "search-exclude 1.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "search-exclude 1.2.4 Arbitrary.Settings.Change HIGH" "smartemailing 2.2.6 Reflected.Cross-Site.Scripting MEDIUM" "sabai-discuss 1.4.14 Reflected.Cross.Site.Scripting MEDIUM" "scancircle 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sociable No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "social-login-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sv-gravity-forms-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-gravity-forms-enhancer 1.8.00 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-slug-translate 2.7.3 Admin+.Stored.XSS LOW" "s3-video No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "surbma-premium-wp 10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "schedulicity-online-appointment-booking No.known.fix Easy.Online.Scheduling.<=.2.21.-.Contributor+.Stored.XSS MEDIUM" "share-button 1.20 Reflected.Cross-Site.Scripting MEDIUM" "subaccounts-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting HIGH" "subaccounts-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "simplemortgage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sangar-slider-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "single-post-exporter No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "sidebar-content-from-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "salavat-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "securesubmit No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "securesubmit No.known.fix Missing.Authorization MEDIUM" "slickquiz No.known.fix Authenticated.SQL.Injection HIGH" "slickquiz No.known.fix Unauthenticated.Stored.XSS MEDIUM" "stax-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "superstorefinder-wp 6.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "superstorefinder-wp 6.9.8 Unauthenticated.SQL.Injection CRITICAL" "superstorefinder-wp 6.9.4 Unauthenticated.Email.Creation/Sending MEDIUM" "superstorefinder-wp 6.5 Unauthenticated.SQL.Injections CRITICAL" "superstorefinder-wp 6.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "sexy-author-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sexy-author-bio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "stars-smtp-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stars-smtp-mailer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "surveyjs 1.12.4 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "sensei-lms 4.24.4 Unauthenticated.sensei_email/sensei_message.Disclosure MEDIUM" "sensei-lms 4.24.2 Unauthenticated.Email.Template.Leak MEDIUM" "sensei-lms 4.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "sensei-lms 4.18.0 Contributor+.Stored.XSS MEDIUM" "sensei-lms 4.20.0 Teacher+.Users.Email.Address.Disclosure MEDIUM" "sensei-lms 4.5.0 Unauthenticated.Private.Messages.Disclosure.via.Rest.API MEDIUM" "sensei-lms 4.5.2 Arbitrary.Private.Message.Sending.via.IDOR LOW" "simple-youtube-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-youtube-gdpr No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-sortsearch No.known.fix Ccontributor+.Stored.XSS MEDIUM" "surbma-font-awesome 3.1 Contributor+.Stored.XSS MEDIUM" "scrollrevealjs-effects No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "smartarget-message-bar No.known.fix Admin+.Stored.XSS LOW" "spatialmatch-free-lifestyle-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "slash-admin 3.8.2 Cross-Site.Request.Forgery MEDIUM" "slotti-ajanvaraus 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slotti-ajanvaraus 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slider-hero 8.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-hero 8.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "slider-hero 8.2.7 Contributor+.SQL.Injection CRITICAL" "slider-hero 8.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "searchterms-tagging-2 No.known.fix XSS.&.Authenticated.SQL.Injection HIGH" "save-as-image-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Admin+.Stored.XSS LOW" "save-as-image-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "stock-exporter-for-woocommerce 1.2.0 Reflected.XSS HIGH" "stop-user-enumeration 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "stop-user-enumeration 1.3.20 Subscriber+.Arbitrary.Option.Update CRITICAL" "stop-user-enumeration 1.3.9 REST.API.Bypass MEDIUM" "stop-user-enumeration 1.3.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "suevafree-essential-kit 1.1.4 Contributor+.Stored.XSS MEDIUM" "show-visitor-ip-address No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sign-up-sheets 2.2.13 Reflected.XSS HIGH" "sign-up-sheets 2.2.13 Missing.Authorization MEDIUM" "sign-up-sheets 2.2.12 Cross-Site.Request.Forgery MEDIUM" "sign-up-sheets 2.2.9 Settings.Update/Reset.via.CSRF MEDIUM" "sign-up-sheets 1.0.14 Authenticated.CSV.Injection MEDIUM" "sign-up-sheets 1.0.14 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "smart-tools-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-tools-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spreadshirt-rss-3d-cube-flash-gallery No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "security-antivirus-firewall No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "smart-variations-images 5.2.8 Reflected.Cross-Site.Scripting MEDIUM" "smart-variations-images 5.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-sitemap 3.5.14 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "simple-sitemap 3.5.10 Reflected.Cross-Site.Scripting MEDIUM" "simple-sitemap 3.5.8 Contributor+.Stored.XSS MEDIUM" "simple-sitemap 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slider-wd 1.2.59 Admin+.Stored.XSS LOW" "slider-wd 1.2.58 Authenticated.(Contributor+).SQL.Injection.via.id.Parameter HIGH" "slider-wd 1.2.57 Editor+.Stored.XSS LOW" "slider-wd 1.2.56 Editor+.Stored.XSS LOW" "slider-wd 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "slider-wd 1.2.53 Admin+.Stored.XSS LOW" "slider-wd 1.2.52 Admin+.Stored.Cross-Site.Scripting LOW" "slider-wd 1.2.36 Multiple.Authenticated.SQL.Injection HIGH" "scottcart No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "super-progressive-web-apps 2.2.22 Missing.Authorization MEDIUM" "super-progressive-web-apps 2.1.12 Authenticated.(Low.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "super-progressive-web-apps 2.1.13 Authenticated.(High.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "simple-popup-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "simple-pdf-viewer No.known.fix Contributor+.XSS MEDIUM" "sola-newsletters No.known.fix CSRF.to.Stored.XSS HIGH" "simple-image-popup-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "spicebox 2.2 Reflected.Cross-Site.Scripting MEDIUM" "sparrow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sparrow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-travel-map No.known.fix Cross-Site.Request.Forgery MEDIUM" "social-networks-auto-poster-facebook-twitter-g No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Subscriber+.Sensitive.Information.Exposure MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.3 Reflected.Cross-Site.Scripting.via.code MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.26 Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.25 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.24 Unauthenticated.Stored.XSS HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.21 Reflected.Cross-Site.Scripting HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.18 Insufficient.Privilege.Validation HIGH" "social-networks-auto-poster-facebook-twitter-g 4.2.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "social-networks-auto-poster-facebook-twitter-g 3.4.18 CSRF.to.Stored.XSS MEDIUM" "smoothscroller No.known.fix Admin+.Stored.XSS LOW" "skt-blocks 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.7 Contributor+.Stored.XSS MEDIUM" "sell-downloads 1.0.8 Insufficient.Restrictions.when.Brute-Force.Purchase.IDs HIGH" "side-cart-woocommerce 2.3 Admin+.Stored.XSS LOW" "side-cart-woocommerce 2.2 Settings.Reset.via.CSRF MEDIUM" "side-cart-woocommerce 2.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "solidres No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "solidres No.known.fix Reflected.XSS HIGH" "solidres No.known.fix Multiple.Reflected.XSS HIGH" "solidres No.known.fix Admin+.Stored.XSS LOW" "searchpro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "searchpro 1.7.7 Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "searchpro 1.7.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "super-video-player 1.6.13 Reflected.Cross-Site.Scripting MEDIUM" "super-video-player 1.6.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-event-planner 1.5.5 Contributor+.Stored.XSS LOW" "simple-event-planner 1.5.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "starbox 3.5.3 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.2 Admin+.Stored.XSS LOW" "starbox 3.5.0 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Job.Settings MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Profile.Display.Name.and.Social.Settings MEDIUM" "starbox 3.4.8 Subscriber+.Plugin.Preferences./.User.Settings.Access.via.IDOR MEDIUM" "shortcode-menu No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "seraphinite-accelerator 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator 2.21 Authenticated.(Subscriber+).Server-Side.Request.Forgery.in.OnAdminApi_HtmlCheck MEDIUM" "seraphinite-accelerator 2.20.48 Unauthenticated.Sensitive.Information.Exposure.via.Log.File MEDIUM" "seraphinite-accelerator 2.20.29 Reflected.Cross-Site.Scripting.via.rt MEDIUM" "seraphinite-accelerator 2.20.32 Unauthorised.Settings.Reset/Import MEDIUM" "seraphinite-accelerator 2.2.29 Reflected.XSS HIGH" "seraphinite-accelerator 2.2.29 Authenticated.Arbitrary.Redirect MEDIUM" "spreadr-for-woocomerce 1.0.5 Missing.Authorization.to.Arbitrary.Content.Deletion HIGH" "spreadr-for-woocomerce 1.0.5 Missing.Authorization MEDIUM" "south-pole-the-offset-movement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "south-pole-the-offset-movement 1.0.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-cookie-kit 2.3.2 Contributor+.Stored.XSS MEDIUM" "simplistic-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "secure-captcha No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sticky-chat-widget 1.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sema-api 5.30 Reflected.Cross-Site.Scripting.via.catid.Parameter MEDIUM" "sema-api 4.02 Unauthenticated.SQLi HIGH" "surferseo 1.6.0.523 Authenticated.(Administrator+).SQL.Injection MEDIUM" "surferseo 1.3.3.379 Missing.Authorization MEDIUM" "social-sharing-toolkit No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "soisy-pagamento-rateale No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure HIGH" "slp-gravity-forms-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-gravity-forms-locations 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "schema-and-structured-data-for-wp 1.36 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "schema-and-structured-data-for-wp 1.34.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "schema-and-structured-data-for-wp 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.How.To.and.FAQ.Blocks MEDIUM" "schema-and-structured-data-for-wp 1.27 Authenticated.Stored.XSS MEDIUM" "schema-and-structured-data-for-wp 1.27 Contributor+.reCaptcha.Key.Update MEDIUM" "schema-and-structured-data-for-wp 1.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "schema-and-structured-data-for-wp 1.24 Contributor+.Stored.XSS MEDIUM" "strategery-migrations No.known.fix Unauthenticated.Arbitrary.File.Deletion HIGH" "shortcode-collection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sp-blog-designer No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "st-gallery-wp No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "svg-vector-icon-plugin No.known.fix Admin+.Remote.Code.Execution.(RCE) MEDIUM" "svg-vector-icon-plugin 3.2.3 Cross-Site.Request.Forgery.(CSRF).leading.to.RCE HIGH" "simple-matted-thumbnails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-page-access-restriction 1.0.30 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-page-access-restriction 1.0.23 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "simple-tweet No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "simple-tweet No.known.fix Admin+.Stored.XSS LOW" "steam-group-viewer No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sh-slideshow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "super-block-slider 2.8 Missing.Authorization MEDIUM" "salon-booking-plugin-pro 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "salon-booking-plugin-pro 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "simple-video-embedder No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "simple-baseball-scoreboard No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-real-estate-pack-4 No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "studiocart 2.5.20 Reflected.Cross-Site.Scripting MEDIUM" "studiocart 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sv-media-library 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-media-library 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-fields No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-fields 1.4.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "sumome 1.35 Cross-Site.Request.Forgery MEDIUM" "subscribe-to-comments 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "subscribe-to-comments 2.3 Authenticated.Local.File.Inclusion MEDIUM" "simple-side-tab 2.2.0 Admin+.Stored.XSS LOW" "smoothness-slider-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-media-feather 2.1.4 Subscriber+.Unauthorised.Action MEDIUM" "social-media-feather 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "seo-keywords No.known.fix Reflected.Cross-Site.Scripting.via.google_error.Parameter MEDIUM" "soundcloud-is-gold 2.3.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "simple-history 3.4.0 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "sticky-ad-bar No.known.fix Admin+.Stored.XSS LOW" "shop-page-wp 1.2.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "shipworks-e-commerce-bridge 5.2.6 Cross-Site.Request.Forgery.to.Service.Password/Username.Update MEDIUM" "sv-posts 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-posts 1.8.03 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sidebar-adder No.known.fix Reflected.Cross-Site.Scripting HIGH" "suretriggers 1.0.48 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Trigger.Link.Shortcode MEDIUM" "suretriggers 1.0.24 Cross-Site.Request.Forgery MEDIUM" "social-share-with-floating-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "security-safe 2.5.2 Reflected.Cross-Site.Scripting MEDIUM" "security-safe 2.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "setka-editor No.known.fix Cross-Site.Request.Forgery.via.handleRequest MEDIUM" "setka-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "setka-editor 2.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-local-avatars 2.8.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Cache.Clearing MEDIUM" "simple-local-avatars 2.7.11 Cross-Site.Request.Forgery.via.save_default_avatar_file_id() MEDIUM" "search-filter-pro 2.5.18 Admin+.Stored.XSS LOW" "support-svg 1.1.1 .Authenticated.(Author+).Stored.Cross-site.Scripting.via.SVG.File.Upload MEDIUM" "support-svg 1.1.0 Stored.XSS.via.SVG.Upload MEDIUM" "subscribers-text-counter 1.7.1 Settings.Update.via.CSRF.to.Stored.XSS HIGH" "smart-shopify-product No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "saaspricing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "server-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "server-info 0.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "siteimprove 2.0.7 Cross-Site.Request.Forgery MEDIUM" "simple-membership-wp-user-import 1.8 Admin+.SQLi MEDIUM" "simple-popup No.known.fix Admin+.Stored.XSS LOW" "social-warfare 4.4.7.3 Injected.Backdoor CRITICAL" "social-warfare 4.4.6 Cross-Site.Request.Forgery MEDIUM" "social-warfare 4.4.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.4.4 Social.Warfare.<.4.4.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.3.1 Subscriber+.Post.Meta.Deletion MEDIUM" "social-warfare 4.4.0 Post.Meta.Deletion.via.CSRF MEDIUM" "social-warfare 3.5.3 Unauthenticated.Remote.Code.Execution.(RCE) MEDIUM" "staggs 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "staggs 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "shorten-url No.known.fix Cross-Site.Request.Forgery.via.configuration_page MEDIUM" "shorten-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shorten-url No.known.fix Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "shorten-url No.known.fix CSRF MEDIUM" "shorten-url 1.6.5 Admin+.Cross.Site.Scripting LOW" "shorten-url 1.6.5 Subscriber+.SQLi HIGH" "shorten-url 1.6.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "scriptless-social-sharing 3.2.2 Contributor+.Stored.XSS MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.vg_display_data MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Meta.Disclosure MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Code.Injection HIGH" "sassy-social-share 3.3.70 Reflected.Cross-Site.Scripting.via.heateor_mastodon_share.Parameter MEDIUM" "sassy-social-share 3.3.63 Sassy.social.share.<.3,3,63.Admin+.Stored.Cross-Site.scripting LOW" "sassy-social-share 3.3.61 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.59 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sassy-social-share 3.3.57 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.45 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.40 Reflected.Cross-Site.Scripting MEDIUM" "sassy-social-share 3.3.24 Missing.Access.Controls.to.PHP.Object.Injection MEDIUM" "social-metrics No.known.fix Admin+.Stored.XSS LOW" "seo-by-rank-math-pro 3.0.36 Unauthenticated.Reflected.XSS MEDIUM" "simply-featured-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-protect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-protect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stock-quotes-list 2.9.12 Contributor+.Stored.XSS MEDIUM" "storefront-footer-text No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting HIGH" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "spotim-comments 4.0.4 Multiple.Vulnerabilities MEDIUM" "school-management-system 4.2 Admin+.SQLi MEDIUM" "speakout 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "speakout 2.14.15.1 Unauthenticated.SQLi HIGH" "speakout 2.13.3 Reflected.Cross-Site.Scripting HIGH" "sticky-social-link No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "saragna-social-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "service-area-postcode-checker No.known.fix Admin+.Stored.XSS LOW" "smart-seo-tool 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "style-admin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "seo-bulk-editor No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "stm-megamenu 2.3.13 Unauthenticated.Local.File.Inclusion CRITICAL" "seo-landing-page-generator 1.66.3 Reflected.Cross-Site.Scripting MEDIUM" "seo-landing-page-generator 1.62.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-custom-author-profiles No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "scalable-vector-graphics-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "seosamba-webmasters 1.0.6 Access.Key.Update.via.CSRF MEDIUM" "sideblog No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "similarity No.known.fix Stored.XSS.via.CSRF HIGH" "similarity No.known.fix Plugin.Reset.via.CSRF MEDIUM" "simple-restrict 1.2.8 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-restrict 1.2.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "shortcodes-anywhere No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "skt-nurcaptcha 3.6.0 Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "social-rocket No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "social-rocket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-rocket 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "social-rocket 1.3.3 Admin+.Stored.Cross-Site.Scripting LOW" "social-rocket 1.2.10 Cross-Site.Request.Forgery.in.Settings MEDIUM" "security-force No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-share-boost No.known.fix Plugin.Settings.Update.via.CSRF MEDIUM" "social-share-boost 4.5 Admin+.Stored.XSS LOW" "social-share-boost 4.5 Contributor+.Stored.XSS MEDIUM" "sliderpro 4.8.7 Missing.Authorization.via.AJAX.actions MEDIUM" "st-daily-tip No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "ship-to-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "safe-svg 2.2.6 Author+.SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.10 SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.6 XSS.Protection.Bypass HIGH" "soliloquy-lite 2.7.7 Missing.Authorization.to.Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "soliloquy-lite 2.7.3 Subscriber+.Slider.Data.Access MEDIUM" "simple-dashboard No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "slider-by-supsystic 1.8.11 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Admin+).SQL.Injection CRITICAL" "slider-by-supsystic 1.8.7 Missing.Authorization MEDIUM" "slider-by-supsystic 1.8.7 CSRF MEDIUM" "scripts-n-styles 3.5.8 Admin+.Stored.XSS LOW" "simple-google-maps-short-code 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sitepact-klaviyo-contact-form-7 3.0.0 Unauthenticated.SQL.Injection HIGH" "sitemap 4.4 Contributor+.Stored.XSS MEDIUM" "sort-searchresult-by-title 11.0 CSRF MEDIUM" "ssl-zen 4.6.0 Unauthenticated.Private.Keys.Access MEDIUM" "ssl-zen 4.5.2 Reflected.Cross-Site.Scripting MEDIUM" "ssl-zen 4.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-grid-gallery 1.1.5 Vimeo.and.YouTube.Gallery.<.1.1.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "social-network-tabs No.known.fix Social.Media.API.Key.Leakage CRITICAL" "seo-automatic-wp-core-tweaks No.known.fix Arbitrary.Admin.Account.Creation./.Admin.Email.Update.via.CSRF HIGH" "social-login-lite-for-woocommerce No.known.fix Authentication.Bypass CRITICAL" "simple-lightbox-gallery No.known.fix Author+.Stored.XSS MEDIUM" "simple-lightbox-gallery 1.10.0 .Contributor+.PHP.Object.Injection MEDIUM" "simple-social-share No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sloth-logo-customizer No.known.fix Stored.XSS.via.CSRF HIGH" "shopbuilder 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shopbuilder 2.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "super-forms 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "super-forms 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "smart-id 4.7 Reflected.Cross-Site.Scripting MEDIUM" "sender 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sellkit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "sellkit 1.8.3 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "simpel-reserveren No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "spideranalyse No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "streamweasels-twitch-integration 1.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-twitch-embed.Shortcode MEDIUM" "streamweasels-twitch-integration 1.8.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "streamweasels-twitch-integration 1.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-twitch-integration 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "super-transactional-emails-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-transactional-emails-for-woocommerce 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slider-video 1.4.8 Slider.Carousel.<.1.4.8.-.Admin+.Stored.Cross-Site.Scripting LOW" "shop-as-a-customer-for-woocommerce 1.1.8 Subscriber+.Privilege.Escalation CRITICAL" "shop-as-a-customer-for-woocommerce 1.2.4 Shop.Manager+.Privilege.Escalation CRITICAL" "subway No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "seraphinite-old-slugs-mgr 1.4 Cross-Site.Request.Forgery MEDIUM" "shabbos-and-yom-tov No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-mail-address-encoder 1.7 Reflected.Authenticated.XSS MEDIUM" "smart-logo-showcase-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "smart-logo-showcase-lite 1.1.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "sp-news-and-widget 4.0.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-301-redirects-addon-bulk-uploader 1.2.5 Multiple.Issues MEDIUM" "shopready-elementor-addon No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "simple-mobile-url-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-post-notes 1.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-post-notes 1.7.7 Cross-Site.Request.Forgery MEDIUM" "simple-post-notes 1.7.6 Admin+.Stored.Cross-Site.Scripting LOW" "smart-maintenance-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "seo-backlink-monitor 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "saoshyant-page-builder No.known.fix Missing.Authorization MEDIUM" "send-prebuilt-emails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "send-prebuilt-emails No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stagtools 2.3.8 Reflected.XSS HIGH" "stagtools 2.3.7 Contributor+.Stored.XSS MEDIUM" "svg-uploads-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "snazzy-maps 1.1.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "sharebar No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "sharebar 1.2.2 SQL.Injection.&.Cross.Site.Scripting CRITICAL" "svg-shortcode No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "stellissimo-text-box No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-gallery-with-filter 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smsa-shipping-for-woocommerce 1.0.5 Subscriber+.Arbitrary.File.Download HIGH" "simple-goods No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-301-redirects 2.0.8 Missing.Authorization.via.clicked MEDIUM" "simple-301-redirects 2.0.8 Cross-Site.Request.Forgery.via.'clicked' MEDIUM" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Unauthenticated.Redirect.Import CRITICAL" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Update.and.Retrieve.Wildcard.Value MEDIUM" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Unauthenticated.Redirect.Export CRITICAL" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Arbitrary.Plugin.Installation HIGH" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Arbitrary.Plugin.Activation HIGH" "shortcode-ninja No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "string-locator 2.6.7 Unauthenticated.PHP.Object.Injection HIGH" "string-locator 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "string-locator 2.6.0 Authenticated.PHAR.Deserialization MEDIUM" "string-locator 2.5.0 Admin+.Arbitrary.File.Read LOW" "simple-ads-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "simple-ads-manager 2.9.5.118 SQL.Injection MEDIUM" "seo-backlinks No.known.fix CSRF.to.Stored.XSS HIGH" "shortpixel-adaptive-images 3.8.4 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.4 Cross-Site.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.3 Missing.Authorization.in.activate_ai_handler.and.deactivate_ai_handler MEDIUM" "shortpixel-adaptive-images 3.7.2 Settings.Update.via.CSRF MEDIUM" "shortpixel-adaptive-images 3.6.3 Reflected.XSS HIGH" "shortpixel-adaptive-images 3.4.0 Subscriber+.Arbitrary.Settings.Update MEDIUM" "story-chief 1.0.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "story-chief 1.0.31 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "slider-comparison-image-before-and-after No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv100-companion No.known.fix Missing.Authorization.to.Unuathenticated.Arbitrary.Options.Update CRITICAL" "sv100-companion 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv100-companion 1.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sticky-buttons 4.1.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "sticky-buttons 3.2.4 Button.Deletion.via.CSRF MEDIUM" "sticky-buttons 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sticky-buttons 3.1.1 Reflected.XSS MEDIUM" "seo-wordpress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "siteguard 1.7.7 Login.Page.Disclosure MEDIUM" "schreikasten No.known.fix Author+.SQL.Injections HIGH" "station-pro 2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "station-pro 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "station-pro 2.2.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "stackable-ultimate-gutenberg-blocks 3.13.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.7 Unauthenticated.CSS.Injection MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.12.12 Contributor+.Stored.XSS.via.Posts.Block MEDIUM" "stackable-ultimate-gutenberg-blocks 3.9.1 Reflected.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simplegmaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sermone-online-sermons-management No.known.fix Reflected.XSS HIGH" "sermone-online-sermons-management No.known.fix Contributor+.Stored.XSS MEDIUM" "social-media-builder No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "school-management 92.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "school-management 92.0.0 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "simple-video-management-system No.known.fix Admin+.Stored.XSS LOW" "simple-video-management-system No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "superlogoshowcase-wp 2.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "social-stickers No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "stars-rating 3.5.1 Comments.Denial.of.Service MEDIUM" "social-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "slide-anything 2.4.9 Author+.Stored.XSS MEDIUM" "slide-anything 2.3.47 Author+.Cross.Site.Scripting.in.slide.title MEDIUM" "slide-anything 2.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "slide-anything 2.3.41 Contributor+.SQLi HIGH" "surveys No.known.fix Authenticated.SQL.Injection CRITICAL" "shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "squirrly-seo 12.3.21 Editor+.Stored.XSS LOW" "squirrly-seo 12.3.20 Contributor+.SQL.Injection.via.url.Parameter MEDIUM" "squirrly-seo 12.3.17 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.3.16 Admin+.Stored.XSS LOW" "squirrly-seo 12.1.21 Missing.Authorization MEDIUM" "squirrly-seo 12.1.21 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.1.11 Contributor+.Arbitrary.File.Upload CRITICAL" "squirrly-seo 11.1.12 Reflected.Cross-Site.Scripting MEDIUM" "scrollto-bottom No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "site-favicon 0.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "special-box-for-content No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-banner 2.12.0 Admin+.Stored.Cross.Site.Scripting LOW" "simple-banner 2.12.0 Admin+.Stored.Cross-Site.Scripting LOW" "simple-banner 2.10.4 Admin+.Stored.XSS MEDIUM" "software-license-manager 4.5.1 Arbitrary.Domain.Deletion.via.CSRF HIGH" "software-license-manager 4.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "software-license-manager 4.4.8 Reflected.Cross-Site.Scripting HIGH" "software-license-manager 4.4.6 CSRF.to.Stored.XSS HIGH" "seo-automatic-links No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "seo-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "sight 1.1.3 Missing.Authorization.to.Sensitive.Information.Exposure.in.handler_post_title MEDIUM" "sell-media No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-media 2.5.7.3 CSRF.Bypass MEDIUM" "sell-media 2.4.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sync-qcloud-cos 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "share-this-image 2.02 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 2.04 Open.Redirect.via.link.Parameter HIGH" "share-this-image 2.03 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STI.Buttons.Shortcode MEDIUM" "share-this-image 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "share-this-image 1.99 Open.Redirect MEDIUM" "share-this-image 1.81 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 1.67 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-this-image 1.20 Stored.XSS MEDIUM" "sv-columns-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-columns-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shop-assistant-for-woocommerce-jarvis 2.9.2 Missing.Authorization MEDIUM" "skt-templates 6.15 Reflected.Cross-Site.Scripting MEDIUM" "skt-templates 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stepbyteservice-openstreetmap No.known.fix Use.of.Polyfill.io MEDIUM" "stepbyteservice-openstreetmap 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-woocommerce-csv-loader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-cart-solution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-cart-solution 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seraphinite-accelerator-ext 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator-ext 2.21.13.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion MEDIUM" "si-contact-form 4.0.38 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-spoiler 1.4 1.3.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simple-spoiler 1.3 Admin+.Stored.XSS LOW" "stratum 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Vulnerability.via.Image.Hotspot.Widget MEDIUM" "stratum 1.4.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "stratum 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "stratum 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-admin-language-change 2.0.2 Arbitrary.User.Locale.Change MEDIUM" "school-management-pro No.known.fix Authenticated.(School.Admin+).SQL.Injection CRITICAL" "school-management-pro 9.9.7 Unauthenticated.RCE.via.REST.api CRITICAL" "streamcast 2.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "streamcast 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "streamcast 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "streamcast 2.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "simpleform-contact-form-submissions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "skyboot-portfolio-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "speedycache 1.1.9 Cross-Site.Request.Forgery MEDIUM" "speedycache 1.1.4 Missing.Authorization.to.Plugin.Options.Update MEDIUM" "speedycache 1.1.3 .Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "skip-to No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-image-manipulator No.known.fix Remote.File.Download HIGH" "subscribe2 10.41 Sending.Emails.via.CSRF MEDIUM" "subscribe2 10.41 Missing.Access.Controls MEDIUM" "subscribe2 10.38 User.Deletion.via.CSRF HIGH" "subscribe2 10.16 XSS MEDIUM" "simple-membership-after-login-redirection 1.7 Open.Redirect MEDIUM" "skt-skill-bar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shopelement 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spoontalk-social-media-icons-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "sliced-invoices 3.9.3 Missing.Authorization MEDIUM" "sliced-invoices 3.8.4 Multiple.Vulnerabilities HIGH" "slidedeck2 2.3.5 Unspecified.File.Inclusion CRITICAL" "stray-quotes No.known.fix Reflected.XSS HIGH" "simple-download-monitor 3.9.26 Authenticated.(Administrator+).SQL.Injection MEDIUM" "simple-download-monitor 3.9.9 Multiple.CSRF MEDIUM" "simple-download-monitor 3.9.11 Contributor+.Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Stored.Cross-Site.Scripting.via.File.Thumbnail MEDIUM" "simple-download-monitor 3.9.6 Arbitrary.Thumbnails.Removal MEDIUM" "simple-download-monitor 3.9.5 Reflected.Cross-Site.Scripting HIGH" "simple-download-monitor 3.9.6 Unauthorised.Log.Reset MEDIUM" "simple-download-monitor 3.9.6 Unauthenticated.Log.Access MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "simple-download-monitor 3.8.9 SQL.Injection MEDIUM" "simple-download-monitor 3.8.9 Unauthenticated.Cross-Site.Scripting MEDIUM" "simple-download-monitor 3.5.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "shortcode-for-font-awesome 1.4.1 Contributor+.Stored.XSS MEDIUM" "shipping-manager-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "shipping-manager-for-woocommerce 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-by-rank-math 1.0.232 Admin+.Remote.Code.Execution MEDIUM" "seo-by-rank-math 1.0.229 Admin+.PHP.Object.Injection MEDIUM" "seo-by-rank-math 1.0.229 Unauthenticated.User.and.Term.Metadata.Insert/Update/Deletion MEDIUM" "seo-by-rank-math 1.0.219 Authenticated.Stored.XSS LOW" "seo-by-rank-math 1.0.219-beta Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.218 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.217 Contributor+.Stored.Cross-Site.Scripting.via.'titleWrapper' MEDIUM" "seo-by-rank-math 1.0.215 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.119.1 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.107.3 Contributor+.LFI MEDIUM" "seo-by-rank-math 1.0.95.1 Unauthenticated.SSRF MEDIUM" "seo-by-rank-math 1.0.42.2 Authenticated.Missing.Access.Controls.to.Disable.Competitor.Plugins MEDIUM" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Privilege.Escalation.via.Unprotected.REST.API.Endpoint CRITICAL" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Redirect.Creation.via.Unprotected.REST.API.Endpoint MEDIUM" "seo-by-rank-math 1.0.27.1 Authenticated.Settings.Reset MEDIUM" "selection-lite 1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "selection-lite 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-blueprint-installer 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "share-buttons No.known.fix Admin+.Stored.XSS LOW" "share-buttons No.known.fix Unauthenticated.Image.Upload.&.Path.Traversal MEDIUM" "simple-author-box 2.52 Contributor+.Arbitrary.User.Information.Disclosure.via.IDOR LOW" "simple-author-box 2.4 Reflected.Cross-Site.Scripting MEDIUM" "sticky-social-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "startklar-elmentor-forms-extwidgets No.known.fix Unauthenticated.Path.Traversal.to.Arbitrary.Directory.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Upload CRITICAL" "smart-phone-field-for-gravity-forms 2.1 Reflected.Cross-Site.Scripting MEDIUM" "smooth-scrolling-links-ssl No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "shopengine 4.1.2 CSRF MEDIUM" "search-and-replace 3.2.3 Unauthenticated.PHP.Object.Injection MEDIUM" "search-and-replace 3.2.2 Administrator+.SQL.injection LOW" "search-and-replace 3.2.2 Admin+.SQL.injection MEDIUM" "tidy-up No.known.fix Cross-Site.Request.Forgery MEDIUM" "telsender 1.14.12 Subscriber+.Settings.Update MEDIUM" "tweet-old-custom-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "transbank-webpay-plus-rest 1.6.7 Admin+.SQLi MEDIUM" "transients-manager 2.0.7 Cross-Site.Request.Forgery MEDIUM" "testimonial-widgets 1.4.4 Authenticated.(Contributor+).SQL.Injection HIGH" "testimonial-widgets 1.4.3 Widget.Deletion.via.CSRF MEDIUM" "thrive-comments 1.4.15.3 Unauthenticated.Option.Update MEDIUM" "temp-mail 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "target-notifications No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "top-bar 3.0.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "top-bar 3.0.5 Admin+.Stored.XSS LOW" "top-bar 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "templatesnext-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templatesnext-toolkit 3.2.9 Contributor+.Stored.XSS MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS MEDIUM" "the-pack-addon 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.9 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.0.8.7 Authenticated.(contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.8.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "the-pack-addon 2.0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "tenweb-speed-optimizer 2.24.18 Unauthenticated.Arbitrary.Option.Deletion HIGH" "template-kit-export 1.0.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tailored-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-designer No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "tiny-compress-images 3.4.4 Cross-Site.Request.Forgery MEDIUM" "the-very-simple-vimeo-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "transportersio 2.1.2 Stored.XSS.via.CSRF HIGH" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "taggbox-widget 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taggbox-widget 3.2 Unauthenticated.PHP.Object.Injection CRITICAL" "taggbox-widget No.known.fix Missing.Authorization MEDIUM" "taggbox-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "themehunk-megamenu-plus 1.1.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "themehunk-megamenu-plus 1.1.0 .Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "teleadmin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tatsu 3.3.12 Unauthenticated.RCE CRITICAL" "twittee-text-tweet No.known.fix Reflected.XSS HIGH" "tc-custom-javascript 1.2.2 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "team-118group-agent No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "the-post-grid 7.5.0 Editor+.Stored.XSS.via.Grid.Creation LOW" "the-post-grid 7.7.12 Authenticated.(Contributor+).Information.Disclosure MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.AJAX MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.save_block_css MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.REST.API MEDIUM" "the-post-grid 7.7.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.section.title.tag MEDIUM" "the-post-grid 7.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-post-grid 7.7.0 Missing.Authorization MEDIUM" "the-post-grid 7.2.8 Block.CSS.Update.via.CSRF MEDIUM" "the-post-grid 5.0.5 Settings.Update.via.CSRF MEDIUM" "trendy-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tawkto-live-chat 0.6.0 Subscriber+.Visitor.Monitoring.&.Chat.Removal HIGH" "tera-charts No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "tabbed 1.3.2 Accordion,.FAQ.<.1.3.2.-.Unauthenticated.AJAX.Calls CRITICAL" "tiny-carousel-horizontal-slider-plus No.known.fix Admin+.Stored.XSS MEDIUM" "tlp-team 4.4.2 Editor+.Stored.XSS LOW" "tlp-team 4.1.2 Subscriber+.Arbitrary.File.Read.and.Deletion CRITICAL" "time-sheets 1.29.3 Admin+.Stored.XSS LOW" "time-sheets 1.5.2 Multiple.XSS MEDIUM" "theme-per-user No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "tock-widget 1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "theme-my-login 7.1.8 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "theme-my-login 7.1.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "token-login No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "theme-blvd-responsive-google-maps No.known.fix Contributor+.XSS MEDIUM" "totalpoll-lite 4.10.0 Missing.Authorization MEDIUM" "timeline-calendar No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.button.Shortcode MEDIUM" "td-composer 4.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "td-composer 4.2 Unauthenticated.Stored.XSS HIGH" "td-composer 4.2 Admin+.Stored.XSS LOW" "td-composer 4.0 Reflected.Cross-site.Scripting HIGH" "td-composer 3.5 Unauthenticated.Account.Takeover CRITICAL" "travel-light No.known.fix CSRF.Bypass MEDIUM" "tiempocom No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "tiempocom No.known.fix Stored.XSS.via.CSRF HIGH" "tiempocom No.known.fix Reflected.XSS HIGH" "transition-slider-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "tripay-payment-gateway 3.2.8 Admin+.Stored.XSS LOW" "tradetracker-store 4.6.60 Admin+.SQL.Injection MEDIUM" "tippy No.known.fix Contributor+.Stored.XSS MEDIUM" "timeline-and-history-slider 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "top-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thumbs-rating No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "templatesnext-onepager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tp-education 4.5 Contributor+.Stored.XSS MEDIUM" "team-showcase 2.2 Contributor+.Stored.XSS MEDIUM" "timely-booking-button No.known.fix Admin+.Stored.XSS LOW" "thrive-visual-editor 2.6.7.4 Unauthenticated.Option.Update MEDIUM" "testimonial-add 3.5.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "testimonials-carousel-elementor 10.2.3 Contributor+.Stored.XSS MEDIUM" "testimonials-carousel-elementor 10.2.1 Missing.Authorization.to.Limited.Setting.Update MEDIUM" "testimonials-carousel-elementor 10.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "testimonial-free 2.6.0 Contributor+.Stored.XSS MEDIUM" "testimonial-free 2.1.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "travelpayouts 1.1.17 Open.Redirect MEDIUM" "travelpayouts 1.1.13 Settings.Update.via.CSRF MEDIUM" "travelpayouts 1.1.14 Reflected.XSS HIGH" "travelpayouts 1.0.17 CSRF.Bypass.due.to.Outdated.Redux.Framework MEDIUM" "themify-audio-dock 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "truepush-free-web-push-notifications No.known.fix Missing.Authorization MEDIUM" "tier-pricing-table 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "tier-pricing-table 2.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "the-moneytizer 10.0.1 Cross-Site.Request.Forgery.via.multiple.AJAX.actions HIGH" "the-moneytizer 10.0.1 Missing.Authorization.via.multiple.AJAX.actions HIGH" "the-moneytizer 9.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "time-clock-pro 1.1.5 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "total-cost-input-for-woocommerce 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "telecash-ricaricaweb No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "totop-link No.known.fix Unauthenticated.PHP.Object.Injection MEDIUM" "terraclassifieds No.known.fix TerraClassifieds.<=.2,0,3.Unauthenticated.Arbitrary.File.Upload CRITICAL" "terraclassifieds No.known.fix Cross-Site.Request.Forgery HIGH" "tida-url-screenshot 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "teamleader-form-integration 2.1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "thrive-clever-widgets 1.57.1 Unauthenticated.Option.Update MEDIUM" "track-geolocation-of-users-using-contact-form-7 2.1 Admin+.Stored.XSS LOW" "templatespare 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Update MEDIUM" "tuxedo-big-file-uploads 2.1.3 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "tuxedo-big-file-uploads 2.1.2 Cross-Site.Request.Forgery.via.actions MEDIUM" "timeline-event-history 3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "triberr-wordpress-plugin 4.1.2 Admin+.Stored.XSS LOW" "timeline-widget-addon-for-elementor 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-buffer-button No.known.fix Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "telephone-number-linker No.known.fix Contributor+.Stored.XSS MEDIUM" "text-advertisements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-ptb-search 1.4.0 Post.Type.Builder.Search.Addon.<.1.4.0.-.Reflected.Cross-Site.Scripting MEDIUM" "title-field-validation No.known.fix Unauthorised.AJAX.Calls HIGH" "tigris-flexplatform No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "total-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "timeline-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[placeholder] MEDIUM" "translation-exchange No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "to-top 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "tiny-carousel-horizontal-slider No.known.fix Admin+.Stored.XSS LOW" "tabs-shortcode No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "titan-labs-security-audit No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "tainacan 0.21.13 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.11 Reflected.Cross-Site.Scripting MEDIUM" "tainacan 0.21.9 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "tainacan 0.21.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tainacan 0.21.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tainacan 0.20.8 Missing.Authorization MEDIUM" "tainacan 0.20.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tainacan 0.20.5 Reflected.Cross-Site.Scripting MEDIUM" "travelers-map 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-ptb 2.1.1 Reflected.Cross-Site.Scripting HIGH" "themify-ptb 2.1.4 Subscriber+.Arbitrary.Post/Page.Creation MEDIUM" "testimonial-slider 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider 1.3.2 Stored.XSS.via.CSRF MEDIUM" "testimonial-slider 1.2.5 Authenticated.SQL.Injection HIGH" "testimonial-slider 1.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "tabs-with-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tabs-with-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "testimonials-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonials-widget No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.testimonials.Shortcode MEDIUM" "testimonials-widget 4.0.0 Multiple.Authenticated.Stored.XSS MEDIUM" "thirstyaffiliates 3.10.5 Subscriber+.unauthorized.image.upload.+.CSRF LOW" "thirstyaffiliates 3.10.5 Subscriber+.Arbitrary.Affiliate.Links.Creation LOW" "thirstyaffiliates 3.9.3 Authenticated.Stored.XSS MEDIUM" "thesis-openhook 4.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "team-members 5.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-members 5.3.2 Author+.Stored.XSS MEDIUM" "team-members 5.2.1 Editor+.Stored.XSS LOW" "team-members 5.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "team-members 5.0.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "template-kit-import 1.0.15 Author+.Stored.XSS MEDIUM" "temporary-login-without-password 1.7.1 Subscriber+.Plugin's.Settings.Update MEDIUM" "top-10 3.2.5 Admin+.Stored.XSS LOW" "top-10 3.2.3 Contributor+.Stored.XSS MEDIUM" "top-10 2.9.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "twenty20 No.known.fix Contributor+.Stored.XSS MEDIUM" "themify-icons 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tt-custom-post-type-creator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.4 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.12 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.content_template MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Missing.Authorization MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget.Settings MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TP.Page.Scroll.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.via.Hover.Card.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.in.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.2 Contributor+.LFI MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Header.Meta.Content.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.3.4 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Arbitrary.File.Access MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Privilege.Escalation HIGH" "the-plus-addons-for-elementor-page-builder 2.0.6 Contributor+.Stored.XSS MEDIUM" "theatre 0.18.7 Reflected.Cross-Site.Scripting MEDIUM" "theatre 0.18.4 Admin+.Stored.XSS LOW" "torro-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tabs-maker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tranzly No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tranzly 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tagembed-widget 5.9 Missing.Authorization MEDIUM" "tagembed-widget 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templately 3.1.6 Missing.Authorization MEDIUM" "templately 3.1.6 Missing.Authorization.via.AJAX.actions MEDIUM" "templately 3.1.3 Missing.Authorization MEDIUM" "templately 2.2.6 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "tweetscroll-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tc-ecommerce No.known.fix Unauthenticated.SQLi HIGH" "tc-ecommerce No.known.fix Password.Change/Account.Takeover/Privilege.Escalation CRITICAL" "the-permalinker 1.9.0 Contributor+.Stored.XSS MEDIUM" "task-manager-pro 3.6.34 Multiple.Cross-Site.Scripting MEDIUM" "task-manager-pro 3.6.34 Follower+.SQLi HIGH" "twentyfourth-wp-scraper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentyfourth-wp-scraper No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turn-off-comments-for-all-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ticket-tailor 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "track-logins No.known.fix Admin+.SQL.Injection MEDIUM" "third-party-cookie-eraser No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist 2.9.2 Unauthenticated.Plugin.Setup.Wizard.Access HIGH" "ti-woocommerce-wishlist 2.9.1 Unauthenticated.SQL.Injection.via.lang.parameters HIGH" "ti-woocommerce-wishlist 2.9.0 Unauthenticated.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.21.12 Authenticated.WP.Options.Change HIGH" "telegram-bot No.known.fix Cross-Site.Request.Forgery MEDIUM" "telegram-bot 3.6.3 Admin+.Stored.XSS LOW" "timthumb-vulnerability-scanner No.known.fix Scan.Initialisation.via.CSRF MEDIUM" "twigify No.known.fix Vulnerable.Twig.Package MEDIUM" "theme-blvd-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "textme-sms-integration 1.9.1 Subscriber+.Settings.Update MEDIUM" "textme-sms-integration 1.8.9 Authenticated.Stored.XSS LOW" "tabs-shortcode-and-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "toggles-shortcode-and-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tamara-checkout 1.9.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "total-donations No.known.fix Update.Arbitrary.WordPress.Option.Values CRITICAL" "top-25-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "term-and-category-based-posts-widget 4.9.13 Admin+.Stored.XSS LOW" "themesflat-addons-for-elementor 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Information.Exposure LOW" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Tags MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URLs MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "themesflat-addons-for-elementor 2.1.3 Contributor+.Stored.XSS.via.Widget.Titles MEDIUM" "tori-ajax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.2.5 Editor+.Stored.XSS LOW" "themify-portfolio-post 1.2.2 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.2.1 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.1.6 Authenticated.Stored.Cross-Site.Scripting HIGH" "thesography No.known.fix Admin+.Stored.XSS LOW" "testimonial 2.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "tweeple No.known.fix Reflected.XSS HIGH" "teachpress 9.0.6 Cross-Site.Request.Forgery.via.delete_database() MEDIUM" "teachpress 9.0.5 Cross-Site.Request.Forgery MEDIUM" "teachpress 9.0.3 Reflected.Cross-Site.Scripting HIGH" "teachpress 8.1.9 Reflected.Cross-Site.Scripting HIGH" "tweet-old-post 9.0.11 PHP.Object.Injection LOW" "terms-and-conditions-per-product 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "th23-social No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "tpg-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-store-locator 1.2.0 Cross-Site.Request.Forgery MEDIUM" "tweet-wheel 1.0.3.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tribute-testimonial-gridslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tecslider 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tecslider 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "twitter-cards-meta 2.5.0 CSRF.and.XSS HIGH" "tiger-form 2.1.0 Reflected.XSS HIGH" "transposh-translation-filter-for-wordpress No.known.fix Settings.Update.via.Authorization.Bypass MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Subscriber+.Unauthorised.Calls MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Admin+.SQL.Injection MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Usernames.Disclosure MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Unauthenticated.Settings.Change MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Admin+.RCE MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 CSRF.to.Stored.XSS HIGH" "transposh-translation-filter-for-wordpress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Stored.Cross-Site.Scripting MEDIUM" "talkback-secure-linkback-protocol No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "tinymce-custom-styles 1.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "tinymce-custom-styles 1.1.3 Admin+.Stored.XSS LOW" "tapfiliate 3.0.13 Admin+.Stored.XSS LOW" "tiny-contact-form No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "taboola 2.0.2 CSRF MEDIUM" "tag-groups 2.0.4 Missing.Authorization.to.Information.Exposure MEDIUM" "tag-groups 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 1.43.10.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "thrive-leads 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "theme-switcha 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "twitter-posts No.known.fix Settings.Update.via.CSRF MEDIUM" "the-events-calendar 6.9.1 Contributor+.Stored.XSS MEDIUM" "the-events-calendar 6.8.2.1 Unauthenticated.Password.Protected.Event.Disclosure MEDIUM" "the-events-calendar 6.6.4.1 Unauthenticated.SQL.Injection MEDIUM" "the-events-calendar 6.6.4 Admin+.Stored.XSS LOW" "the-events-calendar 6.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "the-events-calendar 6.5.1.5 Cross-Site.Request.Forgery.via.action_restore_events MEDIUM" "the-events-calendar 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "the-events-calendar 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "the-events-calendar 6.4.0.1 Reflected.XSS HIGH" "the-events-calendar 6.2.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "the-events-calendar 6.2.8.1 Unauthenticated.Arbitrary.Password.Protected.Post.Read MEDIUM" "the-events-calendar 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 5.14.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "the-events-calendar 5.14.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 4.8.2 XSS MEDIUM" "the-sorter No.known.fix Authenticated.SQL.Injection MEDIUM" "testimonial-rotator No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "testimonial-rotator 3.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "time-clock 1.2.3 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "thrive-ab-page-testing 1.4.13.3 Unauthenticated.Option.Update MEDIUM" "themify-builder 7.6.6 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "themify-builder 7.6.6 Contributor+.Stored.XSS MEDIUM" "themify-builder 7.6.3 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.2 Missing.Authorization.to.Authenticated.(Contributor+).Post.Duplication MEDIUM" "themify-builder 7.5.8 Open.Redirect MEDIUM" "themify-builder 7.0.6 Cross-Site.Request.Forgery MEDIUM" "themify-builder 5.3.2 Reflected.Cross-Site.Scripting HIGH" "ttv-easy-embed-player 2.1.1 Admin+.Stored.XSS LOW" "task-scheduler 1.6.1 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "teaser-maker-standard No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "timeline-awesome No.known.fix Author+.Stored.Cross-Site.Scripting LOW" "treepress 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "treepress 3.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "treepress 2.0.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tagregator No.known.fix Stored.XSS MEDIUM" "themedy-toolbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themedy-toolbox 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "typea-ftc-disclosure No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "typea-ftc-disclosure No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "topbar-id-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tcbd-auto-refresher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tangible-loops-and-logic 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "thrive-dashboard 2.3.9.3 Unauthenticated.Option.Update MEDIUM" "translation-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-builder-for-elementor 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "thank-me-later No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "tourfic 2.15.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "tourfic 2.15.4 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tourfic 2.11.21 Cross-Site.Request.Forgery.in.Multiple.Functions MEDIUM" "tourfic 2.11.19 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "tourfic 2.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tourfic 2.11.8 Reflected.Cross-Site.Scripting MEDIUM" "tourfic 2.11.16 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tumult-hype-animations 1.9.16 Authenticated.(Author+).Arbitrary.File.Upload.via.hypeanimations_panel.Function CRITICAL" "tumult-hype-animations 1.9.15 Missing.Authorization MEDIUM" "tumult-hype-animations 1.9.12 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "tumult-hype-animations 1.9.13 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "thinkific-uploader No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "text-hover 4.2 Admin+.Stored.Cross-Site.Scripting. LOW" "timed-content 2.73 Contributor+.Stored.XSS MEDIUM" "tabs-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timetics 1.0.28 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.28.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Deletion MEDIUM" "timetics 1.0.26 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.26.-.Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.User.Password/Email.Reset/Account.Takeover CRITICAL" "timetics 1.0.24 Authorization.Bypass MEDIUM" "timetics 1.0.22 AI-powered.Appointment.Booking.with.Visual.Seat.Plan.and.ultimate.Calendar.Scheduling.Plugin.<.1.0.22.-.Missing.Authorization.to.Limited.Privilege.Escalation HIGH" "twitter-follow 0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.username.Parameter MEDIUM" "timeslot 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "tutor-pro 2.7.3 Missing.Authorization.to.Authenticated.(Subscriber+).Insecure.Direct.Object.Reference HIGH" "tutor-pro 2.7.1 Missing.Authorization HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.Privilege.Escalation HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.SQL.Injection HIGH" "tags-cloud-manager No.known.fix Reflected.XSS HIGH" "tipsacarrier 1.5.0.5 Unauthenticated.Orders.Disclosure MEDIUM" "tipsacarrier 1.5.0.5 Unauthenticated.SQLi HIGH" "twitter-anywhere-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Stored.XSS.via.Shortcode HIGH" "threewp-broadcast 51.02 Reflected.Cross-Site.Scripting MEDIUM" "tour-booking-manager 1.8.6 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.8 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.2 Missing.Authorization.via.ttbm_new_place_save MEDIUM" "tour-booking-manager 1.6.1 Cross-Site.Request.Forgery MEDIUM" "turbosmtp 4.7 Reflected.Cross-Site.Scripting MEDIUM" "turbosmtp 4.7 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "tlp-portfolio 2.8.11 WordPress.Portfolio.<.2.8.11.-.Contributor+.Stored.XSS MEDIUM" "trustist-reviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twitter-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "timesheet 0.1.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "templates-patterns-collection 1.2.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "tabs-responsive 2.2.8 Editor+.Stored.Cross-Site.Scripting LOW" "terms-descriptions 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "terms-descriptions 2.4.8 Admin+.Stored.XSS LOW" "terms-descriptions 3.4.5 Reflected.XSS HIGH" "targetfirst-wordpress-plugin 1.0 Unauthenticated.Stored.XSS.via.Licence.Key HIGH" "typofr No.known.fix Reflected.Cross-Site.Scripting HIGH" "t-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "theme-demo-import 1.1.1 Admin+.Arbitrary.File.Upload MEDIUM" "team-rosters No.known.fix Reflected.Cross-Site.Scripting.via.'tab' MEDIUM" "team-rosters No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "tubepress 1.6.5 XSS MEDIUM" "tripetto 8.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tripetto No.known.fix Unauthentiated.Stored.Cross-Site.Scripting.via.Form.File.Upload HIGH" "tripetto 7.0.1 Reflected.Cross-Site.Scripting MEDIUM" "tripetto 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "tripetto 5.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "twchat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twchat 3.1.5 Admin+.Local.File.Inclusion LOW" "twchat 3.1.5 Multiple.CSRF MEDIUM" "thrive-quiz-builder 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "theme-junkie-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "testimonials No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tracked-tweets No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "tracked-tweets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "toolbar-extras No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tinymce-annotate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tinymce-annotate No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "twitterpost No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "toolbar-to-share No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "tourmaster 5.3.5 Reflected.XSS HIGH" "tourmaster 5.3.4 Unauthenticated.Stored.XSS.via.Room.Booking HIGH" "twitter-plugin 2.55 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "tm-woocommerce-compare-wishlist No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "tml-2fa 1.2 .Lack.of.Rate.Limiting MEDIUM" "tubepressnet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "theme-editor 2.9 Authenticated.(Admin+).PHAR.Deserialization HIGH" "theme-editor 2.8 Admin+.Arbitrary.File.Upload HIGH" "theme-editor 2.6 Authenticated.Arbitrary.File.Download MEDIUM" "theme-editor 2.2 Multiple.Vulnerabilities CRITICAL" "tagmaker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "team-showcase-supreme 7.5 Editor+.Local.File.Inclusion HIGH" "team-showcase-supreme 4.5 Editor+.Stored.Cross-Site.Scripting LOW" "themefuse-maintenance-mode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tochat-be 1.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tube-video-ads-lite No.known.fix Reflected.XSS HIGH" "thoughtful-comments 0.3.6 Missing.Authorization LOW" "taxonomy-discounts-woocommerce 5.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "tf-numbers-number-counter-animaton 2.0.1 Subscriber+.Arbitrary.Option.Update HIGH" "testimonial-slider-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider-shortcode 1.1.9 Contributor+.Stored.XSS MEDIUM" "thrive-automator 1.17.1 Cross-Site.Request.Forgery MEDIUM" "tinycode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "traffic-manager No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "traffic-manager No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "this-day-in-history No.known.fix Unauthenticated.Reflected.XSS HIGH" "total-gdpr-compliance-lite 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "table-maker No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "trademe-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_lp_export_xml MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_import_from_xml MEDIUM" "typing-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typing-text 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thrive-ultimatum 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "truebooker-appointment-booking 1.0.3 Settings.Update.via.CSRF MEDIUM" "truebooker-appointment-booking 1.0.3 Multiple.Unauthenticated.SQLi HIGH" "taketin-to-wp-membership No.known.fix Subscriber+.PHP.Object.Injection HIGH" "tr-easy-google-analytics No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "timber-library 1.23.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "team-showcase-ultimate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "taeggie-feed 0.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tickera-event-ticketing-system 3.5.4.9 Unauthenticated.Customer.Data.Exposure MEDIUM" "tickera-event-ticketing-system 3.5.4.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "tickera-event-ticketing-system 3.5.2.9 Missing.Authorization.to.Authenticated.(Susbcriber+).Ticket.Deletion MEDIUM" "tickera-event-ticketing-system 3.5.2.7 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.2.5 Ticket.leakage.through.IDOR MEDIUM" "tickera-event-ticketing-system 3.5.1.0 Plugin.Data.Deletion.via.CSRF LOW" "tickera-event-ticketing-system 3.4.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tickera-event-ticketing-system 3.4.8.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tickera-event-ticketing-system 3.4.6.9 Unauthenticated.Sensitive.Data.Exposure HIGH" "themify-shortcodes 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.themify_button.Shortcode MEDIUM" "themify-shortcodes 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "thrive-headline-optimizer 1.3.7.3 Unauthenticated.Option.Update MEDIUM" "tour-operator 2.0.0 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "tito No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tcd-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "table-of-contents-plus No.known.fix Admin+.Stored.XSS LOW" "table-of-contents-plus No.known.fix Cross-Site.Request.Forgery MEDIUM" "table-of-contents-plus 2309 Settings.Update.via.CSRF MEDIUM" "table-of-contents-plus 2309 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "table-of-contents-plus 2212 Contributor+.Stored.XSS MEDIUM" "ts-comfort-database No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "typebot 3.6.1 Contributor+.Stored.XSS MEDIUM" "typebot 1.4.3 Admin+.Stored.Cross.Site.Scripting LOW" "table-genie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "table-genie No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "termin-kalender 1.00.04 Missing.Authorization.to.Authenticated.(Subscriber+) MEDIUM" "top-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "themeisle-companion 2.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Services.and.Post.Type.Grid.Widgets MEDIUM" "themeisle-companion 2.10.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripiting.via.Registration.Form.Widget MEDIUM" "themeisle-companion 2.10.32 Contributor+.Stored.XSS.via.Post.Type.Grid.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Form.Widget MEDIUM" "themeisle-companion 2.10.30 Connected.API.Keys.Update.via.CSRF MEDIUM" "themeisle-companion 2.10.29 Unauthenticated.Connected.API.Keys.Update MEDIUM" "themeisle-companion 2.10.28 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.27 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.24 Author+.Server-Side.Request.Forgery MEDIUM" "themeisle-companion 2.10.3 Authenticated.Stored.Cross.Site.Scripting MEDIUM" "themeisle-companion 2.10.3 Authenticated.Privilege.Escalation CRITICAL" "table-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id.Parameter MEDIUM" "training No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tabs-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "tree-website-map 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "tree-website-map 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "tournamatch 4.6.1 Admin+.Stored.XSS.via.Ladders LOW" "tournamatch 4.6.1 Subscriber+.Stored.XSS HIGH" "tin-canny-learndash-reporting 4.3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "tcs3 No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "transfinanz No.known.fix Reflected.XSS HIGH" "themify-event-post 1.2.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tablesome 1.0.34 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tablesome 1.0.26 Cross-Site.Request.Forgery MEDIUM" "tablesome 1.0.28 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.15 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.9 Reflected.XSS MEDIUM" "tablesome 0.6.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tilda-publishing 0.3.24 Subscriber+.Unauthorised.Action MEDIUM" "tcbd-popover No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "thrive-apprentice 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "tinymce-and-tinymce-advanced-professsional-formats-and-styles No.known.fix Cross-Site.Request.Forgery.via.bb_taps_backend_page MEDIUM" "timeline-for-beaver-builder 1.1.4 Editor+.Stored.XSS LOW" "total-security 3.4.1 XSS.&.Settings.Change MEDIUM" "tedwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tedwp 0.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "td-cloud-library 2.7 Unauthenticated.Arbitrary.User.Metadata.Update.to.Privilege.Escalation CRITICAL" "themify-wc-product-filter 1.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "themify-wc-product-filter 1.5.0 WooCommerce.Product.Filter.<.1.5.0.-.Unauthenticated.SQL.Injection.via.conditions.Parameter CRITICAL" "themify-wc-product-filter 1.4.4 Reflected.XSS HIGH" "themify-wc-product-filter 1.4.4 Filter.Deletion.via.CSRF MEDIUM" "themify-wc-product-filter 1.4.4 Admin+.Stored.XSS LOW" "themify-wc-product-filter 1.3.8 WooCommerce.Product.Filter.<.1.3.8.-.Reflected.Cross-Site.Scripting MEDIUM" "toggle-the-title No.known.fix XSS MEDIUM" "themeshark-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "trackserver 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tiny-bar 2.1 Reflected.Cross-Site.Scripting MEDIUM" "twb-woocommerce-reviews 1.7.6 Admin+.Stored.XSS LOW" "theme-my-ontraport-smartform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "two-factor-authentication 1.3.13 Disable.Two.Factor.Authentication.CSRF HIGH" "two-factor-authentication 1.1.10 XSS MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Installation MEDIUM" "tutor-lms-elementor-addons 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Course.Carousel.Widget MEDIUM" "tutor-lms-elementor-addons 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "torod 1.8 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Update MEDIUM" "tk-event-weather No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-event-weather No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tk-google-fonts 2.2.12 Missing.Authorization.to.Font.Deletion MEDIUM" "tk-google-fonts 2.2.11 Reflected.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tablepress 2.4.3 Author+.Stored.XSS MEDIUM" "tablepress 2.4.3 XXE.Injection MEDIUM" "tablepress 2.3.2 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebind MEDIUM" "tablepress 2.2.5 Authenticated(Author+).Server.Side.Request.Forgery(SSRF).via._get_import_files MEDIUM" "tablepress 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "tablepress 1.8.1 Authenticated.XML.External.Entity.(XXE) MEDIUM" "taskbuilder 3.0.7 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "taskbuilder 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wppm_tasks.Shortcode MEDIUM" "taskbuilder 3.0.5 Admin+.SQL.Injection MEDIUM" "taskbuilder 1.0.8 Subscriber+.Stored.XSS.via.SVG.file.upload MEDIUM" "trackship-for-woocommerce 1.7.6 Missing.Authorization MEDIUM" "thecartpress No.known.fix Unauthenticated.Arbitrary.Admin.Account.Creation CRITICAL" "thecartpress 1.3.9.3 Multiple.Vulnerabilities HIGH" "turbo-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "turbo-widgets No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turbo-widgets No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "tradedoubler-affiliate-tracker 2.0.22 Unauthenticated.LFI HIGH" "tarteaucitronjs 1.6.1 Cookies.legislation.&.GDPR.<.1.6.1.-.Admin.+.Stored.Cross-Site.Scripting LOW" "tarteaucitronjs 1.6 Cookies.legislation.&.GDPR.<.1.6.-.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "trustmary 1.0.10 Contributor+.Stored.XSS MEDIUM" "telefication No.known.fix Open.Relay.&.Server-Side.Request.Forgery MEDIUM" "tsb-occasion-editor No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "themes4wp-youtube-external-subtitles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taggator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tutor 2.7.7 User.Registration.Setting.Bypass.to.Unauthorized.User.Registration MEDIUM" "tutor 2.7.7 Unauthenticated.SQL.Injection.via.rating_filter HIGH" "tutor 2.7.5 Cross-Site.Request.Forgery.via.'addon_enable_disable' MEDIUM" "tutor 2.7.3 Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.4 Authenticated.(Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.4 Missing.Authorization MEDIUM" "tutor 2.7.3 Cross-Site.Request.Forgery MEDIUM" "tutor 2.7.3 Authenticated.(Tutor.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.2 Authenticated.(Admin+).Path.Traversal LOW" "tutor 2.7.2 Tutor.LMS.–.eLearning.and.online.course.solution.<.2,7,2.-Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.2 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Quiz.Attempt.Deletion MEDIUM" "tutor 2.7.1 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Course.Deletion MEDIUM" "tutor 2.7.1 Missing.Authorization CRITICAL" "tutor 2.7.1 Authenticated.(Instructor+).SQL.Injection HIGH" "tutor 2.7.0 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "tutor 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'tutor_instructor_list'.Shortcode MEDIUM" "tutor 2.6.2 Cross-Site.Request.Forgery.to.Plugin.Deactivation.and.Data.Erase MEDIUM" "tutor 2.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "tutor 2.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "tutor 2.6.1 Student+.HTML.Injection.via.Q&A MEDIUM" "tutor 2.6.1 Missing.Authorization MEDIUM" "tutor 2.3.0 Admin+.Stored.XSS LOW" "tutor 2.3.0 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 2.2.1 Unauthenticated.Access.to.Tutor.LMS.Lesson.Resources.via.REST.API MEDIUM" "tutor 2.2.1 Student+.SQL.Injection HIGH" "tutor 2.2.0 Instructor+.SQL.Injection MEDIUM" "tutor 2.2.0 Unauthenticate.SQL.Injection HIGH" "tutor 2.0.10 Reflected.Cross-Site.Scripting HIGH" "tutor 2.0.10 Admin+.Stored.Cross-Site.Scripting LOW" "tutor 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.12 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.12 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 1.9.11 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.9 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "tutor 1.9.6 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tutor 1.8.8 Authenticated.Local.File.Inclusion MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_answers_by_question MEDIUM" "tutor 1.7.7 Unprotected.AJAX.including.Privilege.Escalation HIGH" "tutor 1.8.3 SQL.Injection.via.tutor_answering_quiz_question/get_answer_by_id MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_mark_answer_as_correct MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_question_form MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_place_rating MEDIUM" "tutor 1.5.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "tx-onepager No.known.fix Admin+.SQLi MEDIUM" "telugu-bible-verse-daily No.known.fix CSRF.to.Stored.XSS HIGH" "ti-woocommerce-wishlist-premium 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist-premium 1.21.5 Authenticated.WP.Options.Change HIGH" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "total-team-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "thrive-ovation 2.4.5 Unauthenticated.Option.Update MEDIUM" "trustmate-io-integration-for-woocommerce 1.8.12 Subscriber+.Arbitrary.Plugin's.Settings.Update HIGH" "trustmate-io-integration-for-woocommerce 1.7.1 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "tm-islamic-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tracking-code-manager 2.4.0 Contributor+.Stored.XSS MEDIUM" "tracking-code-manager 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tracking-code-manager 2.3.0 Admin+.Stored.Cross-Site.Scripting LOW" "tracking-code-manager 2.1.0 Tracking.Code.Manager.<.2,1,0.-Admin+.Stored.Cross-Site.Scripting MEDIUM" "throws-spam-away 3.3.1 Comment.Deletion.via.CSRF MEDIUM" "the-holiday-calendar 1.11.3 Cross-Site.Scripting.(XSS) MEDIUM" "track-the-click 0.3.12 Author+.Time-Based.Blind.SQL.Injection HIGH" "team 1.22.26 Reflected.Cross-Site.Scripting HIGH" "team 1.22.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team 1.22.16 PHP.Object.Injection HIGH" "team 1.22.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tripplan No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-friends-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ticketsource-events 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "template-events-calendar 2.3.2 Authenticated.(Contributor+).SQL.Injection.via.shortcode HIGH" "template-events-calendar 2.0 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "template-events-calendar 1.7.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "theme-tweaker-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "trust-form 2.0.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tec-subscriber-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tec-subscriber-addons 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "testimonial-slider-and-showcase 2.3.8 Admin+.Stored.XSS LOW" "testimonial-slider-and-showcase 2.3.7 Author+.Settings.Update LOW" "tidio-form No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "textboxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tabulate No.known.fix Reflected.XSS HIGH" "thinktwit 1.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "tajer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "thim-elementor-kit 1.2.9 Missing.Authorization MEDIUM" "thim-elementor-kit 1.2.9.1 Contributor+.Stored.XSS MEDIUM" "thim-elementor-kit 1.1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "thim-elementor-kit 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themereps-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ts-webfonts-for-conoha 2.0.4 Admin+.Stored.XSS LOW" "theperfectweddingnl-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "tune-library 1.5.5 SQL.Injection HIGH" "testimonial-builder 1.6.2 Editor+.Stored.Cross-Site.Scripting LOW" "testimonial-builder 1.6.0 Admin+.Stored.Cross-Site.Scripting LOW" "ts-webfonts-for-sakura 3.1.3 Font.Settings.Change.via.CSRF MEDIUM" "ts-webfonts-for-sakura 3.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "ts-webfonts-for-sakura 3.1.3 Font.Type.Settings.Change.via.CSRF MEDIUM" "twitter-real-time-search-scrolling No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "transcoder 1.3.6 Cross-Site.Request.Forgery MEDIUM" "tooltip-ck No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "toast-stick-anything No.known.fix Missing.Authorization HIGH" "toast-stick-anything No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "todo-custom-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "translatepress-multilingual 2.3.3 Admin+.SQLi MEDIUM" "translatepress-multilingual 2.0.9 Authenticated.Stored.Cross-Site.Scripting LOW" "the-plus-addons-for-block-editor 4.0.8 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 4.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "truenorth-srcset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "th-variation-swatches 1.3.3 1.3.2.-.Cross-Site.Request.Forgery.to.Plugin.Settings.Reset MEDIUM" "taxonomy-filter 2.2.10 Settings.Update.via.CSRF MEDIUM" "two-factor-login-telegram 3.1 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "two-factor-login-telegram 3.1 Two-Factor.Authentication.Bypass MEDIUM" "tidio-gallery No.known.fix .Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "titan-framework No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "titan-framework 1.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "the-events-calendar-pro 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "user-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-management 1.2 Subscriber+.Arbitrary.File.Upload HIGH" "user-activity No.known.fix IP.Spoofing MEDIUM" "ultimate-post-kit 3.11.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Count.(Static).Widget MEDIUM" "ultimate-post-kit 3.6.4 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-post-kit 2.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "utech-spinning-earth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-weather-plugin No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "ultimate-post 4.1.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.17 Missing.Authorization.to.Arbitrary.Plugin.Installation/Activation HIGH" "ultimate-post 4.1.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "ultimate-post 4.1.0 Authenticated.(Contributor+).Stored.Cross=Site.Scripting MEDIUM" "ultimate-post 4.1.0 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 3.2.4 Incorrect.Authorization MEDIUM" "ultimate-post 3.0.6 Gutenberg.Post.Grid.Blocks.<.3.0.6.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.9.10 Gutenberg.Blocks.for.Post.Grid.<.2.9.10.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Private.Content.Disclosure MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Missing.Access.Controls MEDIUM" "unite-gallery-lite No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "unite-gallery-lite 1.7.62 Admin+.Stored.XSS LOW" "unite-gallery-lite 1.7.60 Admin+.Local.File.Inclusion MEDIUM" "unite-gallery-lite 1.5 CSRF.&.Authenticated.SQL.Injection HIGH" "uber-grid No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "uber-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.4.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "ultimate-product-catalogue 5.2.16 Cross-Site.Request.Forgery.via.reset_settings() MEDIUM" "ultimate-product-catalogue 5.2.6 Admin+.Stored.XSS LOW" "ultimate-product-catalogue 5.0.26 Subscriber+.Arbitrary.Product.Creation.&.Settings.Update MEDIUM" "userback 1.0.14 Arbitrary.Settings.Update.via.CSRF MEDIUM" "updraft No.known.fix Reflected.XSS HIGH" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "ungallery No.known.fix Stored.XSS.via.CSRF HIGH" "upload-file-type-settings-plugin No.known.fix Admin+.Stored.XSS LOW" "user-messages No.known.fix Reflected.XSS HIGH" "urvanov-syntax-highlighter 2.8.34 Highlighting.Blocks.Mgt.via.CSRF MEDIUM" "unlimited-elements-for-elementor 1.5.136 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "unlimited-elements-for-elementor 1.5.127 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.122 Authenticated.(Editor+).Remote.Code.Execution HIGH" "unlimited-elements-for-elementor 1.5.122 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'username' MEDIUM" "unlimited-elements-for-elementor 1.5.113 IP.Address.Spoofing.to.Antispam.Bypass MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'email' MEDIUM" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Blind.SQL.Injection.via.data[addonID].Parameter HIGH" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Information.Exposure MEDIUM" "unlimited-elements-for-elementor 1.5.108 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Field MEDIUM" "unlimited-elements-for-elementor 1.5.91 Contributor+.Remote.Code.Execution.via.template.import HIGH" "unlimited-elements-for-elementor 1.5.108 Contributor+.SQLi MEDIUM" "unlimited-elements-for-elementor 1.5.105 Contributor+.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.103 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.103 Admin+.Command.Injection MEDIUM" "unlimited-elements-for-elementor 1.5.97 Contributor+.Stored.XSS MEDIUM" "unlimited-elements-for-elementor 1.5.94 Reflected.Cross-Site.Scripting HIGH" "unlimited-elements-for-elementor 1.5.75 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.67 Contributor+.Arbitrary.File.Upload HIGH" "unlimited-elements-for-elementor 1.5.49 Admin+.Stored.XSS LOW" "unlimited-elements-for-elementor 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-facebook-comments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "userlike 2.3 Admin+.Stored.Cross-Site.Scripting LOW" "uncode-core 2.8.7 Reflected.Cross-Site.Scripting MEDIUM" "uncode-core 2.8.9 Privilege.Escalation HIGH" "uncode-core 2.8.9 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "updownupdown-postcomment-voting No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "universal-analytics 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-instagram-feed No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-auction 4.2.8 Missing.Authorization.to.Unauthenticated.Email.Creation MEDIUM" "ultimate-auction 4.2.6 Cross-Site.Request.Forgery MEDIUM" "ultimeter 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "ultimeter 2.7.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimeter 1.9.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "uipress-lite 3.4.07 Authenticated.(Administrator+).SQL.Injection CRITICAL" "ultimate-classified-listings No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-classified-listings No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-classified-listings 1.4 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Unauthenticated.LFI HIGH" "ulisting 2.1.6 Unauthenticated.Information.Exposure MEDIUM" "ulisting 2.0.9 Arbitrary.Blog.Option.Update.via.CSRF HIGH" "ulisting 2.0.6 Unauthenticated.Privilege.Escalation MEDIUM" "ulisting 2.0.6 Authenticated.IDOR MEDIUM" "ulisting 2.0.6 Multiple.CSRF MEDIUM" "ulisting 2.0.6 Settings.Update.via.CSRF MEDIUM" "ulisting 2.0.6 Reflected.Cross-Site.Scripting MEDIUM" "ulisting 2.0.6 Modify.User.Roles.via.CSRF MEDIUM" "ulisting 2.0.4 Unauthenticated.SQL.Injection HIGH" "ulisting 1.7 Unauthenticated.Arbitrary.Roles.and.Capabilities.Creation/Deletion MEDIUM" "ulisting 1.7 Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "ulisting 1.7 Missing.Access.Controls CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Change HIGH" "ulisting 1.7 Unauthenticated.Information.Disclosure HIGH" "ulisting 1.7 Unauthenticated.SQL.Injections CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Creation CRITICAL" "ulisting 1.7 Unauthenticated.WordPress.Options.Change CRITICAL" "use-any-font 6.3.09 Cross-Site.Request.Forgery MEDIUM" "use-any-font 6.2.1 API.Key.Deactivation.via.CSRF MEDIUM" "use-any-font 6.2.1 Unauthenticated.Arbitrary.CSS.Appending HIGH" "user-activity-log 2.0 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.6.7 IP.Spoofing MEDIUM" "user-activity-log 1.6.6 Subscriber+.Log.Export MEDIUM" "user-activity-log 1.6.5 Unauthenticated.SQLi HIGH" "user-activity-log 1.6.3 Admin+.SQLi MEDIUM" "user-activity-log 1.6.3 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.4.7 Reflected.Cross.Site.Scripting.via.Query.String MEDIUM" "user-activity-log 1.4.7 Reflected.Cross-Site.Scripting HIGH" "ultimate-tinymce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ucontext-for-amazon No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "uix-slideshow 1.6.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "unilevel-mlm-plan No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "use-your-drive 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "utech-world-time-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-meta-manager No.known.fix Reflected.XSS HIGH" "user-meta-manager No.known.fix CSRF MEDIUM" "user-rights-access-manager No.known.fix Missing.Authorization MEDIUM" "user-rights-access-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-rights-access-manager 1.0.8 Access.Restriction.Bypass MEDIUM" "user-rights-access-manager 1.0.4 Improper.Access.Controls MEDIUM" "users-control No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "uncanny-toolkit-pro 4.1.4.1 Missing.Authorization.to.Arbitrary.Page/Post.Duplication MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Cross-Site.Request.Forgery MEDIUM" "uni-woo-custom-product-options 4.9.27 Reflected.Cross-Site.Scripting MEDIUM" "uni-woo-custom-product-options 4.9.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uncanny-automator 5.1.0.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "ultimate-widgets-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-widgets-light No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-widgets-light No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ultimate-flipbox-addon-for-elementor 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-blocks 3.2.4 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.2 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Blocks MEDIUM" "ultimate-blocks 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.tag.attribute MEDIUM" "ultimate-blocks 3.1.9 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.1.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.metabox MEDIUM" "ultimate-blocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-blocks 2.4.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-login-history 1.6 Cross-Site.Scripting.(XSS) MEDIUM" "uploadcare 3.1.0 Cross-Site.Request.Forgery MEDIUM" "uncanny-learndash-groups 6.1.1 Missing.Authorization.to.Authenticated.(Group.Leader+).User.Group.Add LOW" "uncanny-learndash-groups 6.1.1 Authenticated.(Group.Leader+).Privilege.Escalation HIGH" "ultimate-gutenberg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-gutenberg No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-menus 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "user-menus 1.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-activation-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Setting.Exposure MEDIUM" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Playlist/Video.Deletion MEDIUM" "userpro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "userpro No.known.fix Missing.Authorization MEDIUM" "userpro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "userpro No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "userpro 5.1.9 Unauthenticated.Account.Takeover.to.Privilege.Escalation CRITICAL" "userpro 5.1.7 Disabled.Membership.Registration.Bypass MEDIUM" "userpro 5.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "userpro 5.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.userpro_save_userdata MEDIUM" "userpro 5.1.2 Insecure.Password.Reset.Mechanism CRITICAL" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Sensitive.Information.Exposure MEDIUM" "userpro 5.1.2 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "userpro 5.1.2 Missing.Authorization.via.multiple.functions HIGH" "userpro 5.1.5 Missing.Authorization.to.Arbitrary.Shortcode.Execution.via.userpro_shortcode_template MEDIUM" "userpro 5.1.2 Authentication.Bypass.to.Administrator CRITICAL" "userpro 5.1.5 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "userpro 5.1.2 Sensitive.Information.Disclosure.via.Shortcode MEDIUM" "userpro 5.1.1 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "userpro 4.9.35.1 Unauthenticated.Reflected.XSS MEDIUM" "userpro 4.9.28 User.Registration.With.Administrator.Role MEDIUM" "userpro 4.9.24 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "unlimited-addons-for-wpbakery-page-builder No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "ultimate-responsive-image-slider 3.5.12 Ultimate.Responsive.Image.Slider.<.3.5.12.-.Subscriber+.Arbitrary.Post.Access MEDIUM" "upload-media-by-url 1.0.8 Stored.XSS.via.CSRF MEDIUM" "uptime-robot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "user-export-with-their-meta-data No.known.fix Subscriber+.CSV.Injection LOW" "user-export-with-their-meta-data 0.6.5 Admin+.SQLi MEDIUM" "user-meta-shortcodes No.known.fix Contributor+.Unauthorized.Arbitrary.User.Metadata.Access HIGH" "ubermenu 3.8.4 Cross-Site.Request.Forgery.to.Settings.Reset HIGH" "ubermenu 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "ux-flat 4.5 Contributor+.Stored.XSS MEDIUM" "ultimate-noindex-nofollow-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "userswp 1.2.16 Missing.Authorization MEDIUM" "userswp 1.2.12 Users.Information.Disclosure MEDIUM" "userswp 1.2.11 Unauthenticated.SQL.Injection.via.'uwp_sort_by' CRITICAL" "userswp 1.2.6 Cross-Site.Request.Forgery MEDIUM" "userswp 1.2.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userswp 1.2.3.23 Profile.Picture.Deletion.via.CSRF MEDIUM" "userswp 1.2.3.1 Subscriber+.User.Avatar.Override MEDIUM" "userswp 1.2.2.29 Reflected.Cross-Site.Scripting MEDIUM" "urdu-formatter-shamil No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-author-box-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "unique-ux No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-divi 4.5.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-divi 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uji-countdown 2.3.1 Admin+.Stored.XSS LOW" "uji-countdown 2.0.7 Cross-Site.Scripting.(XSS) MEDIUM" "uniconsent-cmp 1.4.4 Admin+.Stored.XSS LOW" "ultimate-image-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-blocks No.known.fix Contributor+.Stored.XSS MEDIUM" "universal-star-rating No.known.fix CSRF MEDIUM" "user-activity-tracking-and-log 4.1.4 IP.Spoofing MEDIUM" "user-activity-tracking-and-log 4.0.9 License.Update/Deactivation.via.CSRF MEDIUM" "ultimate-dashboard 3.7.12 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.7.11 Login.Page.Disclosure.on.Multi-site MEDIUM" "ultimate-dashboard 3.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "ultimate-dashboard 3.7.6 Admin+.Stored.XSS LOW" "usersnap 4.17 Admin+.Stored.XSS LOW" "ultimate-addons-for-gutenberg 2.16.3 Contributor+.Stored.XSS.via.Team.Widget MEDIUM" "ultimate-addons-for-gutenberg 2.15.1 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "ultimate-addons-for-gutenberg 2.13.8 Missing.Authorization.via.generate_ai_content MEDIUM" "ultimate-addons-for-gutenberg 2.13.1 Author+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Image.Gallery.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Testimonial.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.7 Contributor+.Path.Traversal MEDIUM" "ultimate-addons-for-gutenberg 2.10.4 Authenticated(Contributor+).Cross-Site.Scripting.via.Custom.CSS MEDIUM" "ultimate-addons-for-gutenberg 2.7.10 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 1.15.0 Contributor+.Stored.Cross-Side.Scripting MEDIUM" "ultimate-addons-for-gutenberg 1.25.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-accordion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ut-shortcodes 5.0.5 Reflected.Cross-Site.Scripting MEDIUM" "update-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ukuupeople-the-simple-crm No.known.fix Unauthorised.Favourite.Addition/Deletion MEDIUM" "ultimate-elementor 1.36.32 Authenticated.(Contributor+).Privilege.Escalation HIGH" "ultimate-elementor 1.30.0 Contributor+.Stored.XSS MEDIUM" "ultimate-elementor 1.24.2 Registration.Bypass HIGH" "ultimate-elementor 1.20.1 Authentication.Bypass CRITICAL" "ultimate-noindex-nofollow-tool-ii 1.3.6 Admin+.Stored.XSS LOW" "ultimate-noindex-nofollow-tool-ii 1.3.4 Settings.Update.via.CSRF MEDIUM" "user-spam-remover 1.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ultimate-maps-by-supsystic 1.2.17 Cross-Site.Request.Forgery MEDIUM" "ultimate-maps-by-supsystic 1.2.16 .Admin+.Stored.XSS LOW" "ultimate-maps-by-supsystic 1.2.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "ultimate-maps-by-supsystic 1.1.17 Authenticated.SQL.Injections CRITICAL" "ultimate-social-media-icons 2.9.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-social-media-icons 2.9.1 Admin+.Stored.XSS LOW" "ultimate-social-media-icons 2.8.9 Admin+.Stored.XSS.via.settings LOW" "ultimate-social-media-icons 2.8.6 Subscriber+.Sensitive.Information.Exposure MEDIUM" "ultimate-social-media-icons 2.8.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.4 Reflected.XSS HIGH" "ultimate-social-media-icons 2.8.2 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-icons 2.8.2 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.2 Admin+.Stored.XSS LOW" "user-avatar-reloaded 1.2.2 Reloaded.<.1.2.2.-.Contributor+.Stored.XSS MEDIUM" "ultra-companion 1.2.0 Contributor+.Stored.XSS MEDIUM" "up-down-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "url-shortify 1.7.9.1 Admin+.Stored.XSS LOW" "url-shortify 1.7.6 Unauthenticated.Stored.XSS.via.referer.header CRITICAL" "url-shortify 1.7.3 Reflected.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.0 Admin+.Cross.Site.Scripting LOW" "url-shortify 1.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "url-shortify 1.5.1 Arbitrary.Link/Group.Deletion.via.CSRF MEDIUM" "update-theme-and-plugins-from-zip-file No.known.fix CSRF MEDIUM" "user-shortcodes-plus No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.user_meta.Shortcode MEDIUM" "update-alt-attribute No.known.fix Reflected.XSS HIGH" "update-alt-attribute No.known.fix Cross-Site.Request.Forgery MEDIUM" "user-password-reset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "useful-banner-manager No.known.fix Modify.banners.via.CSRF MEDIUM" "ua-marketplace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ua-marketplace 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "underconstruction 1.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "underconstruction 1.20 Construction.Mode.Deactivation.via.CSRF MEDIUM" "underconstruction 1.21 Admin+.Stored.Cross-Site.Scripting LOW" "underconstruction 1.19 Reflected.Cross-Site.Scripting HIGH" "user-domain-whitelist 1.5 .user-domain-whitelist.php.Domain.Whitelisting.Manipulation.CSRF HIGH" "ultimate-appointment-scheduling 1.1.10 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "updraftplus 1.25.1 Backup/Restore.<.1.25.1.-.Reflected.XSS HIGH" "updraftplus 1.24.12 Unauthenticated.PHP.Object.Injection HIGH" "updraftplus 1.23.11 Google.Drive.Storage.Update.via.CSRF MEDIUM" "updraftplus 1.23.4 CSRF MEDIUM" "updraftplus 1.22.9 Reflected.Cross-Site.Scripting MEDIUM" "updraftplus 1.22.3 Subscriber+.Backup.Download HIGH" "updraftplus 1.16.69 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.66 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.59 Admin+.Local.File.Inclusion MEDIUM" "updraftplus 1.6.59 Admin+.Stored.Cross-Site.Scripting LOW" "updraftplus 1.13.5 XSS MEDIUM" "updraftplus 1.9.64 XSS MEDIUM" "ultimate-taxonomy-manager No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-taxonomy-manager No.known.fix Reflected.XSS HIGH" "users-ultra No.known.fix Unauthenticated.SQL.Injection HIGH" "users-ultra 1.5.64 Authenticated.Blind.SQL.Injection HIGH" "users-ultra 1.5.63 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "users-ultra 1.5.59 Unrestricted.File.Upload HIGH" "useragent-spy No.known.fix Admin+.Stored.XSS LOW" "ucontext No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "ultimate-infinite-scroll 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.11.2 Authenticated.(Admin+).SQL.Injection MEDIUM" "usc-e-shop 2.10.0 Missing.Authorization MEDIUM" "usc-e-shop 2.9.4 Authenticated(Editor+).SQL.Injection HIGH" "usc-e-shop 2.9.7 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "usc-e-shop 2.9.6 Admin+.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Cross-Site.Request.Forgery HIGH" "usc-e-shop 2.9.5 Reflected.XSS HIGH" "usc-e-shop 2.9.5 Unauthenticated.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Subscriber+.Arbitrary.File.Upload HIGH" "usc-e-shop 2.8.22 Editor+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Multiple.XSS MEDIUM" "usc-e-shop 2.8.22 Editor+.Arbitrary.File.Upload LOW" "usc-e-shop 2.8.22 Author+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Author+.Path.Traversal MEDIUM" "usc-e-shop 2.8.11 Reflected.XSS HIGH" "usc-e-shop 2.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "usc-e-shop 2.8.6 Subscriber+.PHAR.Deserialisation HIGH" "usc-e-shop 2.8.5 Subscriber+.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.5 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.4 Multiple.Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.8.4 Subscriber+.Arbitrary.Shipping.Method.Creation/Update/Deletion MEDIUM" "usc-e-shop 2.7.8 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.2.8 Authenticated.System.Information.Disclosure MEDIUM" "usc-e-shop 2.2.8 Unauthenticated.Information.Disclosure HIGH" "usc-e-shop 2.2.4 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 2.1.1 Authenticated.SQL.Injection MEDIUM" "usc-e-shop 1.9.36 Authenticated.PHP.Object.Injection HIGH" "usc-e-shop 1.8.3 PHP.Object.Injection MEDIUM" "usc-e-shop 1.8.3 Session.Management MEDIUM" "usc-e-shop 1.8.3 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.5.3 SQL.Injection MEDIUM" "usc-e-shop 1.4.18 Multiple.Vulnerabilities LOW" "usc-e-shop 1.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.5 SQL.Injection CRITICAL" "usc-e-shop 1.5 purchase_limit.Parameter.DOM-based.XSS MEDIUM" "unlimited-popups No.known.fix Author+.SQL.Injection HIGH" "ultimate-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-elementor 1.9 Missing.Authorization MEDIUM" "uleak-security-dashboard No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "username-updater 1.0.5 Arbitrary.Username.Update.via.CSRF MEDIUM" "user-profile 2.0.21 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.9.2 Information.Exposure MEDIUM" "ultimate-member 2.9.2 Unauthenticated.SQL.Injection HIGH" "ultimate-member 2.9.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Profile.Picture.Update MEDIUM" "ultimate-member 2.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.8.7 Cross-Site.Request.Forgery.to.Membership.Status.Change MEDIUM" "ultimate-member 2.8.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ultimate-member 2.8.3 2.8.2.-.Unauthenticated.SQL.Injection MEDIUM" "ultimate-member 2.6.7 Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-member 2.6.1 Form.Duplication.via.CSRF MEDIUM" "ultimate-member 2.5.1 Subscriber+.RCE HIGH" "ultimate-member 2.5.1 Contributor+.LFI.via.Traversal MEDIUM" "ultimate-member 2.5.1 Admin+.RCE MEDIUM" "ultimate-member 2.5.1 Admin+.LFI.via.Traversal LOW" "ultimate-member 2.4.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.3.2 Open.Redirect MEDIUM" "ultimate-member 2.1.20 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.1.12 Authenticated.Privilege.Escalation.via.Profile.Update CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Roles CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "ultimate-member 2.1.7 Unauthenticated.Open.Redirect MEDIUM" "ultimate-member 2.1.3 Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "ultimate-member 2.0.54 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.0.52 CSRF.and.Stored.XSS.issues MEDIUM" "ultimate-member 2.0.46 Multiple.Vulnerabilities HIGH" "ultimate-member 2.0.40 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.33 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.28 Multiple.XSS MEDIUM" "ultimate-member 2.0.22 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.22 Unauthenticated.Arbitrary.File.Upload HIGH" "ultimate-member 2.0.18 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.4 Multiple.Issues HIGH" "ultimate-member 2.0.7 Multiple.Cross-Site.Request.Forgery.Issues HIGH" "ultimate-member 2.0.4 Multiple.XSS MEDIUM" "ultimate-member 1.3.76 Unauthenticated.Change.Passwords HIGH" "ultimate-member 1.3.65 Local.File.Inclusion MEDIUM" "ultimate-member 1.3.40 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.29 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.18 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.2.995 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.0.84 Multiple.Vulnerabilities HIGH" "user-meta No.known.fix Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "user-meta 3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "user-meta 2.4.4 Subscriber+.Local.File.Enumeration.via.Path.Traversal LOW" "user-meta 2.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "unyson 2.7.31 Cross-Site.Request.Forgery MEDIUM" "unyson No.known.fix Missing.Authorization MEDIUM" "unyson 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "userpro-messaging No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "upunzipper No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "ucat-next-story No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-coming-soon 1.1.0 Cross-Site.Request.Forgery MEDIUM" "ultimate-coming-soon 1.1.0 Subscriber+.Template.Name.Update MEDIUM" "ultimate-coming-soon 1.1.0 Unauthenticated.Template.Activation MEDIUM" "user-location-and-ip No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimatewoo No.known.fix PHP.Object.Injection MEDIUM" "ukrainian-currency No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "url-params 2.5 Contributor+.Stored.XSS MEDIUM" "ultimate-wp-query-search-filter No.known.fix Contributor+.XSS MEDIUM" "ultimate-downloadable-products-for-woocommerce 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-custom-scrollbar 1.2 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-under-construction 1.9.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "user-verification 1.0.94 Authentication.Bypass CRITICAL" "uw-freelancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "universam-demo 8.59 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.2.11 Missing.Authorization MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Admin+.Stored.XSS LOW" "ultimate-addons-for-contact-form-7 3.1.29 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQL.Injection HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQLi HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Unauthenticated.SQLi HIGH" "unusedcss 2.4.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Setting.Reset MEDIUM" "unusedcss 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification.and.SQL.Injection HIGH" "unusedcss 2.2.12 Unauthenticated.Server-Side.Request.Forgery HIGH" "unusedcss 1.7.2 Multiple.Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.7.2 Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.6.36 Subscriber+.SQLi HIGH" "user-ip-and-location 2.2.1 Contributor+.Stored.XSS MEDIUM" "upload-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Icons.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Separator.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Info.Table.Widget MEDIUM" "user-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "user-role 1.6.7 Privilege.Escalation.via.CSRF HIGH" "user-role 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "utubevideo-gallery 2.0.8 Contributor+.Stored.XSS MEDIUM" "upload-fields-for-wpforms No.known.fix Missing.Authorization MEDIUM" "users-customers-import-export-for-wp-woocommerce 2.5.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "users-customers-import-export-for-wp-woocommerce 2.5.3 Authenticated.(Shop.Manager+).Path.Traversal LOW" "users-customers-import-export-for-wp-woocommerce 2.4.9 Shop.Manager+.Arbitrary.File.Upload HIGH" "users-customers-import-export-for-wp-woocommerce 2.4.2 Shop.Manager+.Privilege.Escalation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.9 Authenticated.Arbitrary.User.Creation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.2 CSV.Injection HIGH" "user-magic No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-store-kit 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection MEDIUM" "ultimate-store-kit 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uk-cookie-consent 3.2.1 Missing.Authorization.via.handle_consent_toggle() MEDIUM" "uk-cookie-consent 2.3.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "use-memcached No.known.fix Settings.Update.via.CSRF MEDIUM" "uji-popup No.known.fix Contributor+.Stored.XSS MEDIUM" "upcasted-s3-offload 3.0.3 Reflected.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "under-construction-maintenance-mode 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "under-construction-maintenance-mode 1.1.2 Server.Side.Request.Forgery.(SSRF) MEDIUM" "user-submitted-posts 20240516 Admin+.Stored.XSS LOW" "user-submitted-posts 20230914 Unauthenticated.Arbitrary.File.Upload CRITICAL" "user-submitted-posts 20230902 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "user-submitted-posts 20230901 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "user-submitted-posts 20230811 Unauthenticated.Stored.XSS HIGH" "user-submitted-posts 20190501 Arbitrary.File.Upload MEDIUM" "user-toolkit 1.2.4 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "udraw 3.3.3 Unauthenticated.Arbitrary.File.Access HIGH" "ultimate-faqs 2.1.2 Subscriber+.Arbitrary.FAQ.Creation MEDIUM" "ultimate-faqs 1.8.30 Unauthenticated.Reflected.XSS MEDIUM" "ultimate-faqs 1.8.25 Unauthenticated.Options.Import/Export HIGH" "ultimate-faqs 1.8.22 Cross-Site.Scripting.(XSS) MEDIUM" "updater 1.35 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-form-builder-lite 1.5.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultimate-form-builder-lite 1.3.8 Multiple.Vulnerabilities CRITICAL" "uncanny-learndash-toolkit 3.6.4.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "ultimate-social-media-plus 3.6.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "ultimate-social-media-plus 3.5.8 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-plus 3.5.8 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-plus 3.2.8 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-social-media-plus 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "user-registration 3.2.1 Missing.Authorization.to.Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Unauthenticated.Media.Deletion MEDIUM" "user-registration 3.1.5 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "user-registration 3.0.4.2 Admin+.Stored.XSS LOW" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload.Leading.to.RCE CRITICAL" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 3.0.2 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.3 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.1 Admin+.Stored.XSS LOW" "user-registration 2.2.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 2.0.2 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "user-avatar 1.4.12 Reflected.XSS HIGH" "universal-analytics-injector No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "utm-tracker No.known.fix Admin+.Stored.XSS LOW" "user-drop-down-roles-in-registration No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "user-private-files 2.1.1 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.File.Access MEDIUM" "user-private-files 2.0.5 Subscriber+.Sensitive.Data.and.Files.Exposure.via.IDOR MEDIUM" "user-private-files 2.0.4 Admin+.Stored.XSS MEDIUM" "user-private-files 1.1.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "ui-slider-filter-by-price No.known.fix Cross-Site.Request.Forgery MEDIUM" "uncanny-automator-pro 5.3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-automator-pro 5.3.0.1 Missing.Authorization.to.Unauthenticated.License.Setting.Reset MEDIUM" "uncanny-automator-pro 5.3.0.1 Cross-Site.Request.Forgery.to.License.Setting.Reset MEDIUM" "unlimited-addon-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "universal-email-preference-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-visual-composer No.known.fix Contributor+.Stored.XSS MEDIUM" "utilities-for-mtg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ubigeo-peru 3.6.4 Unauthenticated.SQLi HIGH" "userfeedback-lite 1.0.16 Unauthenticated.Stored.Cross-Site.Scripting.via.Name.Parameter HIGH" "userfeedback-lite 1.0.14 Unauthenticated.Stored.XSS MEDIUM" "userfeedback-lite 1.0.10 Unauthenticated.Stored.XSS HIGH" "userfeedback-lite 1.0.8 Unauthenticated.Stored.XSS HIGH" "utilitify 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "utilitify 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uptodown-apk-download-widget 0.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "update-urls 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-posts-widget 2.3.1 Admin+.Stored.XSS LOW" "ultimate-posts-widget 2.2.5 Plugin.Installation.via.CSRF MEDIUM" "ultimate-posts-widget 2.2.5 Subscriber+.Plugin.Installation MEDIUM" "user-referral-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "userplus No.known.fix Privilege.Escalation CRITICAL" "userplus No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "userplus No.known.fix Editor+.Registration.Form.Update.to.Privilege.Escalation HIGH" "userplus No.known.fix Missing.Authorization.via.Multiple.Functions MEDIUM" "userplus No.known.fix Stored.XSS.via.CSRF HIGH" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via._wpnonce MEDIUM" "ultimate-shortcodes-creator 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ultimate-sms-notifications 1.9.9.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-sms-notifications 1.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-sms-notifications 1.4.2 CSV.Injection MEDIUM" "ultra-elementor-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-popup-creator No.known.fix Unauthenticated.SQL.Injection HIGH" "ultimate-popup-creator No.known.fix Missing.Authorization.to.Unauthenticated.DB.Table.Truncation MEDIUM" "ultimate-410 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-activity-log-pro No.known.fix Missing.Authorization MEDIUM" "user-activity-log-pro No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "user-activity-log-pro 2.3.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent HIGH" "user-activity-log-pro 2.3.4 IP.Spoofing MEDIUM" "ultimate-bulk-seo-noindex-nofollow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uninstall No.known.fix WordPress.Deletion.via.CSRF HIGH" "user-access-manager 2.2.18 IP.Spoofing LOW" "user-access-manager 2.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "uix-shortcodes 2.0.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "unlock-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "upqode-google-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "unlimited-theme-addons 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "unlimited-theme-addons 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ultraaddons-elementor-lite 1.1.9 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.UA_Template.Shortcode MEDIUM" "ultraaddons-elementor-lite No.known.fix Author+.Stored.XSS MEDIUM" "ultraaddons-elementor-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultraaddons-elementor-lite 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "user-role-editor 4.64.4 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "under-construction-page 3.97 Multiple.CSRF MEDIUM" "under-construction-page 3.86 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-category-excluder 1.2 Cross-Site.Request.Forgery MEDIUM" "userheat 1.1.11 Settings.Update.via.CSRF MEDIUM" "ultimate-reviews 3.2.9 Unauthenticated.stored.Cross-Site.Scripting.via.reviews MEDIUM" "ultimate-reviews 3.0.16 Admin+.Stored.Cross-Site.Scripting LOW" "ultimate-reviews 2.1.33 Unauthenticated.PHP.Object.Injection MEDIUM" "venture-event-manager 3.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "vimeography 2.4.5 Sensitive.Information.Exposure MEDIUM" "vimeography 2.4.2 Cross-Site.Request.Forgery MEDIUM" "vimeography 2.3.3 Contributor+.PHP.Object.Injection HIGH" "video-central No.known.fix Contributor+.Stored.XSS MEDIUM" "virtual-hdm-for-taxservice-am No.known.fix Unauthenticated.SQL.Injection HIGH" "vk-filter-search 2.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "vayu-blocks 1.2.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "video-playlist-and-gallery-plugin 1.160 Settings.Update.via.CSRF MEDIUM" "virim No.known.fix Unauthenticated.Object.Injection CRITICAL" "video-reviews 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "video-reviews 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "visual-footer-credit-remover 1.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "variation-swatches-and-gallery 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.11.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "visualizer 3.11.0 Missing.Authorization.to.Arbitrary.SQL.Execution HIGH" "visualizer 3.10.6 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.9.5 Contributor+.Stored.XSS MEDIUM" "visualizer 3.9.2 Contributor+.Stored.XSS MEDIUM" "visualizer 3.7.10 Contributor+.PHAR.Deserialization HIGH" "visualizer 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.3.1 Blind.Server-Side.Request.Forgery.(SSRF) CRITICAL" "visualizer 3.3.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vrm360 No.known.fix Contributor+.Arbitrary.File.Upload.Leading.to.RCE HIGH" "vrm360 No.known.fix Full.Path.Disclosure MEDIUM" "vanguard No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "vrpconnector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "visit-site-link-enhanced No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vk-all-in-one-expansion-unit 9.99.2.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.96.0.0 Unauthenticated.Password.Protected.Content.Access MEDIUM" "vk-all-in-one-expansion-unit 9.97.0.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.88.2 Multiple.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.87.1.0 Reflected.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.86.0.0 Contributor+.Stored.XSS MEDIUM" "visual-form-builder 3.0.8 Entries.Deletion/Restoration.via.CSRF MEDIUM" "visual-form-builder 3.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "visual-form-builder 3.0.6 Unauthenticated.Information.Disclosure MEDIUM" "visual-form-builder 3.0.6 CSV.Injection LOW" "visual-form-builder 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "visitor-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visitor-info No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vibebp 1.9.9.7.7 Unauthenticated.SQL.Injection HIGH" "vibebp 1.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "vibebp 1.9.9.5 Unauthenticated.Privilege.Escalation CRITICAL" "vertical-scroll-recent-post No.known.fix Cross-Site.Request.Forgery.via.vsrp_admin_options MEDIUM" "vertical-scroll-recent-post No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "vertical-scroll-recent-post 14.0 Reflected.Cross-Site.Scripting MEDIUM" "visualcomposer 45.9.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Title MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Text.Block MEDIUM" "visualcomposer 27.0 Multiple.Authenticated.Cross-Site.Scripting.Issues HIGH" "vikrentcar 1.4.1 Unauthenticated.SQL.Injection CRITICAL" "vikrentcar 1.3.2 Cross.Site.Request.Forgery MEDIUM" "vikrentcar 1.3.3 Information.Exposure MEDIUM" "vikrentcar 1.3.1 Admin+.Stored.XSS MEDIUM" "vikrentcar 1.1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vikrentcar 1.1.7 CSRF.to.Stored.XSS HIGH" "vision-pro 1.5.2 Reflected.Cross-Site.Scripting HIGH" "visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams No.known.fix Settings.Update.via.CSRF MEDIUM" "video-embed-box No.known.fix Authenticated.(subscriber+).SQL.Injection CRITICAL" "very-simple-breadcrumb No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "v-form 3.0.7 Missing.Authorization MEDIUM" "v-form 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "v-form 2.1.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "vertical-news-scroller 1.17 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "video-synchro-pdf No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "video-synchro-pdf No.known.fix Unauthenticated.LFI MEDIUM" "vr-views No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vimeo-video-autoplay-automute No.known.fix Contributor+.Stored.XSS MEDIUM" "video-embed-optimizer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vod-infomaniak 1.5.10 Missing.Authorization MEDIUM" "vod-infomaniak 1.5.8 Cross-Site.Request.Forgery MEDIUM" "vod-infomaniak 1.5.7 Reflected.Cross-Site.Scripting HIGH" "video-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "video-contest No.known.fix Admin+.Stored.XSS LOW" "visibility-logic-elementor 2.3.5 Cross-Site.Request.Forgery MEDIUM" "videojs-html5-player 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videojs_video.Shortcode MEDIUM" "videojs-html5-player 1.1.9 Contributor+.Stored.XSS MEDIUM" "video-sidebar-widgets No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "vospari-forms 1.4 Cross-Site.Scripting.(XSS) MEDIUM" "very-simple-contact-form 14.8 CAPTCHA.Bypass MEDIUM" "very-simple-contact-form 14.0 Missing.Authorization MEDIUM" "very-simple-contact-form 11.6 Captcha.bypass MEDIUM" "viet-nam-affiliate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vdocipher 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-posts-webcam-recorder 3.2.4 Authenticated.Reflected.XSS MEDIUM" "video-posts-webcam-recorder 1.55.5 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "video-thumbnails No.known.fix Admin+.Stored.XSS LOW" "vo-locator-the-wp-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vk-blocks-pro 1.54.0 Multiple.Stored.XSS MEDIUM" "vitepos-lite 3.0.2 Missing.Authorization MEDIUM" "vision 1.7.2 Missing.Authorization MEDIUM" "vision 1.5.4 Contributor+.Stored.XSS MEDIUM" "vision 1.5.2 Reflected.Cross-Site.Scripting HIGH" "video-grid 1.22 Reflected.XSS HIGH" "video-popup 1.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "voting-record No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "voting-record No.known.fix Subscriber+.Stored.XSS HIGH" "video-embed-thumbnail-generator 4.8.11 Reflected.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vertical-marquee-plugin 7.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "vertical-marquee-plugin No.known.fix Admin+.Stored.XSS LOW" "vc-tabs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vc-tabs 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "vc-tabs 3.7.0 Authenticated.Arbitrary.Options.Update MEDIUM" "vc-tabs 3.6.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "vr-frases No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vr-frases No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "vr-frases No.known.fix Reflected.XSS HIGH" "variable-product-swatches No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "variable-product-swatches 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vigilantor 1.3.11 Admin+.Stored.XSS LOW" "videojs-html5-video-player-for-wordpress No.known.fix HTML5.Video.Player.for.WordPress.<=.4.5.0.-.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "very-simple-quiz No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "very-simple-google-maps 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "very-simple-google-maps 2.9 Contributor+.Stored.XSS MEDIUM" "visitor-analytics-io 1.3.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "verge3d 4.8.1 Reflected.Cross-Site.Scripting MEDIUM" "verge3d 4.5.3 Subscriber+.Arbitrary.File.Upload HIGH" "vc-addons-by-bit14 No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "vc-addons-by-bit14 1.4.6 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification MEDIUM" "visitors-app No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "visual-sound No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "visual-sound No.known.fix Settings.Update.via.CSRF MEDIUM" "vikinghammer-tweet No.known.fix Stored.XSS.via.CSRF HIGH" "vmax-project-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "video-embed-privacy 1.3 Reflected.Cross-Site.Scripting MEDIUM" "viral-signup No.known.fix Unauthenticated.SQLi HIGH" "viral-signup No.known.fix Admin+.Stored.XSS LOW" "video-widget No.known.fix Admin+.Stored.XSS.via.Widget LOW" "vbsso-lite No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "vm-backups No.known.fix CSRF.to.Database.Backup.Download MEDIUM" "vm-backups No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "video-list-manager No.known.fix Admin+.SQL.Injection MEDIUM" "vikbooking 1.7.3 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "vikbooking 1.6.8 Insecure.Direct.Object.References LOW" "vikbooking 1.6.8 Broken.Access.Control MEDIUM" "vikbooking 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.6.0 Multiple.CSRF MEDIUM" "vikbooking 1.5.12 Admin+.Stored.XSS LOW" "vikbooking 1.5.9 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.5.8 Admin+.Stored.Cross-Site.Scripting LOW" "vikbooking 1.5.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "vikbooking 1.5.8 Admin+.PHP.File.Upload MEDIUM" "vikbooking 1.5.4 Booking.Data.Disclosure MEDIUM" "vikbooking 1.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "visual-recent-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-analytics-for-cloudflare-stream 1.2 Reflected.Cross-Site.Scripting MEDIUM" "visitors-traffic-real-time-statistics 7.3 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "visitors-traffic-real-time-statistics 3.9 Subscriber+.SQL.Injection HIGH" "visitors-traffic-real-time-statistics 2.13 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "visitors-traffic-real-time-statistics 2.12 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "visitors-traffic-real-time-statistics 1.13 CSRF.to.Stored.XSS/SQLi HIGH" "void-elementor-whmcs-elements 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videowhisper-video-conference-integration No.known.fix Remote.File.Upload CRITICAL" "variable-inspector 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "vkontakte-wall-post No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vdz-verification 1.4 Authenticated.Stored.XSS MEDIUM" "verowa-connect 3.0.2 Unauthenticated.SQL.Injection HIGH" "vslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "vslider No.known.fix Contributor+.Stored.XSS MEDIUM" "vit-website-reviews No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vk-block-patterns 1.31.1.1 Missing.Authorization MEDIUM" "vk-block-patterns 1.31.2.0 Cross-Site.Request.Forgery MEDIUM" "video-background 2.7.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "video-playlist-for-youtube 6.2 CSRF MEDIUM" "video-wc-gallery 1.32 Missing.Authorization.to.Unauthenticated.Limited.File.Deletion MEDIUM" "viewmedica No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viewmedica No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "viewmedica No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "verbalize-wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "visual-portfolio 3.3.10 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "visual-portfolio 3.3.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "visual-portfolio 2.18.0 Unauthenticated.CSS.Injection MEDIUM" "visual-portfolio 2.19.0 Contributor+.CSS.Injection MEDIUM" "virtual-bot No.known.fix Unauthenticated.SQL.Injection HIGH" "virtual-bot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vikappointments 1.2.17 Cross-Site.Request.Forgery MEDIUM" "vr-calendar-sync 2.4.5 Unauthenticated.Local.File.Inclusion CRITICAL" "vr-calendar-sync 2.3.4 Calendar.Deletion/Update.&.Settings.Update.via.CSRF MEDIUM" "vr-calendar-sync 2.4.5 LFI.via.CSRF HIGH" "vr-calendar-sync 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "vr-calendar-sync 2.3.2 Unauthenticated.Arbitrary.Function.Call HIGH" "void-elementor-post-grid-addon-for-elementor-page-builder 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "video-slider-with-thumbnails 1.0.11 Reflected.XSS HIGH" "visualmodo-elements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "vk-poster-group No.known.fix Reflected.Cross-Site.Scripting.via.vkp_repost MEDIUM" "vendor 1.1.1 Unauthenticated.Information.Disclosure MEDIUM" "vdz-call-back 1.1.4.6 Authenticated.Stored.XSS MEDIUM" "videowhisper-live-streaming-integration 6.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videowhisper-live-streaming-integration 4.27.4 Cross-Site.Scripting.(XSS) MEDIUM" "videowhisper-live-streaming-integration 4.29.5 Multiple.Vulnerabilities CRITICAL" "videowhisper-live-streaming-integration 4.29.10 videowhisper_streaming.php.Multiple.Parameter.XSS HIGH" "videowhisper-live-streaming-integration 4.67.17 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Open.Redirect MEDIUM" "video-conferencing-with-zoom-api 4.4.6 Sensitive.Information.Exposure MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "video-conferencing-with-zoom-api 4.3.0 Sensitive.Data.Disclosure LOW" "video-conferencing-with-zoom-api 4.0.10 Contributor+.Stored.XSS MEDIUM" "video-conferencing-with-zoom-api 3.9.3 Reflected.Cross-Site.Scripting MEDIUM" "video-conferencing-with-zoom-api 3.8.17 E-mail.Address.Disclosure MEDIUM" "video-conferencing-with-zoom-api 3.8.16 Reflected.Cross-Site.Scripting HIGH" "vp-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "verse-o-matic No.known.fix CSRF.to.Stored.XSS HIGH" "vrview No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "video-player-for-wpbakery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "void-visual-whmcs-element 1.0.4.1 Contributor+.Stored.XSS MEDIUM" "video-share-vod 2.6.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-share-vod 2.6.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "variation-swatches-for-woocommerce 2.1.2 Subscriber+.Stored.Cross-Site.Scripting HIGH" "videowhisper-video-presentation No.known.fix Remote.File.Upload CRITICAL" "viet-affiliate-link No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vk-blocks 1.64.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block MEDIUM" "vk-blocks 1.58.0.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.57.1.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.54.0 Multiple.Stored.XSS MEDIUM" "visual-link-preview 2.2.3 Unauthorised.AJAX.Calls MEDIUM" "vidseo 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vdz-google-analytics 1.4.9 Authenticated.Stored.XSS LOW" "vdz-google-analytics 1.6.0 Authenticated.Stored.XSS LOW" "vertical-carousel-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visitors-online 1.0.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "visitors-online 0.4 SQL.Injection CRITICAL" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.create_view MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.create_view MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.get_form_fields MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.save_view MEDIUM" "video-comments-webcam-recorder 1.92 Unauthenticated.Reflected.XSS MEDIUM" "wp-forecast 9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-forecast 7.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-nssuser-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-copysafe-web 4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.14 Unauthenticated.Reflected.XSS HIGH" "wp-copysafe-web 2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-lightbox-2 3.0.6.7 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "wp-lightbox-2 No.known.fix Admin+.Stored.XSS LOW" "wp-disable 1.5.17 Reflected.Cross-Site.Scripting MEDIUM" "wd-google-analytics No.known.fix Missing.Authorization.via.gawd_wd_bp_install_notice_status MEDIUM" "wd-google-analytics 1.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-from-email No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "whizzy No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "whizzy No.known.fix Missing.Authorization MEDIUM" "wp-popup-builder 1.3.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.wp_ajax_nopriv_shortcode_Api_Add HIGH" "wp-popup-builder 1.3.0 Subscriber+.Arbitrary.Popup.Deletion MEDIUM" "wp-popup-builder 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-smtp 4.1.0 Admin+.SMTP.Password.Exposure LOW" "wp-triggers-lite No.known.fix Reflected.XSS HIGH" "wp-triggers-lite No.known.fix Admin+.SQL.Injection MEDIUM" "woo-swatches-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-product-addon 33.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-product-addon 32.0.21 Unauthenticated.Content.Injection.Vulnerability MEDIUM" "woocommerce-product-addon 32.0.19 Unauthenticated.Arbitrary.File.Upload.via.ppom_upload_file CRITICAL" "woocommerce-product-addon 32.0.7 Reflected.Cross-Site.Scripting HIGH" "woocommerce-product-addon 32.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-product-addon 24.0 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "woocommerce-product-addon 18.4 Authenticated.Stored.XSS MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-taxonomy-meta No.known.fix Cross-Site.Request.Forgery.to.Taxonomy.Meta.Add/Delete MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpexperts-square-for-give No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpmarketplace No.known.fix Arbitrary.File.Upload HIGH" "wp-sendgrid-mailer No.known.fix Missing.Authorization MEDIUM" "wp-sendgrid-mailer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Log.Deletion MEDIUM" "wp-sendgrid-mailer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "weblibrarian No.known.fix Reflected.XSS HIGH" "weblibrarian 3.5.5 SQL.Injection MEDIUM" "weblibrarian 3.4.8.6 XSS MEDIUM" "weblibrarian 3.4.8.7 XSS MEDIUM" "woo-quick-reports No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-reports No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cookie No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-checkout-for-digital-goods 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-for-digital-goods 3.6.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-checkout-for-digital-goods 2.2 CSRF.to.Settings.Change MEDIUM" "we-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-import-export 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-support-plus-responsive-ticket-system 9.1.2 Stored.XSS MEDIUM" "wp-support-plus-responsive-ticket-system 9.0.3 Multiple.Authenticated.SQL.Injection CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution.(RCE) CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 Privilege.Escalation CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 WP.Support.Plus.Responsive.Ticket.System.<.8,0,0.–.Authenticated.SQL.Injection MEDIUM" "winterlock 1.0.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "winterlock 1.0.21 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wp-travel-blocks 3.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-blocks 3.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-bookmark-menu No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-whois-domain No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "woo-extra-cost No.known.fix CSRF.Bypass MEDIUM" "wp-dynamic-keywords-injector 2.3.22 Reflected.Cross-Site.Scripting MEDIUM" "wp-dynamic-keywords-injector 2.3.16 Settings.Update.via.CSRF MEDIUM" "wonderm00ns-simple-facebook-open-graph-tags 2.2.4.2 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-table-manager 3.5.3 Contributor+.Stored.XSS MEDIUM" "w3-total-cache 2.8.2 Subscriber+.Server-Side.Request.Forgery HIGH" "w3-total-cache 2.8.2 Unauthenticated.Plugin.Deactivation.and.Extensions.Activation/Deactivation MEDIUM" "w3-total-cache 2.8.2 Information.Exposure.via.Log.Files LOW" "w3-total-cache 2.7.6 Sensitive.Credentials.Stored.in.Plaintext LOW" "w3-total-cache 2.1.5 Reflected.XSS.in.Extensions.Page.(JS.Context) HIGH" "w3-total-cache 2.1.4 Reflected.XSS.in.Extensions.Page.(Attribute.Context) CRITICAL" "w3-total-cache 2.1.3 Authenticated.Stored.XSS MEDIUM" "w3-total-cache 0.9.7.4 Cryptographic.Signature.Bypass HIGH" "w3-total-cache 0.9.7.4 Blind.SSRF.and.RCE.via.phar HIGH" "w3-total-cache 0.9.7.4 Cross-Site.Scripting.(XSS) HIGH" "w3-total-cache 0.9.5 Information.Disclosure.Race.Condition CRITICAL" "woo-auto-coupons 3.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wpmastertoolkit 1.14.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "wpmastertoolkit 1.14.0 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "webapp-builder No.known.fix Unauthenticated.File.Upload CRITICAL" "wordsurvey No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.sounding_title.Parameter MEDIUM" "wp-htpasswd No.known.fix Admin+.Stored.XSS LOW" "wc-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-ultra-simple-paypal-shopping-cart 4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "woo-recent-purchases No.known.fix Authenticated.(Admin+).Local.File.Inclusion HIGH" "wayne-audio-player No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wordpress-database-reset 3.23 Cross-Site.Request.Forgery.to.WP.Reset.Plugin.Installation MEDIUM" "wordpress-database-reset 3.15 Privilege.Escalation HIGH" "wordpress-database-reset 3.15 Unauthenticated.Database.Reset CRITICAL" "wp-file-get-contents 2.7.1 Contributor+.SSRF MEDIUM" "wp-foft-loader 2.1.29 Reflected.Cross-Site.Scripting MEDIUM" "wp-foft-loader 2.1.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpfilesearch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-refund-and-exchange-lite 4.0.9 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-simple-maintenance-mode 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-donate 1.5 Unauthenticated.SQL.Injection HIGH" "wordpress-simple-paypal-shopping-cart 5.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.7.2 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.4 Unauthenticated.PII.Disclosure MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-share-buttons-analytics-by-getsocial 4.4 Admin+.Stored.XSS LOW" "wp-team-manager 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-team-manager 2.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wats 1.0.64 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wp-content-copy-protector 3.6.1 Cross-Site.Request.Forgery MEDIUM" "wp-content-copy-protector 3.5.6 Admin+.Stored.XSS LOW" "wp-content-copy-protector 3.4.5 Settings.Update.via.CSRF MEDIUM" "wp-content-copy-protector 3.4 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-content-copy-protector 3.1.5 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-to-buffer 3.7.5 Reflected.Cross-Site.Scripting HIGH" "wp-relevant-ads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-relevant-ads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-relevant-ads No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wpgsi-professional 3.6.0 CSRF.Bypass MEDIUM" "wpgsi-professional 3.6.0 Reflected.Cross-Site.Scripting HIGH" "wordpress-seo-premium 11.6 Authenticated.Stored.XSS CRITICAL" "woo-quote-calculator-order No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-quote-calculator-order No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-pro-quiz No.known.fix Arbitrary.Quiz.Deletion.via.CSRF MEDIUM" "wp-hide-backed-notices 1.3.1 Missing.Authorization.to.Authenticated(Contributor+).Plugin.Settings.Modification MEDIUM" "wp-hide-backed-notices 1.3 Cross-Site.Request.Forgery MEDIUM" "wootrello 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wootrello 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woc-order-alert 3.2.2 Unauthenticated.SQLi HIGH" "weaver-themes-shortcode-compatibility No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widget-post-slider 1.3.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wpmailer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-pre-orders 2.0.3 Unauthorised.Actions.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.3 Arbitrary.Pre-Order.Canceling.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.2 Reflected.XSS HIGH" "woocommerce-pre-orders 2.0.1 Contributor+.Stored.XSS MEDIUM" "woocommerce-pre-orders 2.0.0 Reflected.XSS HIGH" "wp-custom-cursors No.known.fix Admin+.Stored.XSS LOW" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-custom-cursors 3.0.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-custom-cursors 3.0.1 Arbitrary.Cursor.Deletion.via.CSRF MEDIUM" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-books-gallery 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-books-gallery 4.4.9 CSRF MEDIUM" "wp-books-gallery 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-user-switch No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-switch 1.0.3 Subscriber+.Authentication.Bypass HIGH" "wp-fb-autoconnect 4.6.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-fb-autoconnect 4.6.2 Cross-Site.Request.Forgery MEDIUM" "wp-basic-elements 5.3.0 Settings.Update.via.CSRF MEDIUM" "wp-conference-schedule 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-armour-extended 1.32 Reflected.Cross-Site.Scripting MEDIUM" "wp-armour-extended 1.32 Cross-Site.Request.Forgery MEDIUM" "wp-statistics 14.5.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 14.0 Authenticated.SQLi HIGH" "wp-statistics 13.2.11 Subscriber+.SQLi HIGH" "wp-statistics 13.2.9 Authenticated.SQLi HIGH" "wp-statistics 13.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-statistics 13.2.2 Reflected.Cross-Site.Scripting LOW" "wp-statistics 13.1.6 Multiple.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.IP CRITICAL" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_type CRITICAL" "wp-statistics 13.1.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_id CRITICAL" "wp-statistics 13.1.5 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-statistics 13.1.2 Arbitrary.Plugin.Activation/Deactivation.via.CSRF MEDIUM" "wp-statistics 13.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-statistics 13.0.8 Unauthenticated.SQL.Injection HIGH" "wp-statistics 12.6.7 Unauthenticated.Stored.XSS.Under.Certain.Configurations CRITICAL" "wp-statistics 12.6.7 Unauthenticated.Blind.SQL.Injection MEDIUM" "wp-statistics 12.6.6.1 Authenticated.Stored.XSS MEDIUM" "wp-statistics 12.6.4 Referer.Cross-Site.Scripting.(XSS) MEDIUM" "wp-statistics 12.0.10 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "wp-statistics 12.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wc-cashapp 6.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wc-cashapp 5.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.6.4 Unauthenticated.Information.Exposure.via.Log.File MEDIUM" "wp-2fa 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.6.0 Subscriber+.Arbitrary.Email.Sending MEDIUM" "wp-2fa 2.6.0 Arbitrary.Email.Sending.via.CSRF MEDIUM" "wp-2fa 2.3.0 Time-Based.Side-Channel.Attack MEDIUM" "wp-2fa 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.2.0 Arbitrary.2FA.Disabling.via.IDOR MEDIUM" "woo-custom-and-sequential-order-number No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-google-map-plugin 4.6.2 Authenticated.(Contributor+).SQL.Injection HIGH" "wp-google-map-plugin 4.4.0 Editor+.Stored.XSS LOW" "wp-google-map-plugin 4.4.3 Category/Location/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.2.4 Marker.Category/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.1.5 Authenticated.SQL.Injection MEDIUM" "wp-google-map-plugin 4.1.0 CSRF.to.Unauthenticated.PHP.Object.Injection HIGH" "wp-google-map-plugin 4.0.4 XSS MEDIUM" "wp-google-map-plugin 3.1.2 XSS MEDIUM" "wp-google-map-plugin 2.3.10 Multiple.CSRF MEDIUM" "wp-google-map-plugin 3.0.0 CSRF.to.Authenticated.Cross-Site.Scripting.(XSS) HIGH" "wp-google-map-plugin 2.3.7 XSS MEDIUM" "wp-site-protector No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-cart-abandonment-recovery 1.2.27 Templates/Abandoned.Orders.Deletion.via.CSRF MEDIUM" "wp-contest No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-slide-categorywise No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcp-contact-form No.known.fix Reflected.XSS HIGH" "wp-codemirror-block 2.0.0 Contributor+.Stored.XSS MEDIUM" "woocommerce-collections 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-collections 1.7.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post/Page.Deletion MEDIUM" "wordpress-country-selector 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-order-address-print No.known.fix Reflected.XSS HIGH" "wp-user-merger 1.5.3 Admin+.SQLi.via.ID MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.user_id MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.wpsu_user_id MEDIUM" "wp-flipkart-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-pagseguro-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mylinks 1.0.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-weixin-robot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-compress-image-optimizer 6.30.04 Reflected.Cross-Site.Scripting.via.custom_server.Parameter MEDIUM" "wp-compress-image-optimizer 6.21.01 Reflected.Cross-Site.Scripting MEDIUM" "wp-compress-image-optimizer 6.20.02 Open.Redirect.via.css MEDIUM" "wp-compress-image-optimizer 6.20.02 Missing.Authorization MEDIUM" "wp-compress-image-optimizer 6.11.01 Cross-Site.Request.Forgery MEDIUM" "wp-compress-image-optimizer 6.11.11 Missing.Authorization.to.Unauthenticated.CDN.Modification HIGH" "wp-compress-image-optimizer 6.10.34 Unauthenticated.Arbitrary.File.Read HIGH" "wordpress-flash-uploader 3.1.3 Arbitrary.Comm&.Execution CRITICAL" "wp-admin-logo-changer No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "woocommerce-pay-per-post 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pay-per-post 3.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-turnstile-cloudflare-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-point-of-sale 6.2.0 Insecure.Direct.Object.Reference.to.Privilege.Escalation.via.Arbitrary.User.Email.Change CRITICAL" "woo-preview-emails 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-preview-emails 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wpdevart-vertical-menu 1.5.9 Theme.Deletion.via.CSRF MEDIUM" "wpdevart-vertical-menu 1.5.9 Admin+.Stored.XSS LOW" "wp-manutencao 1.0.7 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-post-block No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-yelp-review-slider 7.1 Subscriber+.SQLi HIGH" "widget-google-reviews 3.2 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "widget-google-reviews 2.2.4 Subscriber+.SQLi HIGH" "widget-google-reviews 2.2.3 Subscriber+.Widget.Creation MEDIUM" "where-did-they-go-from-here 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-category-selection-widget No.known.fix Reflected.XSS HIGH" "wadi-addons-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-social-bookmarking-light No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-social-bookmarking-light 1.7.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-fundraising-donation 1.7.1 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-fundraising-donation 1.7.0 Missing.Authorization MEDIUM" "wp-fundraising-donation 1.5.0 Unauthenticated.SQLi HIGH" "woozone 14.1.0 Reflected.Cross-Site.Scripting HIGH" "woozone No.known.fix Subscriber+.SQL.Injection HIGH" "woozone 14.1.0 Subscriber+.Privilege.Escalation HIGH" "woozone 14.1.0 Missing.Authorization MEDIUM" "woozone 14.0.31 Unauthenticated.SQL.Injection HIGH" "woozone 14.1.0 Missing.Authorization MEDIUM" "wp-latest-posts 5.0.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "wp-latest-posts 3.7.5 XSS MEDIUM" "woo-product-bundle 7.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-offers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-offers 1.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-user-profile-avatar 1.0.6 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-user-profile-avatar 1.0.2 Contributor+.Stored.XSS MEDIUM" "wp-user-profile-avatar 1.0.1 Author+.Avatar.Deletion/Update.via.IDOR LOW" "wp-user-profile-avatar 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "white-label-cms 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "white-label-cms 2.7.4 Missing.Authorization.to.Plugin.Settings.Reset MEDIUM" "white-label-cms 2.5 Admin+.PHP.Object.Injection LOW" "white-label-cms 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-dpd-baltic 1.2.84 Reflected.Cross-Site.Scripting HIGH" "woo-shipping-dpd-baltic 1.2.57 DPD.baltic.<.1.2.57.-.Subscriber+.Arbitrary.Options.Deletion HIGH" "woo-shipping-dpd-baltic 1.2.11 DPD.baltic.<.1.2.11.-.Admin+.Stored.XSS MEDIUM" "wp-flipclock 1.8 Contributor+.Stored.XSS MEDIUM" "wc-rest-payment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-rest-payment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-shop-original No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-product-feed-manager 2.9.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Feed.Actions MEDIUM" "wp-product-feed-manager 2.6.0 Authenticated.(Admin+).SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-product-feed-manager 2.3.0 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-login-page No.known.fix Admin+.Stored.XSS LOW" "wiseagentleadform 3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-appbox 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-appbox 4.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-appbox 4.3.18 Authenticated.Local.File.Inclusion LOW" "woocommerce-product-recommendations 2.3.0 CSRF MEDIUM" "woo-clover-gateway-by-zaytech 1.3.2 Missing.Authorization.via.callback_handler MEDIUM" "wp-widget-bundle No.known.fix Unauthencated.Reflected.XSS MEDIUM" "wp-widget-bundle No.known.fix Widget.Disable/Enable.via.CSRF MEDIUM" "wp-widget-bundle No.known.fix Admin+.Stored.XSS LOW" "wc-recently-viewed-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpcal 0.9.5.9 Cross-Site.Request.Forgery MEDIUM" "wechat-subscribers-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-gpx-map 1.1.23 Arbitrary.File.Upload CRITICAL" "wp-best-quiz No.known.fix Author+.Stored.XSS MEDIUM" "weblizar-pinterest-feeds 1.1.2 Authenticated.XSS.&.CSRF HIGH" "woocommerce-customers-manager 31.4 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "woocommerce-customers-manager 30.1 Bulk.Action.via.CSRF MEDIUM" "woocommerce-customers-manager 30.1 User.Deletion.via.CSRF LOW" "woocommerce-customers-manager 30.2 Subscriber+.Stored.XSS HIGH" "woocommerce-customers-manager 29.8 Reflected.XSS HIGH" "woocommerce-customers-manager 29.8 Subscriber+.Email.Disclosure MEDIUM" "woocommerce-customers-manager 29.7 Subscriber+.SQL.Injection HIGH" "woocommerce-customers-manager 26.6 Arbitrary.Account.Creation/Update.via.CSRF HIGH" "woocommerce-customers-manager 26.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-customers-manager 26.5 Arbitrary.Account.Creation/Update.by.Low.Privilege.Users HIGH" "wp-facebook-messenger No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-stripe-checkout 1.2.2.42 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-stripe-checkout 1.2.2.38 Sensitive.Information.Exposure.via.Debug.Log HIGH" "wp-stripe-checkout 1.2.2.21 Contributor+.Stored.XSS MEDIUM" "wpsite-follow-us-badges 3.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsite_follow_us_badges.Shortcode MEDIUM" "wp-original-media-path 2.4.1 Admin+.Stored.XSS LOW" "woocommerce-pos 1.4.12 Insufficient.Verification.of.Data.Authenticity.to.Authenticated.(Customer+).Information.Disclosure MEDIUM" "wp-broken-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-advanced-extra-fees-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-font-awesome-share-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wd-google-maps No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "wd-google-maps 1.0.74 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.74 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.73 Unauthenticated.SQLi HIGH" "wd-google-maps 1.0.72 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wd-google-maps 1.0.70 Authenticated.Stored.XSS MEDIUM" "woocommerce-menu-bar-cart 2.12.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 3.3.0 Unauthenticated.SQLi HIGH" "wp-marketing-automations 3.2.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 2.7.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.1.2 Subscriber+.Automation.Creation MEDIUM" "webico-slider-flatsome-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wbc_image.Shortcode MEDIUM" "wp-dev-powers-element-selector-jquery-powers No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-visual-adverts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-download-mirror-counter No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "webcamconsult 1.6.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "white-label-branding-elementor No.known.fix Admin+.Stored.XSS LOW" "wp-academic-people No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Information.Exposure MEDIUM" "wp-video-lightbox 1.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "wp-video-lightbox 1.9.7 Contributor+.Stored.XSS MEDIUM" "wp-video-lightbox 1.9.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-video-lightbox 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-video-lightbox 1.9.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "whats-new-genarator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-last-modified-info 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.lmt-post-modified-info.Shortcode MEDIUM" "wp-amaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-translate No.known.fix Missing.Authorization MEDIUM" "webwinkelkeur 3.25 Cross-Site.Request.Forgery MEDIUM" "wpf-ultimate-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-order-limit-lite 2.0.1 Missing.Authorization MEDIUM" "web-invoice No.known.fix Authenticated.SQLi HIGH" "web-invoice No.known.fix Authenticated.SQLi HIGH" "wdesignkit 1.1.0 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "woocommerce-conversion-tracking 2.0.12 Subscriber+.Addon.Installation MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.happy-elementor-addons.Installation.&.Activation MEDIUM" "wp-hide-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "wptf-image-gallery No.known.fix Remote.File.Download HIGH" "wp-dark-mode 5.0.5 Missing.Authorization MEDIUM" "wp-dark-mode 4.0.8 Subscriber+.Local.File.Inclusion MEDIUM" "wp-dark-mode 4.0.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wordpress-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mail-smtp-pro 3.8.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "wc-venipak-shipping 1.19.6 Reflected.Cross-Site.Scripting.via.'venipak_labels_link' MEDIUM" "wp-cookies-enabler No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "woo-order-notes 1.5.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-gravity-forms-spreadsheets 1.1.1 Reflected.Cross-Site.Scripting HIGH" "widget4call No.known.fix Reflected.XSS HIGH" "widget4call No.known.fix Reflected.XSS HIGH" "woocommerce-shipping-canada-post 2.8.4 Unauthenticated.Unauthorised.Action MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Cross-Site.Request.Forgery MEDIUM" "wooexim No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-mapa-politico-spain 3.7.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wc-serial-numbers No.known.fix Missing.Authorization MEDIUM" "wc-serial-numbers 1.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-tripadvisor-review-slider 12.7 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-tripadvisor-review-slider 11.9 Admin+.Stored.XSS LOW" "wp-tripadvisor-review-slider 11.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-tripadvisor-review-slider 10.8 Subscriber+.SQLi HIGH" "wp-nested-pages 3.2.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-nested-pages 3.2.9 Editor+.Stored.XSS LOW" "wp-nested-pages 3.2.8 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "wp-nested-pages 3.2.7 Admin+.Stored.XSS LOW" "wp-nested-pages 3.2.4 Editor+.Plugin.Settings.Reset LOW" "wp-nested-pages 3.1.21 Admin+.Stored.Cross.Site.Scripting LOW" "wp-nested-pages 3.1.16 CSRF.to.Arbitrary.Post.Deletion.and.Modification HIGH" "wp-nested-pages 3.1.16 Open.Redirect MEDIUM" "wonderplugin-pdf-embed 1.7 Contributor+.Stored.XSS MEDIUM" "wp-csv No.known.fix Reflected.XSS.via.CSV.Import MEDIUM" "wm-zoom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-variation-gallery 1.1.29 Authenticated.Stored.XSS MEDIUM" "wp-ptviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-galleries No.known.fix Contributor+.PHP.Object.Injection HIGH" "wp-accessibility-helper 0.6.2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wp-accessibility-helper 0.6.3 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.6 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.5 Missing.Authorization.via.AJAX.action MEDIUM" "wp-accessibility-helper 0.6.0.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wps-child-theme-generator 1.2 Path.Traversal CRITICAL" "wp-graphql 1.14.6 Editor+.SSRF MEDIUM" "wp-graphql 1.3.6 Denial.of.Service HIGH" "wp-graphql 0.3.5 Improper.Access.Control MEDIUM" "wp-graphql 0.3.0 Multiple.Vulnerabilities CRITICAL" "wechat-social-login No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wechat-social-login No.known.fix Authentication.Bypass CRITICAL" "wp-action-network No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-action-network 1.4.4 Admin+.SQLi MEDIUM" "wp-action-network 1.4.3 Reflected.Cross-Site.Scripting.via.'search' MEDIUM" "wp-heyloyalty No.known.fix Unauthenticated.RCE.via.PHPUnit CRITICAL" "wp-woo-commerce-sync-for-g-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-media-optimizer-webp No.known.fix Reflected.Cross-Site.Scripting.via.wpmowebp-css-resources.and.wpmowebp-js-resources.Parameters MEDIUM" "woocommerce-order-barcodes 1.6.5 Cross-Site.Request.Forgery MEDIUM" "wp-video-robot No.known.fix .Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "wp-video-robot No.known.fix The.Ultimate.Video.Importer.<=.1.20.0.-.Unauthenticated.SQL.Injection HIGH" "w3s-cf7-zoho No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "w3s-cf7-zoho 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "w3s-cf7-zoho 2.1.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "weekly-schedule 3.4.3 Authenticated.Stored.XSS MEDIUM" "wp-lister-ebay 2.0.21 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wck-custom-fields-and-custom-post-types-creator 2.3.3 Admin+.Stored.XSS LOW" "wp-test-email 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-google-fonts 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.5.6 Unauthenticated.PHP.Object.Injection.via.Order.Details HIGH" "woo-order-export-lite 3.4.5 Shop.Manager+.Remote.Code.Execution CRITICAL" "woo-order-export-lite 3.3.3 Export.Files.via.CSRF MEDIUM" "woo-order-export-lite 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.1.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woo-order-export-lite 3.1.4 Authenticated.Cross-Site.Scripting.(XSS) LOW" "woo-order-export-lite 1.5.5 CSV.Injection HIGH" "wp-admin-notification-center 2.3.3 Settings.Update.via.CSRF MEDIUM" "woostagram-connect No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "woo-tipdonation No.known.fix Shop.Manager+.Stored.XSS MEDIUM" "wp-full-stripe-free 7.0.18 Settings.Update.via.CSRF MEDIUM" "wp-full-stripe-free 7.0.6 Admin+.Stored.XSS LOW" "wp-full-stripe-free 7.0.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-bugbot No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-bugbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-all-export 1.4.1 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export 1.4.0 Admin+.RCE MEDIUM" "wp-all-export 1.4.1 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-export 1.3.5 Admin+.SQL.Injection MEDIUM" "wp-all-export 1.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-smart-tv 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woosaleskit-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-dropshipping No.known.fix Unauthenticated.Arbitrary.Email.Send MEDIUM" "woocommerce-dropshipping 4.4 Unauthenticated.SQLi HIGH" "wp-news-magazine 1.2.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woocommerce-jetpack 7.2.4 Authenticated.(ShopManager+).Stored.Cross-Site.Scripting.via.wcj_product_meta.Shortcode MEDIUM" "woocommerce-jetpack 7.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-jetpack 7.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortocde MEDIUM" "woocommerce-jetpack 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.3 Missing.Authorization.to.Product.Creation/Modification MEDIUM" "woocommerce-jetpack 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Order.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-jetpack 7.1.2 Authenticated.(Subscriber+).Information.Disclosure.via.Shortcode MEDIUM" "woocommerce-jetpack 7.1.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.0 Shop.Manager+.Missing.Authorization.to.Arbitrary.Options.Update MEDIUM" "woocommerce-jetpack 6.0.1 Multiple.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-jetpack 5.6.7 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.7 Checkout.Files.Deletion.via.CSRF LOW" "woocommerce-jetpack 5.6.7 ShopManager+.Arbitrary.File.Download MEDIUM" "woocommerce-jetpack 5.6.7 Settings.Reset.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Subscriber+.Order.Status.Update MEDIUM" "woocommerce-jetpack 5.6.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.General.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.PDF.Invoicing.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.Product.XML.Feeds.Module HIGH" "woocommerce-jetpack 5.4.4 Authentication.Bypass CRITICAL" "woocommerce-jetpack 3.8.0 XSS MEDIUM" "wc-builder 1.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-quick-shop 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners 1.2.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-registration 6.0 Missing.Authorization.to.User.Deletion CRITICAL" "wp-registration No.known.fix Unauthenticated.Account.Takeover CRITICAL" "wc-support-system 1.2.2 Admin+.SQLi MEDIUM" "wc-support-system No.known.fix Unauthenticated.Ticket.Deletion/Update,.Settings.Update.etc MEDIUM" "wp-attachments No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-attachments 5.0.6 Admin+.Stored.XSS LOW" "wp-attachments 5.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wpperformancetester No.known.fix Cross-Site.Request.Forgery MEDIUM" "webpushr-web-push-notifications 4.36.0 Reflected.Cross-Site.Scripting MEDIUM" "webpushr-web-push-notifications 4.35.0 Unauthenticated.Stored.XSS HIGH" "webpushr-web-push-notifications 4.35.0 LFI.via.CSRF MEDIUM" "wpdtol-database-table-overview-logs 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-events 4.1.3 Unauthenticated.Arbitrary.File.Overwrite CRITICAL" "wp-server-stats 1.7.8 Injected.Backdoor CRITICAL" "wp-server-stats 1.7.4 Cross-Site.Request.Forgery MEDIUM" "wp-server-stats 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-paypal 1.2.3.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wm-options-import-export No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-worthy 1.7.0-0cde1c2 Cross-Site.Request.Forgery MEDIUM" "wp-all-export-pro 1.8.6 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export-pro 1.8.6 Admin+.RCE MEDIUM" "wp-all-export-pro 1.8.6 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export-pro 1.7.9 Authenticated.Code.Injection CRITICAL" "wp-all-export-pro 1.7.9 Authenticated.SQLi MEDIUM" "wn-flipbox-pro 2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-propagator No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "woo-pdf-invoice-builder 1.2.137 Reflected.Cross-Site.Scripting MEDIUM" "woo-pdf-invoice-builder 1.2.102 Cross-Site.Request.Forgery MEDIUM" "woo-pdf-invoice-builder 1.2.104 Reflected.XSS HIGH" "woo-pdf-invoice-builder 1.2.91 Admin+.Stored.XSS LOW" "woo-pdf-invoice-builder 1.2.92 Subscriber+.Arbitrary.Invoice.Access MEDIUM" "woo-pdf-invoice-builder 1.2.91 Invoice.Fields.Creation.via.CSRF MEDIUM" "woo-pdf-invoice-builder 1.2.90 Subscriber+.SQLi HIGH" "woo-pdf-invoice-builder 1.2.91 Invoice.Update.via.CSRF MEDIUM" "wp-register-profile-with-shortcode 3.6.0 Cross-Site.Request.Forgery.to.User.Password.Reset HIGH" "wp-register-profile-with-shortcode 3.5.9 Admin+.Stored.XSS LOW" "woocommerce-woocart-popup-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-image-seo No.known.fix Cross-Site.Request.Forgery MEDIUM" "widget-twitter No.known.fix Contributor+.SQLi MEDIUM" "woocommerce-maintenance-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-whatsapp-chat 6.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wp-dialog No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "wp-pinterest-automatic 4.14.4 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wp-scrippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-dtree-30 No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-dtree-30 No.known.fix Reflected.XSS HIGH" "wp-dtree-30 No.known.fix Admin+.Stored.XSS LOW" "wptables No.known.fix Reflected.XSS HIGH" "wpex-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woolementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "woolementor 4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "woolementor 4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wp-awesome-login No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "web3-authentication 3.0.0 Authentication.Bypass HIGH" "web3-authentication 2.7.0 Authentication.Bypass CRITICAL" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Task.Comments MEDIUM" "wp-todo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_addcomment MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_manage() MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_settings MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-todo 1.2.9 Contributor+.Stored.XSS MEDIUM" "wp-options-editor No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-custom-google-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wps-hide-login 1.9.16.4 Hidden.Login.Page.Disclosure LOW" "wps-hide-login 1.9.16 Login.Page.Disclosure MEDIUM" "wps-hide-login 1.9.12 Hidden.Login.Page.Location.Disclosure LOW" "wps-hide-login 1.9.1 Protection.Bypass.with.Referer-Header MEDIUM" "wps-hide-login 1.5.5 Secret.Login.Page.Disclosure CRITICAL" "wps-hide-login 1.5.3 Multiples.Issues HIGH" "woo-advanced-product-size-chart No.known.fix Missing.Authorization MEDIUM" "woo-advanced-product-size-chart 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-advanced-product-size-chart 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wooshark-aliexpress-importer 2.2.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "wooshark-aliexpress-importer 2.2.5 Unauthenticated.Settings.&.Products.Update MEDIUM" "wpextended 3.0.13 Unauthenticated.SQL.Injection.via.Login.Attempts.Module HIGH" "wpextended 3.0.12 Missing.Authorization.to.Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "wpextended 3.0.12 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting HIGH" "wpextended 3.0.10 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.9 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wpextended 3.0.9 Missing.Authorization.to.Admin.Username.Change MEDIUM" "wpextended 3.0.9 Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Download HIGH" "wpextended 3.0.9 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wpextended 3.0.9 Insecure.Direct.Object.Reference MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.selected_option MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.page MEDIUM" "wpextended 3.0.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wpworx-faq No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpworx-faq No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-mailerlite 2.0.9 Missing.Authorization.via.Multiple.Functions MEDIUM" "woo-mailerlite 2.0.9 Cross-Site.Request.Forgery.via.Multiple.AJAX.Functions MEDIUM" "wpslacksync 1.8.6 Slack.Access.Token.Disclosure HIGH" "woo-discount-rules 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.2.1 Multiple.Authorization.Bypass HIGH" "woo-discount-rules 2.1.0 Multiple.Vulnerabilities CRITICAL" "wcp-openweather No.known.fix Cross-Site.Request.Forgery MEDIUM" "wcp-openweather No.known.fix Reflected.XSS HIGH" "wp-payment-form 4.2.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-payment-form 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-enable-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wp-paytm-pay No.known.fix Donation.Plugin.<=.1.3.2.-.Authenticated.(admin+).SQL.Injection MEDIUM" "webmaster-tools No.known.fix Admin+.Stored.XSS LOW" "webmaster-tools No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "white-page-publication No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ws-form 1.10.14 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form 1.9.245 Reflected.Cross-Site.Scripting.via.URL MEDIUM" "ws-form 1.9.244 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ws-form 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form 1.9.171 Authenticated(Administrator+).SQL.Injection MEDIUM" "ws-form 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "wp-stats-dashboard No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wp-load-gallery No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wp-job-manager-companies 1.8 Reflected.Cross-Site.Scripting MEDIUM" "wpbulky-wp-bulk-edit-post-types 1.0.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wordpress-social-login No.known.fix Contributor+.Stored.XSS MEDIUM" "wordpress-social-login No.known.fix Admin+.Stored.XSS LOW" "wordpress-social-login No.known.fix Reflected.XSS HIGH" "wp-ds-blog-map No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wapppress-builds-android-app-for-website 6.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woo-product-attachment 2.2.0 Checkout.Attachements.Update.via.CSRF MEDIUM" "woo-product-attachment 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-attachment 2.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-photo-reviews 1.3.14 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "wp-contact-form No.known.fix Cross-Site.Request.Forgery.via.wpcf_adminpage MEDIUM" "wp-email-users No.known.fix Subscriber+.SQL.Injection HIGH" "wp-stacker No.known.fix Stored.XSS.via.CSRF HIGH" "wp-website-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpsso 18.18.2 Missing.Authorization MEDIUM" "wp-fail2ban 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-fail2ban 4.4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fail2ban 4.0.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-ecommerce-quickpay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpschoolpress No.known.fix Authenticated.(Student/Parent+).SQL.Injection MEDIUM" "wpschoolpress 2.2.11 Insecure.Direct.Object.Reference.to.Authenticated.(Teacher+).Account.Takeover/Privilege.Escalation HIGH" "wpschoolpress 2.2.5 Teacher+.SQLi MEDIUM" "wpschoolpress 2.2.5 Cross-Site.Request.Forgery MEDIUM" "wpschoolpress 2.1.17 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wpschoolpress 2.1.10 Multiple.Authenticated.SQL.Injections HIGH" "wpschoolpress 2.1.10 Reflected.Cross-Site.Scripting HIGH" "wp-connect No.known.fix Stored.XSS.via.CSRF HIGH" "wp-membership 1.6.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-membership 1.5.7 Subscriber+.Privilege.Escalation CRITICAL" "wp-membership No.known.fix Multiple.Vulnerabilities MEDIUM" "wp-visual-slidebox-builder No.known.fix Subscriber+.SQLi HIGH" "woo-conditional-payment-gateways 1.16.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-payment-gateways 1.13.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-business-intelligence 1.6.3 SQL.Injection CRITICAL" "wp-perfect-plugin 1.8.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-mailing-group No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-mailing-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-limits No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "wholesale-pricing-woocommerce 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-control No.known.fix Unauthenticated.password.reset MEDIUM" "woocommerce-alidropship 1.1.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "wp-rest-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-subtitle 3.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wpbot-pro 13.5.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpbot-pro 13.5.6 Missing.Authorization.to.Authenticated.(Subscriber+).Simple.Text.Response.Creation MEDIUM" "woocommerce-gateway-amazon-payments-advanced 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wip-incoming-lite 1.1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-client-reports 1.0.23 Cross-Site.Request.Forgery MEDIUM" "wp-cors 0.2.2 Admin+.Stored.XSS LOW" "woocommerce-checkout-field-editor-pro 3.6.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wpcasa-mail-alert 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-fountain No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-simple-html-sitemap 3.2 Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-simple-html-sitemap 2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-html-sitemap 2.8 Missing.Authorization MEDIUM" "wp-simple-html-sitemap 2.3 Reflected.XSS HIGH" "wp-simple-html-sitemap 2.6 Contributor+.Stored.XSS MEDIUM" "wp-championship 9.3 Multiple.CSRF MEDIUM" "wp-feature-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-germanized 3.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wpg-videos No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wiser-notify 2.6 Missing.Authorization MEDIUM" "woocommerce-payments 6.7.0 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-payments 5.9.1 Shop.Manager+.SQLi MEDIUM" "woocommerce-payments 6.5.0 Contributor+.Cross-Site.Scripting MEDIUM" "woocommerce-payments 4.9.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-payments 4.5.1 Intent.Parameter.Tampering HIGH" "woocommerce-payments 5.6.2 Unauthenticated.Privilege.Escalation CRITICAL" "wphelpkit 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wphelpkit 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-structuring-markup No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "weather-in-any-city-widget 1.1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-admin-product-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-admin-product-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-admin-product-notes No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-currency 1.6.6 Admin+.Stored.XSS LOW" "wplegalpages 3.2.8 Cross-Site.Request.Forgery MEDIUM" "wplegalpages 2.9.3 Contributor+.Stored.XSS MEDIUM" "wplegalpages 2.7.1 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "wplegalpages 1.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-delivery-notes 5.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Logo.Deletion MEDIUM" "woocommerce-delivery-notes 4.9.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "woocommerce-delivery-notes 4.7.2 Reflected.XSS HIGH" "wooCommerce-order-proposal 2.0.6 Authenticated.(Shop.Manager+).Privilege.Escalation.via.Order.Proposal HIGH" "wp-cloud-server 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wbcom-designs-buddypress-ads 1.3.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wc-product-author 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-author 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpp-customization No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-ninjaforms-product-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpvivid-backuprestore 0.9.107 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.108 Unauthenticated.PHP.Object.Injection HIGH" "wpvivid-backuprestore 0.9.106 Unauthenticated.Sensitive.Data.Exposure HIGH" "wpvivid-backuprestore 0.9.100 Admin+.PHAR.Deserialization HIGH" "wpvivid-backuprestore 0.9.69 Unauthenticated.SQLi.&.DoS HIGH" "wpvivid-backuprestore 0.9.95 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.92 WPvivid.<.0.9.92.-.Unauthenticated.Sensitive.Information.Exposure HIGH" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.90 Admin+.Arbitrary.Directory.Deletion.via.Path.Traversal HIGH" "wpvivid-backuprestore 0.9.91 Missing.Authorization.via.'start_staging'.and.'get_staging_progress' HIGH" "wpvivid-backuprestore 0.9.77 Admin+.Arbitrary.File.Deletion MEDIUM" "wpvivid-backuprestore 0.9.76 Admin+.Arbitrary.File.Read MEDIUM" "wpvivid-backuprestore 0.9.75 Admin+.PHAR.Deserialization MEDIUM" "wpvivid-backuprestore 0.9.71 Admin+.Arbitrary.File.Download LOW" "wpvivid-backuprestore 0.9.70 Reflected.Cross-Site.Scripting MEDIUM" "wpvivid-backuprestore 0.9.69 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpvivid-backuprestore 0.9.56 Reflected.Cross-Site.Scripting HIGH" "wpaudio-mp3-player No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-maintenance-mode-site-under-construction 1.8.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-maintenance-mode-site-under-construction 1.9 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-html-mail 3.4.2 Test.Email.Sending.via.CSRF MEDIUM" "wp-html-mail 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-html-mail 3.1 Unprotected.REST-API.Endpoint MEDIUM" "wp-html-mail 3.0.8 CSRF.to.XSS MEDIUM" "woolentor-addons 2.9.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.WL:.FAQ.Widget.Elementor.Template MEDIUM" "woolentor-addons 2.9.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "woolentor-addons 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Product.Horizontal.Filter.Widget MEDIUM" "woolentor-addons 2.8.9 Contributor+.Stored.XSS.via.woolentorsearch.Shortcode MEDIUM" "woolentor-addons 2.8.9 Authenticated.Option.Update MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.8 Missing.Authorization MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Template.Reset LOW" "woolentor-addons 2.8.5 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.QR.Code.Widget MEDIUM" "woolentor-addons 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Universal.Product.Layout MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.Cross-Site.Scripting.via.Banner.Link MEDIUM" "woolentor-addons 2.6.3 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.2 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.4 PHP.Object.Injection MEDIUM" "woolentor-addons 2.5.4 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 1.8.6 WooCommerce.Elementor.Addons.+.Builder.<.1.8.6.-.Contributor+.Stored.XSS MEDIUM" "wp-transactions 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-elegant-testimonial No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting LOW" "wp-image-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-bannerize-pro 1.9.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bannerize-pro 1.7.0 Reflected.XSS HIGH" "wp-easy-recipe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-d3 No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-d3 2.4.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wc-product-customer-list 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-customer-list 3.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-event-aggregator 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.7.7 Cross-Site.Request.Forgery.via.wpea_deauthorize_user() MEDIUM" "who-hit-the-page-hit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "who-hit-the-page-hit-counter No.known.fix CSRF MEDIUM" "who-hit-the-page-hit-counter No.known.fix Hit.Counter.<=.1.4.14.3.-.Reflected.XSS HIGH" "wp-downloadmanager 1.68.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.7 Admin+.Stored.Cross-Site.Scripting LOW" "wp-downloadmanager 1.68.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "wc-gsheetconnector 1.3.12 Missing.Authorization MEDIUM" "wc-gsheetconnector 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-gsheetconnector 1.3.6 Access.Code.Update.via.CSRF MEDIUM" "wc-gsheetconnector 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpify-woo 4.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wpify-woo 4.0.9 Missing.Authorization MEDIUM" "wpify-woo 3.5.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-mailto-links 3.1.4 Contributor+.Stored.XSS MEDIUM" "wp-s3-smart-upload 1.5.1 Missing.Authorization MEDIUM" "wp-strava No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-touch-slider No.known.fix Reflected.XSS HIGH" "wp-jitsi-shortcodes No.known.fix Admin+.Stored.XSS LOW" "wp-jitsi-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wordpress-popup 7.8.6 Missing.Authorization.to.Unauthorized.Form.Submission MEDIUM" "wordpress-popup 7.8.6 Missing.Authorization.to.Unpublished.Form.Exposure MEDIUM" "wordpress-popup 7.8.5 Admin+.Stored.XSS LOW" "wordpress-popup 6.0.8.1 Unauthenticated.CSV.Injection HIGH" "woo-product-variation-gallery 2.3.4 Reflected.Cross-Site.Scripting HIGH" "wp-desklite No.known.fix Reflected.XSS HIGH" "wp-stateless 3.4.1 Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wpforms-user-registration 2.1.2 Missing.Authorization.to.Authenticated.(Contributor+).Privilege.Escalation HIGH" "webcam-2way-videochat 5.2.8 Reflected.Cross-Site.Scripting HIGH" "webcam-2way-videochat 4.41.2 Cross-Site.Scripting.(XSS) MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 14.9 Reflected.XSS HIGH" "wpseo-local 14.9 CSRF MEDIUM" "wp-post-page-clone 1.2 Unauthorised.Post.Access MEDIUM" "wp-post-page-clone 1.1 SQL.Injections.due.to.Duplicated.Snippets HIGH" "wishsuite 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishsuite 1.3.5 Admin+.Stored.XSS LOW" "wishsuite 1.3.4 Cross-Site.Request.Forgery MEDIUM" "wp-users-disable No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-affiliate-platform 6.5.2 Affiliate.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 POST.Reflected.XSS MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Affiliate.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Lead.Editing HIGH" "wp-affiliate-platform 6.5.1 Profile.Update.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Banner.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Registration.Form HIGH" "wp-affiliate-platform 6.5.1 Stored.XSS.via.CSRF HIGH" "wp-affiliate-platform 6.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-affiliate-platform 6.4.0 Affiliate.Record.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.4.0 Admin+.Stored.XSS LOW" "wc-price-history 2.1.5 Authenticated.(Shop.manager+).PHP.Object.Injection HIGH" "wc-price-history 2.1.4 Missing.Authorization MEDIUM" "wp-advanced-search 3.3.9.2 Unauthenticated.SQL.Injection HIGH" "wp-advanced-search 3.3.9 Settings.Update.via.CSRF MEDIUM" "wp-advanced-search 3.3.7 Authenticated.SQL.Injection HIGH" "weebotlite No.known.fix Admin+.Stored.XSS LOW" "wp-bitly No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-bitly 2.7.3 Missing.Authorization MEDIUM" "wp-bitly 2.7.2 Contributor+.Stored.XSS MEDIUM" "wp-club-manager 2.2.12 Missing.Authorization MEDIUM" "wp-club-manager 2.2.12 Authenticated.(Player+).Stored.Cross-Site.Scripting MEDIUM" "wp-club-manager 2.2.11 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "wp-show-more No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.show_more.Shortcode MEDIUM" "wt-woocommerce-wishlist 2.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpcom-member 1.5.4.1 Reflected.Cross-Site.Scripting MEDIUM" "wpcom-member 1.5.3 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "wp-comment-fields 5.1 Cross-Site.Request.Forgery MEDIUM" "wp-comment-fields 5.1 Missing.Authorization MEDIUM" "wp-comment-fields 4.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-power-stats No.known.fix CSRF MEDIUM" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-testimonial-widget No.known.fix Missing.Authorization MEDIUM" "wp-html-sitemap No.known.fix wp-html-sitemap.html.Sitemap.Deletion.CSRF MEDIUM" "wc-cross-seller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-cross-seller No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-custom-post-template No.known.fix Settings.Update.via.CSRF MEDIUM" "wordpress-access-control No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "wp-all-import-pro No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-all-import-pro 4.9.4 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.File.Import HIGH" "wp-all-import-pro 4.1.2 Multiple.Vulnerabilities CRITICAL" "wp-all-import-pro 4.1.1 RCE HIGH" "wp-base-booking-of-appointments-services-and-events 5.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-base-booking-of-appointments-services-and-events 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.app_export_db MEDIUM" "wp-base-booking-of-appointments-services-and-events 4.9.2 Reflected.Cross-Site.Scripting.via.status.Parameter MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.1.7 Reflected.XSS HIGH" "wp-recall 16.26.9 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Password.Update CRITICAL" "wp-recall 16.26.7 Unauthenticated.Payment.Deletion.via.delete_payment MEDIUM" "wp-recall 16.26.7 Cross-Site.Request.Forgery MEDIUM" "wp-recall 16.26.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-recall 16.26.6 Unauthenticated.SQL.Injection CRITICAL" "wp-recall 16.26.6 Insecure.Direct.Object.Reference MEDIUM" "wp-recall 16.24.48 Reflected.Cross-Site.Scripting HIGH" "wp-categories-widget 2.3 Reflected.XSS HIGH" "wordpress-popular-posts 7.2.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wordpress-popular-posts 6.3.3 Contributor+.Stored.XSS MEDIUM" "wordpress-popular-posts 6.1.0 Unauthenticated.Views.Manipulation MEDIUM" "wordpress-popular-posts 6.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-popular-posts 5.3.4 Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-popular-posts 5.3.3 Authenticated.Code.Injection HIGH" "wordpress-popular-posts 5.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woo-pdf-invoices-bulk-download No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "wp-pipes 1.4.2 Reflected.Cross-Site.Scripting.via.x1.Parameter MEDIUM" "wp-pipes 1.4.1 CSRF MEDIUM" "wp-pipes 1.4.0 Admin+.SQLi MEDIUM" "wp-spid-italia No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-education 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.text_html_tag MEDIUM" "wp-education 1.2.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "what-would-seth-godin-do 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-downgrade 1.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "woo-producttables-pro 1.9.5 Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wc4bp-groups 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-fancybox 1.0.2 Authenticated.Stored.Cross-Site.Scripting LOW" "woopra 1.4.3.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woothemes-sensei 4.24.0.1.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "woothemes-sensei 4.24.0.1.24.0 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "wp-pagebuilder No.known.fix Admin+.Stored.Cross-Site LOW" "wp-pagebuilder 1.2.7 Author+.Stored.XSS MEDIUM" "wp-pagebuilder 1.2.4 Multiple.Stored.Cross-Site.scripting.(XSS) MEDIUM" "wp-pagebuilder 1.2.4 Insecure.default.configuration.Allows.Subscribers.Editing.Access.to.Posts MEDIUM" "wp-donottrack No.known.fix Authenticated.(admin+).Stored.XSS MEDIUM" "wp-express-checkout 2.3.8 Unauthenticated.Price.Manipulation MEDIUM" "wp-express-checkout 2.2.9 Admin+.Stored.XSS LOW" "wp-datepicker 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.2 Missing.Authorization MEDIUM" "wp-datepicker 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wp-hide-post No.known.fix Arbitrary.Post.Hiding.via.CSRF MEDIUM" "wooemailreport No.known.fix Reflected.XSS HIGH" "wp-jobsearch 2.6.8 Unauthenticated.Privilege.Escalation CRITICAL" "wp-jobsearch 2.6.8 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.4 Cross-Site.Request.Forgery MEDIUM" "wp-jobsearch 2.5.4 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-jobsearch 2.3.4 Authentication.Bypass CRITICAL" "wp-jobsearch 2.3.4 Arbitrary.File.Upload.to.RCE CRITICAL" "wp-jobsearch 1.8.2 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-jobsearch 1.8.2 Subscriber+.Add/Update.Schedule.Calls MEDIUM" "wp-jobsearch 1.8.2 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-jobsearch 1.7.4 Authenticated.Stored.XSS MEDIUM" "wp-jobsearch 1.5.6 Unauthenticated.Reflected.XSS MEDIUM" "wp-jobsearch 1.5.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 1.5.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "wp-jobsearch 1.5.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-phone-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-phone-message No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-shapes No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-automatic 3.95.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.autoplay.Parameter MEDIUM" "wp-automatic 3.93.0 WordPress.Automatic.Plugin.<.3,93,0.Cross-Site.Request.Forgery MEDIUM" "wp-automatic 3.92.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-automatic 3.92.1 Unauthenticated.SQL.Injection CRITICAL" "wp-automatic 3.92.1 Unauthenticated.Arbitrary.File.Download.and.Server-Side.Request.Forgery CRITICAL" "wp-automatic 3.53.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wp-photo-album-plus 8.9.01.001 Unauthenticated.Arbitrary.Shortcode.Execution.via.getshortcodedrenderedfenodelay HIGH" "wp-photo-album-plus 8.8.07.004 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.02.003 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.00.003 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.7.00.004 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wp-photo-album-plus 8.7.01.002 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.03.005 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.01.005 .Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.6.01.005 IP.Spoofing MEDIUM" "wp-photo-album-plus 8.6.01.003 Insecure.Direct.Object.Reference MEDIUM" "wp-photo-album-plus 8.0.10 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-shortcode 1.4.17 CSRF MEDIUM" "wp-facebook-review-showcase-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woo-product-table No.known.fix Reflected.XSS HIGH" "woo-product-table 3.5.2 Information.Exposure MEDIUM" "woo-product-table 3.1.2 Unauthenticated.Arbitrary.Function.Call CRITICAL" "wppizza 3.18.14 Reflected.Cross-Site.Scripting MEDIUM" "wppizza 3.18.11 Missing.Authorization MEDIUM" "wppizza 3.18.3 Reflected.XSS HIGH" "wppizza 3.17.2 Reflected.XSS HIGH" "wp-embed-facebook 3.1.2 Contributor+.Stored.XSS.via.shortcode MEDIUM" "wc-basic-slider 2.1.0 CSRF.Bypass MEDIUM" "wp-curriculo-vitae No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "woo-myghpay-payment-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "wordpress-nextgen-galleryview No.known.fix Reflected.XSS HIGH" "wordpress-nextgen-galleryview No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-mailster 1.8.18.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-mailster 1.8.18.0 Cross-Site.Request.Forgery MEDIUM" "wp-mailster 1.8.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).SQL.Injection.via.orderby HIGH" "wp-mailster 1.8.17.0 Missing.Authorization MEDIUM" "wp-mailster 1.8.17.0 Unauthenticated.Information.Exposure MEDIUM" "wp-mailster 1.8.17.0 Missing.Authorization HIGH" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.5.5 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-dev-powers-display-screen-dimensions-to-admin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-private-message 1.0.6 Private.Message.Disclosure.via.IDOR MEDIUM" "waitlist-woocommerce 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "waitlist-woocommerce 2.6.1 Missing.Authorization MEDIUM" "waitlist-woocommerce 2.5.3 Settings.Reset.via.CSRF MEDIUM" "waitlist-woocommerce 2.5.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "woo-bookings-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-seopress 7.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Social.Image.URL MEDIUM" "wp-seopress 7.9 Unauthenticated.Object.Injection HIGH" "wp-seopress 7.8 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.8 Contributor+.Open.Redirect LOW" "wp-seopress 7.6 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.7 Information.Exposure MEDIUM" "wp-seopress 7.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-seopress 7.3 Admin+.Stored.XSS LOW" "wp-seopress 6.5.0.3 Admin+.PHP.Object.Injection MEDIUM" "wp-seopress 5.0.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "woo-whatsapp-request-quote No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-to-twitter 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-to-twitter 3.3.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "woocommerce-brands 1.6.50 Cross-Site.Request.Forgery MEDIUM" "woocommerce-brands 1.6.46 Contributor+.Stored.XSS MEDIUM" "wpsolr-search-engine 8.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-dummy-content-generator 3.3.0 Unauthenticated.Code.Injection CRITICAL" "wp-dummy-content-generator 3.1.3 Missing.Authorization MEDIUM" "wp-dummy-content-generator 3.0.0 Cross-Site.Request.Forgery MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.5 Reflected.Cross-Site.Scripting.via.Debug.Mode.URI MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Reflected.Cross-Site.Scripting.via.request MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Admin+.Stored.XSS LOW" "wordlive-livecall-addon-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-twitter-mega-fan-box No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-compare-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-compare-products No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "webflow-pages 1.1.0 Missing.Authorization MEDIUM" "wp-icommerce No.known.fix Authenticated.(contributor+).SQL.Injection HIGH" "wptools 3.43 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wp-gpx-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sgpx.Shortcode MEDIUM" "wp-gpx-maps 1.7.06 Missing.Authorization MEDIUM" "woo-order-status-per-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-order-status-per-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-google-maps 9.0.41 Cross-Site.Request.Forgery MEDIUM" "wp-google-maps 9.0.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.37 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-google-maps 9.0.30 Reflected.Cross-Site.Scripting HIGH" "wp-google-maps 9.0.35 Information.Exposure.to.Potential.Denial.of.Service MEDIUM" "wp-google-maps 9.0.33 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.33 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-google-maps 9.0.29 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.28 Unauthenticated.Stored.XSS HIGH" "wp-google-maps 9.0.16 Admin+.Path.Traversal LOW" "wp-google-maps 8.1.13 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-google-maps 8.1.12 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-google-maps 7.11.35 CSRF.to.Stored.XSS MEDIUM" "wp-google-maps 7.11.28 Admin.Settings.CSRF CRITICAL" "wp-google-maps 7.11.18 Unauthenticated.SQL.Injection MEDIUM" "woo-audio-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wpsynchro 1.11.3 Cross-Site.Request.Forgery MEDIUM" "wpsynchro 1.10.0 Settings.Update.via.CSRF MEDIUM" "wp-intercom-slack No.known.fix Slack.Access.Token.Disclosure HIGH" "wp-contact-form7-email-spam-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-scraper 5.8.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-scraper 5.8 Missing.Authorization.to.Arbitrary.Page/Post.Creation MEDIUM" "wp-email-capture 3.11 Unauthenticated.Email.Capture.Download MEDIUM" "wp-email-capture 3.10 Email.Captures.Update.via.CSRF MEDIUM" "wp-email-capture 3.10 Admin+.Stored.XSS LOW" "wp-post-modal No.known.fix Admin+.Stored.XSS LOW" "wp-stripe-express 1.12.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-express 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-ajax-filters 1.5.4.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-noexternallinks 4.3 Backdoored MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-one-click-upsell-funnel 3.4.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wps_wocuf_pro_yes.Shortcode MEDIUM" "wp-currency-exchange-rates 1.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-smart-crm-invoices-free No.known.fix Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wpdeepl 2.4.1.2 Log.Pruning.via.CSRF MEDIUM" "wpdeepl 1.7.5 API.Key.Disclosure MEDIUM" "wp-link-bio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-link-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-travel-engine 6.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Plugin.Settings.Update MEDIUM" "wp-travel-engine 5.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.8.1 Unauthenticated.Price.Manipulation MEDIUM" "wp-travel-engine 5.8.0 Unauthenticated.SQL.Injection CRITICAL" "wp-travel-engine 5.8.0 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-travel-engine 5.7.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-travel-engine 5.3.1 Editor+.Stored.Cross-Site.Scripting LOW" "wp-limit-login-attempts No.known.fix IP.Spoofing MEDIUM" "wp-with-spritz No.known.fix Unauthenticated.File.Inclusion CRITICAL" "wp-rss-aggregator 4.23.13 Missing.Authorization MEDIUM" "wp-rss-aggregator 4.23.12 Missing.Authorization.to.Authenticated.(Subscriber+).Feed.State.Update MEDIUM" "wp-rss-aggregator 4.23.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-rss-aggregator 4.23.6 Authenticated.(Admin+).Server-Side.Request.Forgery.via.RSS.Feed.Source LOW" "wp-rss-aggregator 4.23.5 Admin+.Stored.XSS MEDIUM" "wp-rss-aggregator 4.20 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-rss-aggregator 4.19.3 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-rss-aggregator 4.19.2 Admin+.Stored.Cross-Site.Scripting LOW" "woo-quick-cart-for-multiple-variations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-cart-for-multiple-variations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-help-scout 2.9.1 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wp-replicate-post 4.1 Contributor+.SQL.Injection MEDIUM" "woocommerce-ean-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).EAN.Update MEDIUM" "widget-detector-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpsection 1.3.9 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "woocommerce-mercadopago 7.6.2 7.6.1.-.Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "woocommerce-mercadopago 6.4.0 CSRF MEDIUM" "widgets-reset No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-smushit 3.16.5 Subscriber+.Resmush.List.Deletion MEDIUM" "wp-smushit 3.9.9 Admin+.Reflected.Cross-Site.Scripting LOW" "wp-smushit 3.0.0 Authenticated.Phar.Deserialization MEDIUM" "wp-smushit 2.7.6 File.Transversal HIGH" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stripe-donation 3.2.4 Missing.Authorization MEDIUM" "wp-stripe-donation 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-donation 3.1.6 AidWP.<.3.1.6.-.CSRF MEDIUM" "wp-stripe-donation 2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-warranties-and-returns 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wp-js-impress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wysija-newsletters 2.8.2 Spam.Vulnerability MEDIUM" "wrc-pricing-tables 2.3.8 Missing.Authorization MEDIUM" "wrc-pricing-tables 2.3.9 Admin+.Stored.XSS LOW" "workscout-core 1.3.4 Authenticated.Stored.XSS.&.XFS HIGH" "wp-shamsi No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "wp-shamsi 4.1.1 Unauthenticated.Arbitrary.Plugin.Deactivation MEDIUM" "wp-shamsi 4.2.0 Subscriber+.Settings.Update MEDIUM" "wpvivid-backup-mainwp 0.9.34 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wpvivid-backup-mainwp 0.9.33 Reflected.Cross-Site.Scripting MEDIUM" "woo-billing-with-invoicexpress 3.0.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wc-customer-source 1.3.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-powerplaygallery No.known.fix Arbitrary.File.Upload.&.SQL.Injection HIGH" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Missing.Authorization MEDIUM" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Cross-Site.Request.Forgery MEDIUM" "wp-jump-menu No.known.fix Admin+.Stored.XSS LOW" "wp-pdf-generator 1.2.3 Cross-Site.Request.Forgery MEDIUM" "wp-automatic-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-cleanup-and-basic-functions No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "widgets-on-pages-and-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-on-pages-and-posts No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wishlist-member-x No.known.fix Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wishlist-member-x No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution CRITICAL" "wishlist-member-x No.known.fix Subscriber+.Privilege.Escalation HIGH" "wishlist-member-x No.known.fix Unauthenticated.Denial.of.Service MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Stored.Cross-Site.Scripting HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Information.Disclosure MEDIUM" "wp-management-controller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-user-extra-fields 16.7 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-user-extra-fields 16.7 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-extra-fields 16.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-retina-2x 6.4.6 Sensitive.Information.Exposure MEDIUM" "wp-retina-2x 5.2.3 Cross-Site.Scripting.(XSS) MEDIUM" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-slider-and-carousel-with-category 2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "walker-core 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "walker-core 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-awesome-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-awesome-faq 4.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-blog-manager-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-food-manager 1.0.4 Admin+.Stored.XSS LOW" "weight-based-shipping-for-woocommerce 5.5.0 Settings.Update.via.CSRF MEDIUM" "wp-greet 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-html-author-bio-by-ahmad-awais No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-blog-and-widgets 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-krpano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mapit 3.0.0 Contributor+.Stored.XSS MEDIUM" "ws-facebook-likebox No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-top-news 2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-top-news 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tweet-walls 1.0.4 Cross-Site.Request.Forgery MEDIUM" "wc-fields-factory 4.1.7 ShopManager+.SQLi MEDIUM" "woo-checkout-field-editor-pro 2.0.4 Reflected.Cross-Site.Scripting.via.render_review_request_notice MEDIUM" "woo-checkout-field-editor-pro 1.8.0 Admin+.PHP.Object.Injection MEDIUM" "wp-media-manager-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wpjam-basic 6.2.1.1 Contributor+.Stored.XSS MEDIUM" "wp-etracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-category-posts-list No.known.fix Cross-Site.Request.Forgery.via.gen_set_page MEDIUM" "wp-category-posts-list No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-upcoming-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-upcoming-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-sticky-social 1.0.2 Stored.XSS.via.CSRF HIGH" "wp-extended-search 2.1.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-auctions No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "wp-auctions No.known.fix Editor+.SQL.Injection MEDIUM" "wp-auctions No.known.fix Editor+.Stored.XSS LOW" "wp-auctions No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-auctions No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-product-finder 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-basic-ordernumbers No.known.fix Missing.Authorization MEDIUM" "wp-staging 3.5.0 Admin+.Arbitrary.File.Upload MEDIUM" "wp-staging 3.5.0 Admin+.SSRF MEDIUM" "wp-staging 3.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging 3.4.0 Admin+.Stored.XSS LOW" "wp-staging 3.2.0 Unauthorized.Sensitive.Data.Exposure HIGH" "wp-staging 3.1.3 Unauthenticated.Backup.Download HIGH" "wp-staging 2.9.18 Admin+.Stored.Cross-Site.Scripting LOW" "woo-add-to-quote 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-add-to-quote 1.4.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-magazine-modules-lite 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-analytify 5.5.0 Missing.Authorization MEDIUM" "wp-analytify 5.4.0 Cross-Site.Request.Forgery.to.Opt-out MEDIUM" "wp-analytify 5.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.2.4 Missing.Authorization MEDIUM" "wp-analytify 5.2.4 Missing.Authorization.to.Unauthenticated.Google.Analytics.Tracking.ID.Modification MEDIUM" "wp-analytify 5.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.1.1 Missing.Authorization.to.Opt-In MEDIUM" "wp-analytify 4.2.3 Cache.Deletion.via.CSRF MEDIUM" "wp-analytify 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-catcher 2.1.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-catcher 2.1.7 Cross-Site.Request.Forgery MEDIUM" "wp-mail-catcher 2.1.4 WP.Mail.Catcher.<.2.1.4.-.Admin+.SQLi MEDIUM" "wp-mail-catcher 2.1.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wpematico 2.6.12 Admin+.Stored.Cross-Site.Scripting LOW" "woo-ukrposhta 1.18.0 Reflected.Cross-Site.Scripting.via.order,.post,.and.idd.Parameters MEDIUM" "woo-ukrposhta 1.17.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-ukrposhta 1.6.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-shipos-delivery No.known.fix Reflected.Cross-Site.Scripting.via.dvsfw_bulk_label_url.Parameter MEDIUM" "wpm-news-api No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "whmcs-bridge 6.4b Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "whmcs-bridge 6.3 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "weglot 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "weglot 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-nmi-three-step No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-nmi-three-step No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-nmi-three-step No.known.fix CSRF.Bypass MEDIUM" "wp-multisite-content-copier 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-es 2.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-es 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-reviews-shortcode 1.01.6 Missing.Authorization MEDIUM" "woo-product-reviews-shortcode 1.01.4 Cross-Site.Request.Forgery MEDIUM" "woo-product-reviews-shortcode 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-reviews-shortcode 1.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cookie-user-info 1.0.9 Admin+.SQL.Injection MEDIUM" "wp-cookie-user-info 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-chinese-conversion No.known.fix Reflected.XSS HIGH" "wpzoom-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "wpzoom-shortcodes 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-paylate 1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-paylate 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-headmaster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wplr-sync 6.4.1 Missing.Authorization MEDIUM" "wplr-sync 6.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-manager 7.3.1 Missing.Authorization MEDIUM" "woocommerce-checkout-manager 5.5.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-manager 4.3 Arbitrary.File.Upload HIGH" "wp-job-openings 3.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "wp-vertical-image-slider 1.2.17 .Reflected.XSS HIGH" "wp-vertical-image-slider 1.2.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-vertical-image-slider 1.2 Cross-Site.Scripting.&.CSRF CRITICAL" "woocommerce-product-vendors 2.2.3 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.2.2 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.1.77 Vendor.Admin+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.79 ShopManager+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Unauthenticated.Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.69 Vendor.Commission.Percentage.Update.via.IDOR MEDIUM" "woocommerce-product-vendors 2.1.66 Note.Creation.via.IDOR LOW" "woocommerce-product-vendors 2.1.66 Unauthenticated.Blind.SQLi HIGH" "wp-responsive-testimonials-slider-and-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-blog-post-layouts 1.1.4 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "wp-ban-user No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-attest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-attest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wh-cache-and-security No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-google-street-view 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-street-view 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-country-restrictions-advanced 1.14.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-country-restrictions-advanced 1.13.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ses 1.4.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-google-maps-pro 8.1.12 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-viewstl No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stripe-global-payments 3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-global-payments 3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-crontrol 1.16.2 Remote.Code.Execution MEDIUM" "wp-responsive-photo-gallery 1.0.16 Authenticated.(Subscriber+).Limited.Server-Side.Request.Forgery MEDIUM" "wp-responsive-photo-gallery 1.0.4 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-photo-gallery 1.0.14 Reflected.XSS HIGH" "wp-responsive-photo-gallery 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "wedevs-project-manager 2.6.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wedevs-project-manager 2.6.16 Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.Project.Task.List.REST.API MEDIUM" "wedevs-project-manager No.known.fix Authenticated.(Project.Manager+).SQL.Injection MEDIUM" "wedevs-project-manager 2.6.15 Missing.Authorization.to.Project.Milestone.and.Task.Creation/Deletion MEDIUM" "wedevs-project-manager 2.6.14 Insecure.Direct.Object.Reference.to.Unauthenticated.Authorization.Bypass HIGH" "wedevs-project-manager 2.6.8 Missing.Authorization MEDIUM" "wedevs-project-manager 2.6.9 Subscriber+.Stored.XSS HIGH" "wedevs-project-manager 2.6.1 Subscriber+.SQLi HIGH" "wedevs-project-manager 2.6.5 Subscriber+.Privilege.Escalation HIGH" "wedevs-project-manager 2.4.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wedevs-project-manager 2.4.10 CSRF.Nonce.Bypasses MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery MEDIUM" "weekly-class-schedule No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wf-cookie-consent 1.1.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-extra-charges-to-payment-gateways No.known.fix Unauthorised.Arbitrary.Plugin.Settings.Change.to.Stored.XSS CRITICAL" "woo-min-max-quantity-step-control-single 4.6 Reflected.XSS HIGH" "wp-symposium No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-taxonomy-import No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-display-mode 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-display-mode 3.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-estimation-form 10.1.76 Reflected.Cross-Site.Scripting MEDIUM" "wp-estimation-form 10.1.77 Missing.Authorization MEDIUM" "wp-estimation-form 10.1.76 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-secure-maintainance 1.7 Admin+.Stored.XSS LOW" "word-replacer-ultra No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization MEDIUM" "wpadcenter 2.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpadcenter_ad.Shortcode MEDIUM" "wpadcenter 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_alignment.Attribute MEDIUM" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 4.0.5 Missing.Authorization.to.Authenticated.(Contributor+).Event.Data.Import MEDIUM" "wp-event-solution 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 3.3.51 Missing.Authorization.to.Unauthenticated.Events.Export MEDIUM" "wp-coupons-and-deals 3.1.19 Reflected.Cross-Site.Scripting MEDIUM" "wp-coupons-and-deals 3.1.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-instance-rename No.known.fix Arbitrary.File.Download MEDIUM" "wp-google-my-business-auto-publish 3.8 Multiple.CSRF MEDIUM" "wp-google-my-business-auto-publish 3.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "widgets-on-pages 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Contributor+.Stored.XSS MEDIUM" "widgets-on-pages 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-gallery-exporter No.known.fix Authenticated.(Administrator+).Arbitrary.File.Download LOW" "wp-job-manager 2.3.0 Unauthenticated.Information.Exposure MEDIUM" "wp-job-manager 2.1.0 Cross-Site.Request.Forgery MEDIUM" "wp-job-manager 2.1.0 Unauthenticated.Job.Status.Update MEDIUM" "wp-job-manager 1.31.3 Phar.Deserialization MEDIUM" "wp-job-manager 1.29.3 Unauthenticated.Object.Injection CRITICAL" "wp-job-manager 1.26.2 Unauthenticated.Arbitrary.File.Upload HIGH" "website-file-changes-monitor 1.8.3 Admin+.SQLi MEDIUM" "wp-monalisa 6.5 Cross-Site.Request.Forgery MEDIUM" "wp-health 2.17.1 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-image-slideshow 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wens-responsive-column-layout-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "wowrestro 1.1 CSRF.Bypass MEDIUM" "woo-availability-date No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "woo-remove-cart-and-query-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-remove-cart-and-query-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easy-booking 2.4.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "widgetize-pages-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.53 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wpappninja 11.51 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.49 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.42 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.21 Admin+.Stored.XSS LOW" "wpappninja 11.19 Admin+.Stored.XSS LOW" "wpappninja 11.14 Contributor+.Stored.XSS MEDIUM" "wp-sort-order 1.3.2 Missing.Authorization MEDIUM" "wp-users-media No.known.fix Missing.Authorization.via.wpusme_save_settings MEDIUM" "wp-users-media No.known.fix Cross-Site.Request.Forgery.in.wpusme_save_settings MEDIUM" "wphelpful No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-anti-fraud 3.9 Unauthenticated.Order.Status.Manipulation MEDIUM" "wp-repost No.known.fix Admin+.Stored.XSS LOW" "wp-reactions-lite 1.3.9 CSRF LOW" "wxsync No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-post-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-hide-that No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-stripe-payment 3.3.10 3.3.9.-.Missing.Authorization.Controls.to.Financial.Account.Hijacking MEDIUM" "wp-table-reloaded No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-custom-cart-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-for-japan 2.6.5 Missing.Authorization MEDIUM" "woocommerce-for-japan 2.5.8 Reflected.XSS MEDIUM" "woocommerce-for-japan 2.5.5 Reflected.XSS HIGH" "widget-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-hotel-booking 2.1.7 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "wp-hotel-booking 2.1.6 Missing.Authorization MEDIUM" "wp-hotel-booking No.known.fix Contributor+.Local.File.Inclusion HIGH" "wp-hotel-booking 2.1.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-hotel-booking 2.1.1 Unauthenticated.SQL.Injection CRITICAL" "wp-hotel-booking 2.0.9.3 Missing.Authorization MEDIUM" "wp-hotel-booking 2.0.9.3 Improper.Authorization.on.Multiple.REST.API.Routes MEDIUM" "wp-hotel-booking 2.0.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.8 Unauthenticated.SQLi HIGH" "wp-hotel-booking 2.0.9 Contributor+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.1 Unauthenticated.Arbitrary.Settings.Update HIGH" "wp-hotel-booking 1.10.6 CSRF MEDIUM" "wp-hotel-booking 1.10.4 Unauthenticated.PHP.Object.Injection HIGH" "wp-hotel-booking 1.10.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-topbar No.known.fix Admin+.SQLi MEDIUM" "wp-topbar No.known.fix CSRF MEDIUM" "wp-map-block 1.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-custom-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-private-content-plus 3.6.2 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-private-content-plus 3.6.1 Unauthenticated.Protected.Post.Access MEDIUM" "wp-private-content-plus 3.2 Cross-Site.Request.Forgery HIGH" "wp-private-content-plus 3.2 CSRF.Nonce.Bypass HIGH" "wp-private-content-plus 2.0 Unauthenticated.Options.Change HIGH" "wp-logs-book No.known.fix Disable.Logging.via.CSRF MEDIUM" "wp-logs-book No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-logs-book No.known.fix Log.Clearing.via.CSRF MEDIUM" "wp-social-sharing No.known.fix Admin+.Stored.XSS LOW" "wbcom-designs-buddypress-search No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-performance-score-booster 2.1 Settings.Change.via.CSRF MEDIUM" "wordpress-tooltips 9.5.3 Cross-Site.Request.Forgery MEDIUM" "wordpress-tooltips 9.4.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "woocommerce-frontend-shop-manager 4.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wc-multishipping 2.3.8 Subscriber+.Arbitrary.Account.Credentials.Test MEDIUM" "wc-multishipping 2.3.6 Missing.Authorization.to.Log.Export MEDIUM" "wp-better-permalinks 3.0.5 CSRF.allowing.Option.Update HIGH" "wpgt-google-translate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpgt-google-translate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woffice-core 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice-core 5.4.9 Missing.Authorization MEDIUM" "woo-save-abandoned-carts 8.2.1 Cross-Site.Request.Forgery MEDIUM" "wc-sales-notification 1.2.3 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woo-product-enquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-live-tv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-live-tv No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-imagezoom No.known.fix Reflected.XSS HIGH" "wp-post-author 3.8.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-post-author 3.8.2 Authenticated.(Administrator+).SQL.Injection HIGH" "wp-post-author 3.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-author 3.7.5 Missing.Authorization MEDIUM" "wp-post-author 3.6.5 Subscriber+.Rating.Manipulation MEDIUM" "wufoo-shortcode 1.52 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "w4-post-list 2.4.6 Reflected.XSS HIGH" "w4-post-list 2.4.6 Contributor+.Stored.XSS MEDIUM" "w4-post-list 2.4.6 Subscriber+.Password.Protected.Post.Content.Disclosure MEDIUM" "w4-post-list 2.4.5 Contributor+.Stored.XSS MEDIUM" "wp-reply-notify No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-testing No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-autosearch No.known.fix Unauthenticated.SQLi HIGH" "woo-multi-currency 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-multi-currency 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "wp-stats 2.52 CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-file-manager 7.2.8 Missing.Authorization MEDIUM" "wp-file-manager 7.2.6 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "wp-file-manager 7.2.5 Cross-Site.Request.Forgery.to.Local.JS.File.Inclusion HIGH" "wp-file-manager 7.2.2 Directory.Traversal CRITICAL" "wp-file-manager 7.2.2 Sensitive.Information.Exposure.via.Backup.Filenames HIGH" "wp-file-manager 7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-manager 6.9 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wp-file-manager 6.5 Backup.File.Directory.Listing MEDIUM" "wp-file-manager 5.2 Multiple.Vulnerabilities HIGH" "wp-file-manager 3.1 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "wp-file-manager 3.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-voting-contest 3.0 Reflected.Cross-Site.Scripting MEDIUM" "wpfront-notification-bar 3.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wpfront-notification-bar 3.4 Admin+.Stored.XSS MEDIUM" "wpfront-notification-bar 2.1.0.08087 Authenticated.Stored.XSS LOW" "wpfront-notification-bar 2.0.0.07176 Authenticated.Stored.XSS MEDIUM" "wp-testimonials No.known.fix Authenticated.SQL.Injection HIGH" "wp-display-users No.known.fix Authenticated.SQL.Injection MEDIUM" "woocommerce-currency-switcher 1.4.2.3 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.1 Missing.Authorization MEDIUM" "woocommerce-currency-switcher 1.4.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-currency-switcher 1.4.1.8 Cross-Site.Request.Forgery MEDIUM" "woocommerce-currency-switcher 1.4.1.7 Subscriber+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.4.1.5 Cross-Site.Request.Forgery.via.delete_profiles_data MEDIUM" "woocommerce-currency-switcher 1.3.9.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.9.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.7.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-currency-switcher 1.3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7 Authenticated.(Low.Privilege).Local.File.Inclusion CRITICAL" "woocommerce-multiple-free-gift No.known.fix Insufficient.Server-Side.Validation.to.Arbitrary.Gift.Adding MEDIUM" "wp-anything-slider 9.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "woocommerce-payplug No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-payplug No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-billingo-plus 4.4.5.4 Multiple.CSRF MEDIUM" "wptools-masonry-gallery-posts-for-divi 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wptools-masonry-gallery-posts-for-divi 3.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-mobile-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "wordpress-mobile-pack 2.1.3 Information.Disclosure HIGH" "wp-rest-api-authentication 2.4.1 Settings.Update.via.CSRF MEDIUM" "wp-knowledgebase No.known.fix CSRF MEDIUM" "wp-to-hootsuite 1.3.9 Reflected.Cross-Site.Scripting HIGH" "wp-glossary No.known.fix Missing.Authorization MEDIUM" "wp-glossary No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-lister-amazon 0.9.6.36 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wp-letsencrypt-ssl 7.1.0 Sensitive.Information.Exposure.via.insufficiently.protected.files HIGH" "wp-letsencrypt-ssl 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-letsencrypt-ssl 5.7.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-2checkout-payment No.known.fix Missing.Authorization.via.sniff_ins MEDIUM" "wp-posturl No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "wpcf7-redirect 3.0.0 Missing.Authorization MEDIUM" "wpcf7-redirect 2.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.6.0 Unauthenticated.Options.Update.to.Stored.XSS HIGH" "wpcf7-redirect 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Plugin.Installation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Post.Deletion MEDIUM" "wpcf7-redirect 2.3.4 Unauthenticated.Arbitrary.Nonce.Generation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.PHP.Object.Injection HIGH" "wpcf7-redirect 2.3.4 Unprotected.AJAX.Actions MEDIUM" "wp-popups-lite 2.2.0.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-popups-lite 2.1.5.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-popups-lite 2.1.5.1 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.9 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.8 Contributor+.Stored.XSS MEDIUM" "woocommerce-custom-product-tabs-lite 1.9.1 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "while-it-is-loading No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wemail 1.14.6 Reflected.Cross-Site.Scripting MEDIUM" "wemail 1.14.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "widget-settings-importexport No.known.fix Authenticated.Stored.XSS HIGH" "wovax-idx No.known.fix Missing.Authorization.to.Privilege.Escalation HIGH" "woocommerce-stock-manager 2.11.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-stock-manager 2.6.0 CSRF.to.Arbitrary.File.Upload HIGH" "webp-express 0.14.8 Authenticated.Stored.XSS MEDIUM" "webp-express 0.14.11 Multiple.Issues HIGH" "wp2syslog No.known.fix Admin+.Stored.XSS LOW" "wp-courses 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Update HIGH" "wp-courses 3.2.4 Missing.Authorization MEDIUM" "wp-courses 3.2.4 Subscriber+.Arbitrary.Options.Update HIGH" "wp-courses 3.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-courses 2.0.44 Authenticated.Stored.XSS.via.Video.Embed.Code LOW" "wp-courses 2.0.44 Reflected.Cross-Site.Scripting HIGH" "wp-courses 2.0.29 Broken.Access.Controls.leading.to.Courses.Content.Disclosure HIGH" "whatsapp No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-database-backup 7.4 Unauthenticated.Database.Back-Up.Exposure HIGH" "wp-database-backup 5.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-database-backup 5.2 Unauthenticated.OS.Command.Injection MEDIUM" "wp-database-backup 5.1.2 XSS HIGH" "wp-database-backup 4.3.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wishlist-and-compare 1.0.5 Unauthorised.AJAX.call HIGH" "wp-backitup No.known.fix Cross-Site.Request.Forgery.to.Backup.Trigger MEDIUM" "wp-backitup No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup 1.50 Unauthenticated.Sensitive.Data.Exposure HIGH" "wp-login-with-ajax No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "winning-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-support-ticket-system 17.9 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Information.Exposure MEDIUM" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-support-ticket-system 17.8 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-cookiechoise No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wordpress-easy-paypal-payment-or-donation-accept-plugin 5.0 Missing.Authorization MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 4.9.10 Contributor+.Stored.XSS MEDIUM" "wp-event-manager 3.1.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'events'.Shortcode MEDIUM" "wp-event-manager 3.1.42 Reflected.Cross-Site.Scripting.via.plugin MEDIUM" "wp-event-manager 3.1.42 Editor+.Stored.XSS LOW" "wp-event-manager 3.1.43 Reflected.XSS HIGH" "wp-event-manager 3.1.38 Admin+.Stored.XSS MEDIUM" "wp-event-manager 3.1.28 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-manager 3.1.23 Admin+.Stored.Cross-Site.Scripting LOW" "wp-all-import 3.7.3 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.9 Admin+.Directory.traversal.via.file.upload MEDIUM" "wp-all-import 3.6.9 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.File.Upload MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.Code.Execution MEDIUM" "wp-all-import 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-import 3.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-all-import 3.4.7 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.2.5 Multiple.Vulnerabilities CRITICAL" "wp-all-import 3.2.4 RCE HIGH" "wc-planzer-shipping 1.0.26 Reflected.Cross-Site.Scripting.via.processed-ids MEDIUM" "woosms-sms-module-for-woocommerce 3.0.3 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "wp-extra-file-types 0.5.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "whizz 1.1.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "whizz 1.0.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-csv-to-database No.known.fix CSRF LOW" "woo-conditional-discount-rules-for-checkout 2.4.1 CSRF MEDIUM" "woo-conditional-discount-rules-for-checkout 2.3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-discount-rules-for-checkout 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-slimstat 5.2.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-slimstat 5.1.4 Subscriber+.Stored.XSS HIGH" "wp-slimstat 5.0.10 Contributor+.SQL.Injection MEDIUM" "wp-slimstat 5.0.9 Admin+.Stored.XSS LOW" "wp-slimstat 5.0.10 Contributor+.Stored.XSS MEDIUM" "wp-slimstat 5.0.5 Admin+.SQLi MEDIUM" "wp-slimstat 5.0.5 Reflected.XSS HIGH" "wp-slimstat 4.9.4 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3.3 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3 Unauthenticated.Stored.XSS HIGH" "wp-slimstat 4.8.4 CSRF.to.Stored.XSS.and.Setting.Updates MEDIUM" "wp-slimstat 4.8.1 Unauthenticated.Stored.XSS.from.Visitors MEDIUM" "wpcs-wp-custom-search No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-category-slider-grid 1.4.16 Missing.Authorization.via.notice.dismissal.functionality MEDIUM" "wp-tell-a-friend-popup-form No.known.fix Admin+.Stored.XSS LOW" "wp-tell-a-friend-popup-form No.known.fix Settings.Update.via.CSRF MEDIUM" "wd-image-magnifier-xoss No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-social-feed No.known.fix Reflected.XSS HIGH" "wp-hr-manager 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-manager 3.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wps-team 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "wc-payment-gateway-per-category No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wrapper-link-elementor 1.0.5 Injected.Backdoor CRITICAL" "wp-config-file-editor No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-inject No.known.fix Admin+.Stored.XSS LOW" "wp-inject 1.16 Stored.XSS.&.CSRF HIGH" "wp-spreadplugin No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-font-awesome No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-font-awesome 1.7.9 Contributor+.Stored.XSS MEDIUM" "wp-crm-system 3.4.0 Unauthenticated.Duplicate.Contact.Settings.Update MEDIUM" "wp-crm-system 3.2.9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpbookit 1.6.10 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpbookit 1.6.6 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "wpbookit No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-scribd-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "widgets-for-ebay-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wish-list-for-woocommerce-pro 3.1.3 3.1.2.-.Reflected.Cross-Site.Scripting.via.wtab.Parameter MEDIUM" "w-dalil No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wpmozo-addons-lite-for-elementor 1.1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wpmozo-addons-lite-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-user-frontend 4.0.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-user-frontend 4.0.8 Use.of.Polyfill.io MEDIUM" "wp-user-frontend 3.6.6 Authenticated.(Author+).Privilege.Escalation HIGH" "wp-user-frontend 3.6.9 Missing.Authorization.via.AJAX.actions MEDIUM" "wp-user-frontend 3.5.29 Obscure.Registration.as.Admin MEDIUM" "wp-user-frontend 3.5.26 SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-user-frontend 3.5.25 Admin+.SQL.Injection MEDIUM" "wp-hide No.known.fix Unauthenticated.Settings.Update MEDIUM" "wp-mini-program No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wholesalex 1.3.3 Unauthenticated.Privilege.Escalation MEDIUM" "wholesalex 1.3.2 Authenticated(Subscriber+).Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wholesalex 1.3.2 Sensitive.Information.Exposure.via.export_users MEDIUM" "wholesalex 1.3.3 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-not-login-hide-wpnlh No.known.fix Admin+.Stored.XSS LOW" "woostify-sites-library 1.4.8 Subscriber+.Arbitrary.Options.Update.to.DoS HIGH" "woo-advanced-product-information 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-cufon No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-smart-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-regsiter-field-editor 2.1.9 Cross-Site.Request.Forgery MEDIUM" "wp-cafe 2.2.29 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.28 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).File.inclusion.via.Shortcode HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Reservation.Form.Shortcode MEDIUM" "wp-cafe 2.2.24 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "wp-cafe 2.2.23 Missing.Authorization MEDIUM" "wp-svg No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woocommerce-box-office 1.2.3 Missing.Authorization MEDIUM" "woocommerce-box-office 1.1.52 Unauthenticated.Ticket.Barcode.Update MEDIUM" "woocommerce-box-office 1.1.51 Contributor+.Stored.XSS MEDIUM" "woo-vipps 1.14.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-custom-sidebar No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-seo-keyword-optimizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-seo-keyword-optimizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-seo-keyword-optimizer 2.1.9.8 Subscriber+.Arbitrary.Option.Update CRITICAL" "wechat-reward No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-simple-events No.known.fix Admin+.Cross.Site.Scripting MEDIUM" "wp-next-post-navi No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-corrector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpview No.known.fix Admin+.Stored.XSS LOW" "wp-fb-messenger-button-lite 2.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-content-filter 3.1.0 Admin+.Stored.Cross.Site.Scripting LOW" "wp-abstracts-manuscripts-manager 2.7.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Admin+.Stored.XSS LOW" "wp-abstracts-manuscripts-manager 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Reflected.XSS HIGH" "woo-gift-cards-lite 3.0.7 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "woo-gift-cards-lite 2.6.7 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "woo-gift-cards-lite 2.1.2 Cross-Site.Request.Forgery MEDIUM" "woo-gift-cards-lite 2.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wha-puzzle No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-google-dynamic-retargeting-tag 1.7.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-timelines 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-timelines 3.6.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-timelines 3.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-default-feature-image No.known.fix Admin+.Stored.XSS LOW" "web-directory-free 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.3 Unauthenticated.LFI HIGH" "web-directory-free 1.7.2 Reflected.XSS HIGH" "web-directory-free 1.7.0 Unauthenticated.SQL.Injection HIGH" "wonderplugin-video-embed 1.8 Contributor+.Stored.XSS MEDIUM" "wp-graphql-woocommerce 0.12.4 Unauthenticated.Coupon.Codes.Disclosure MEDIUM" "woocommerce-product-importer No.known.fix Product.Importer.<=.1.5.2.-.Reflected.Cross-Site.Scripting MEDIUM" "woo-merchantx No.known.fix CSRF.Bypass MEDIUM" "wp-travel No.known.fix Authenticated.(Author+).SQL.Injection MEDIUM" "wp-travel No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-travel 9.7.0 Missing.Authorization MEDIUM" "wp-travel 9.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel 7.8.1 Unauthenticated.AJAX.Calls MEDIUM" "wp-travel 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel 4.4.7 CSRF.Nonce.Bypasses MEDIUM" "wp-travel 4.4.7 Cross-Site.Request.Forgery MEDIUM" "woocommerce-predictive-search 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-table-lite 3.9.5 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.9.0 Missing.Authorization MEDIUM" "wc-product-table-lite 3.8.7 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.8.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wc-product-table-lite 3.8.6 Missing.Authorization.to.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wc-product-table-lite 3.1.0 CSRF MEDIUM" "wc-product-table-lite 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-booking-system 2.0.19.11 Missing.Authorization.via.wpbs_refresh_calendar_editor MEDIUM" "wp-booking-system 2.0.19.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-booking-system 2.0.19.3 Missing.Authorization MEDIUM" "wp-booking-system 2.0.18.1 Admin+.Stored.XSS LOW" "wp-booking-system 2.0.15 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-booking-system 1.5.2 CSRF.to.Authenticated.SQL.Injection HIGH" "wp-booking-system 1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-paypal-payments 2.0.5 Merchant.ID.Details.Update.via.CSRF MEDIUM" "wp-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-blocks-hub No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-megamenu No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-megamenu 1.4.1 Subscriber+.Arbitrary.Post.Access MEDIUM" "wp-megamenu 1.4.0 Unauthenticated.Arbitrary.Post.Access HIGH" "wp-megamenu 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-hss-extension-for-streaming-video No.known.fix Reflected.Cross-Site.Scripting.via.videolink.Parameter MEDIUM" "web-disrupt-funnelmentals No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "web-disrupt-funnelmentals No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-disrupt-funnelmentals No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-1-slider 1.3.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-header-images 2.0.1 Reflected.Cross-Site.Scripting HIGH" "wp-cron-status-checker 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-cron-status-checker 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-baidu-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-cvr-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).CVR.Update MEDIUM" "wordpress-ping-optimizer No.known.fix Log.Clearing.via.CSRF MEDIUM" "wordpress-ping-optimizer 2.35.1.3.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-customers-order-history No.known.fix Missing.Authorization MEDIUM" "woo-customers-order-history 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-order-history 5.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ws-contact-form 1.3.8 Admin+.Stored.XSS LOW" "wp-shoutbox-live-chat No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-shoutbox-live-chat No.known.fix Unauthenticated.SQLi HIGH" "wpdb-to-sql No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wc-captcha No.known.fix Admin+.Stored.XSS LOW" "wp-prayer No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-prayer No.known.fix Arbitrary.Prayer.Deletion.via.CSRF MEDIUM" "wp-prayer No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.9.7 Admin+.Stored.XSS LOW" "wp-prayer 1.5.5 Unauthorised.AJAX.call.via.CSRF MEDIUM" "wp-prayer 1.6.6 Cross-Site.Request.Forgery MEDIUM" "wp-prayer 1.6.7 Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-nerd-toolkit No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp-table-pixie 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wolfnet-idx-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "wp-custom-author-url 1.0.5 Admin+.Stored.XSS LOW" "wp-plugin-manager 1.1.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-opening-hours No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wa-sticky-button 1.4.1 Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "woo-easy-duplicate-product 0.3.0.8 Missing.Authorization.via.wedp_duplicate_product_action MEDIUM" "woo-easy-duplicate-product 0.3.0.1 Reflected.XSS HIGH" "wp-live-chat-software-for-wordpress 4.5.16 Cross-Site.Request.Forgery MEDIUM" "woocommerce-social-media-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-force-ssl 1.67 Missing.Authorization.to.Settings.Update MEDIUM" "wp-e-commerce-style-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-sitemap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-return-warrranty No.known.fix Reflected.Cross-Site.Scripting HIGH" "we-client-logo-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-calendar No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-fiscalita-italiana No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-fiscalita-italiana 1.3.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ultimate-csv-importer 7.9.9 Imported.Files.Disclosure MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.Privilege.Escalation MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.RCE MEDIUM" "wp-ultimate-csv-importer 6.5.8 Missing.Authorisation LOW" "wp-ultimate-csv-importer 6.5.8 Admin+.SQLi MEDIUM" "wp-ultimate-csv-importer 6.5.3 Admin+.Blind.SSRF MEDIUM" "wp-ultimate-csv-importer 6.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ultimate-csv-importer 6.4.2 Subscriber+.Arbitrary.Option.Deletion HIGH" "wp-ultimate-csv-importer 6.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "wp-ultimate-csv-importer 5.6.1 CSRF HIGH" "wp-ultimate-csv-importer 3.8.8 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-ultimate-csv-importer 3.8.1 XSS MEDIUM" "wp-buddha-free-adwords No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-buddha-free-adwords No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-dev-powers-acf-color-coded-field-types No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dbmanager 2.80.8 Admin+.Remote.Command.Execution MEDIUM" "wp-dbmanager 2.79.2 Arbitrary.File.Delete HIGH" "wp-clean-up No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-line-notify 1.4.5 Reflected.XSS HIGH" "wpkoi-templates-for-elementor 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpkoi-templates-for-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpkoi-templates-for-elementor 2.5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "wpkoi-templates-for-elementor 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Heading.Widget MEDIUM" "wp-showhide 1.05 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "waymark 1.4.2 Reflected.Cross-Site.Scripting.via.'content' MEDIUM" "woo-login-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-login-redirect No.known.fix CSRF MEDIUM" "wsb-brands 1.2 Admin+.Stored.XSS LOW" "woo-binary-mlm No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "woo-binary-mlm No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-admin 2.6.4 Analytics.Report.Leaks MEDIUM" "wp-vr-view No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "wp-bulk-delete 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-page-duplicator No.known.fix Missing.Authorization.to.Unauthenticated.Post/Page.Duplication MEDIUM" "wp-child-theme-generator 1.1.2 Missing.Authorization.to.Unauthenticated.Child.Theme.Creation/Activation MEDIUM" "wp-child-theme-generator 1.1.3 Admin+.Arbitrary.File.Upload MEDIUM" "web3-token-gate 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wh-testimonials No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-chgfontsize No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "wp-easy-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection.via.key.Parameter HIGH" "wp-easy-gallery No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "wp-easy-gallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Gallery.Manipulation MEDIUM" "wp-sheet-editor-edd-downloads 1.0.61 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-edd-downloads 1.0.49 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-gallery-slider 2.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woo-authorize-net-gateway-aim 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-authorize-net-gateway-aim 5.1.27 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wappointment 2.6.1 Admin+.SSRF MEDIUM" "wappointment 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wgauge No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wgauge No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woc-open-close 4.9.2 Missing.Authorization MEDIUM" "wp-users-masquerade No.known.fix Authentication.Bypass HIGH" "wheel-of-life 1.1.9 Missing.Authorization MEDIUM" "wheel-of-life 1.1.8 Missing.Authorization.on.Several.AJAX.Endpoints MEDIUM" "wp-bootscraper 4.0.0 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-file-manager-pro 8.3.10 Unauthenticated.Backup.File.Download.and.Upload HIGH" "wp-file-manager-pro 8.3.10 Unauthenticated.Limited.JavaScript.File.Upload HIGH" "wp-file-manager-pro 8.3.10 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.5 Directory.Traversal CRITICAL" "wp-file-manager-pro 8.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-file-manager-pro 8.3.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wpcasa 1.3.0 Insecure.Direct.Object.Reference MEDIUM" "word-balloon 4.22.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "word-balloon 4.20.3 Avatar.Removal.via.CSRF MEDIUM" "word-balloon 4.19.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-client-logo-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-simple-frontend-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-simple-frontend-manager 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "welcome-email-editor 5.0.7 Cross-Site.Request.Forgery MEDIUM" "welcome-email-editor 5.0.7 Subscriber+.Email.Sending MEDIUM" "wp-film-studio 1.3.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-munich-blocks 0.10.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-munich-blocks 0.11.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-munich-blocks 0.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wep-demo-import 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-user No.known.fix Unauthenticated.SQLi HIGH" "wp-user No.known.fix Admin+.Stored.XSS LOW" "wp-user 7.0 Reflected.Cross-Site.Scripting MEDIUM" "wow-carousel-for-divi-lite 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Carousel.and.Logo.Carousel.Widgets MEDIUM" "wow-carousel-for-divi-lite 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "widget-logic 5.10.3 CSRF.and.Lack.of.Authorisation HIGH" "widget-logic 5.10.2 CSRF.to.RCE HIGH" "wordfence 7.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "wordfence 7.1.14 Username.Enumeration.Prevention.Bypass MEDIUM" "wordfence 5.1.5 Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-store-toolkit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-store-toolkit 2.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-store-toolkit 2.3.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-store-toolkit 1.5.8 Privilege.Escalation CRITICAL" "woocommerce-store-toolkit 1.5.7 Store.Toolkit.Plugin.<=.1.5.6.-.Privilege.Escalation CRITICAL" "wp-newsletter-subscription No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-conditional-post-restrictions 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-conditional-post-restrictions 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wen-responsive-columns 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-time-slots-booking-form 1.2.12 Missing.Authorization MEDIUM" "wp-time-slots-booking-form 1.2.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-time-slots-booking-form 1.2.07 Unauthenticated.Price.Manipulation MEDIUM" "wp-time-slots-booking-form 1.1.82 Admin+.Stored.XSS LOW" "wp-time-slots-booking-form 1.1.63 Admin+.Stored.Cross-Site.Scripting LOW" "websand-subscription-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "w3swoozoho 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-get-personal-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-edit-templates No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "woo-edit-templates 1.1.2 Reflected.XSS HIGH" "woo-customers-manager 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-manager 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-change-email-sender 2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "whatshelp-chat-button 1.8.10 Admin+.Stored.XSS LOW" "wp-photo-effects 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-effects 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photo-effects 1.2.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wr-age-verification No.known.fix Unauthenticated.SQL.Injection HIGH" "wr-age-verification No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wr-age-verification 2.0.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-survey-plus No.known.fix Subscriber+.AJAX.Calls HIGH" "wp-agenda No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.6 Authenticated.(Editor+).Local.File.Inclusion HIGH" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wp-affiliate-links No.known.fix Reflected.XSS HIGH" "wordpress-meta-robots No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wp-athletics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-athletics No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "webappick-product-feed-for-woocommerce 6.5.7 Shop.Manager+.Arbitrary.Options.Update HIGH" "webappick-product-feed-for-woocommerce 3.1.15 Authenticated.Reflected.XSS MEDIUM" "wti-like-post No.known.fix IP.Spoofing MEDIUM" "wti-like-post 1.4.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "wti-like-post 1.4.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-mpdf 3.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-mpdf 3.5.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-ticket-ultra No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-favorite-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-favorite-posts 1.6.6 Cross-Site.Scripting.(XSS) MEDIUM" "woo-product-filter 2.7.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "woo-product-filter 2.5.1 Subscriber+.Table.Data.Access MEDIUM" "wpformify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpformify 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wptelegram-widget 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-total-sales No.known.fix Missing.Authorization.to.Unauthenticated.Sales.Report.Retrieval MEDIUM" "wp-simple-firewall 20.0.6 Reflected.XSS HIGH" "wp-simple-firewall 19.1.11 Cross-Site.Request.Forgery MEDIUM" "wp-simple-firewall 18.5.10 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-simple-firewall 18.5.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-simple-firewall 17.0.18 Subscriber+.Arbitrary.Log.Entry.Creation MEDIUM" "wp-simple-firewall 17.0.18 Unauthenticated.Stored.XSS HIGH" "wp-simple-firewall 13.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-login-security-and-history No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.6 Settings.Update.via.CSRF MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Unauthenticated.Email.Settings.Update MEDIUM" "wp-publications No.known.fix Admin+.Stored.XSS LOW" "wp-publications No.known.fix Local.File.Inclusion HIGH" "wp-responsive-menu 3.1.7.1 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wp-live-chat-support 8.2.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-live-chat-support 8.0.33 Missing.Permission.Checks.on.some.REST.API.Calls CRITICAL" "wp-live-chat-support 8.0.27 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 8.0.18 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.08 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.06 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 7.1.05 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 1.7.03 XSS MEDIUM" "wp-live-chat-support 7.0.07 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.04 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.02 Stored.Cross-Site.Scripting MEDIUM" "wp125 1.5.5 Arbitrary.Ad.Deletion.via.CSRF MEDIUM" "woocommerce-payu-paisa No.known.fix Price.Tampering MEDIUM" "wp-cleanfix 5.7.0 Subscriber+.Post/Comment/Post.Meta.Content.Replacement MEDIUM" "wp-cleanfix 3.0.2 Remote.Comm&.Execution,.CSRF.&.XSS HIGH" "wpjobboard 5.11.1 Reflected.Cross-Site.Scripting MEDIUM" "wpjobboard 5.7.0 Unauthenticated.SQL.Injection CRITICAL" "wpjobboard 5.7.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "wpjobboard 5.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpjobboard 4.5 Multiple.SQL.Injections HIGH" "wpjobboard 5.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-back-button No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-beta-tester 2.2.4 Admin+.SQLi MEDIUM" "wordpress-toolbar No.known.fix Open.Redirect MEDIUM" "wpc-smart-messages 4.2.2 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "wpc-smart-messages 4.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Message.Activation/Deactivation MEDIUM" "wp-payeezy-pay 2.98 Local.File.Inclusion CRITICAL" "wordpress-multisite-user-sync 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wpupper-share-buttons 3.50 Missing.Authorization MEDIUM" "wpupper-share-buttons 3.43 Admin+.Stored.XSS LOW" "wp-vk 1.3.4 Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "wpide 3.5.0 Unauthenticated.Full.Path.Dislcosure MEDIUM" "wpide 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Read MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Edit.&.Upload MEDIUM" "wpide 3.0 Admin+.Local.File.Inclusion LOW" "widget-extend-builtin-query 1.06 Reflected.Cross-Site.Scripting MEDIUM" "wp-lead-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lead-stream No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-sms 6.9.4 Missing.Authorization MEDIUM" "wp-sms 6.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-sms 6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-sms 6.5.3 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-sms 6.5.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.5.1 Contributor+.SQLi.to.Reflected.XSS HIGH" "wp-sms 6.5.1 Cross-Site.Request.Forgery.to.Subscriber.Deletion MEDIUM" "wp-sms 6.2.0 User.Unsubscribe.via.CSRF MEDIUM" "wp-sms 6.1.5 Reflected.XSS HIGH" "wp-sms 6.0.4.1 Information.Disclosure.via.REST.API MEDIUM" "wp-sms 5.4.13 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-sms 5.4.9.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-duplicate-page 1.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-migration-duplicator 1.4.9 Missing.Authorization.to.Directory.Traversal MEDIUM" "wp-migration-duplicator 1.4.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-migration-duplicator 1.4.5 Subscriber+.Stored.XSS HIGH" "wp-migration-duplicator 1.4.4 Subscriber+.Plugin.Settings.Update MEDIUM" "wp-migration-duplicator 1.4.2 Missing.Authorization.to.Settings.and.Schedule.Modification MEDIUM" "ws-form-pro 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form-pro 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form-pro 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "wpglobus 1.9.7 Stored.XSS.&.CSRF HIGH" "wp-file-upload 4.24.14 Unuathenticated.Remote.Code.Execution CRITICAL" "wp-file-upload 4.25.0 Unauthenticated.Remote.Code.Execution,.Arbitrary.File.Read,.and.Arbitrary.File.Deletion CRITICAL" "wp-file-upload 4.24.14 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.in.wfu_file_downloader.php HIGH" "wp-file-upload 4.25.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Path.Traversal MEDIUM" "wp-file-upload 4.24.12 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.and.Deletion.in.wfu_file_downloader.php CRITICAL" "wp-file-upload 4.24.9 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "wp-file-upload 4.24.8 Missing.Authorization MEDIUM" "wp-file-upload 4.24.8 Unauthenticated.Stored.XSS HIGH" "wp-file-upload 4.24.8 Reflected.XSS HIGH" "wp-file-upload 4.24.8 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "wp-file-upload 4.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.24.1 Cross-Site.Request.Forgery MEDIUM" "wp-file-upload 4.23.3 Author+.Stored.Cross-Site.Scripting LOW" "wp-file-upload 4.19.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-file-upload 4.19.2 Admin+.Path.Traversal MEDIUM" "wp-file-upload 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wp-file-upload 4.13.0 Directory.Traversal.to.RCE CRITICAL" "wp-file-upload 4.3.4 Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-upload 4.3.3 Security.Issue.in.Shortcodes MEDIUM" "wp-file-upload 3.9.0 Insufficient.File.Extension.Blacklisting HIGH" "wp-file-upload 3.4.1 Unauthenticated.Malicious.File.Upload HIGH" "wp-file-upload 3.0.0 Multiple.Vulnerabilities HIGH" "wp-file-upload 2.7.1 JS.File.Upload HIGH" "wp-backpack No.known.fix Admin+.Stored.XSS LOW" "wc-ciudades-y-regiones-de-chile No.known.fix Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "wp-quicklatex 3.8.8 Admin+.Stored.XSS LOW" "wp-quicklatex 3.8.7 Admin+.Stored.XSS.in.Background.Color.field LOW" "wedocs 2.1.5 Missing.Authorization MEDIUM" "wp-hosting-performance-check No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-products-designer No.known.fix CSRF MEDIUM" "wadi-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wadi-survey No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-seo-content-randomizer-addon 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-paginate 2.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-paginate 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "wpgateway No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "woo-manage-fraud-orders No.known.fix Unauthenticated.Information.Exposure.via.Log.Files MEDIUM" "woo-manage-fraud-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-country-based-payments 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-country-based-payments 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-facebook-feed No.known.fix Reflected.XSS HIGH" "wp-facebook-feed No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-socializer 7.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-dashboard-notes 1.0.12 Subscriber+.Stored.XSS HIGH" "wp-dashboard-notes 1.0.11 Contributor+.Arbitrary.Private.Notes.Update.via.IDOR LOW" "wp-dashboard-notes 1.0.11 Unauthorised.Deletion.of.Private.Notes LOW" "woomotiv No.known.fix Unauthenticated.SQL.Injection HIGH" "woomotiv 3.5.0 Review.Count.Reset.via.CSRF MEDIUM" "woomotiv 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-school-calendar-lite 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wsify-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wooreviews-importer No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-splashing-images 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "wp-splashing-images 2.1.1 Authenticated.PHP.Object.Injection HIGH" "wp-multitasking 0.1.18 WP.Utilities.<.0.1.18.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-multitasking No.known.fix Reflected.XSS.via.Shortcode MEDIUM" "wp-multitasking No.known.fix SMTP.Settings.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Exit.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Welcome.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-admin-ui-customize 1.5.14 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-ui-customize 1.5.13 Admin+.Stored.XSS LOW" "woocommerce-menu-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-gallery-transformation No.known.fix Blind.SQL.Injection CRITICAL" "wp-forms-puzzle-captcha No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-forms-puzzle-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-forms-puzzle-captcha No.known.fix CSRF MEDIUM" "weforms 1.6.24 Use.of.Polyfill.io MEDIUM" "weforms 1.6.21 Missing.Authorization MEDIUM" "weforms 1.6.22 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer HIGH" "weforms 1.6.19 Missing.Authorization.via.export_form_entries MEDIUM" "weforms 1.6.18 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "weforms 1.6.14 Admin+.Stored.Cross-Site.Scripting LOW" "weforms 1.6.4 CSV.Injection MEDIUM" "wp-media-library-categories 2.0.1 Admin+.Stored.XSS LOW" "wp-media-library-categories 2.0.0 Admin+.Stored.XSS LOW" "wpc-composite-products 7.2.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wc-remove-tabs-and-fields 1.68 Reflected.Cross-Site.Scripting MEDIUM" "wp-woocommerce-quickbooks 1.1.9 Reflected.Cross-Site.Scripting HIGH" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-ecommerce-tracking-for-google-and-facebook 3.7.2 CSRF MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-schema-pro 2.7.16 Contributor+.Custom.Field.Access LOW" "wp-bing-search 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-bing-search 2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weather-atlas No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "weather-atlas 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-eMember 10.7.0 Stored.XSS.via.CSRF HIGH" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Stored.XSS.in.Blacklist.via.CSRF HIGH" "wp-eMember 10.6.7 Reflected.XSS MEDIUM" "wp-eMember 10.6.6 Admin+.Arbitrary.File.Upload MEDIUM" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Bulk.Delete.via.CSRF MEDIUM" "wp-eMember 10.6.7 Reflected.XSS.via.Member.Edit HIGH" "wp-eMember 10.6.7 Unauthenticated.Stored.XSS.via.Member.Registration HIGH" "wp-eMember 10.3.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-eMember 10.3.9 Reflected.XSS HIGH" "wpspx No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-colorbox 1.1.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woo-ups-pickup 2.6.6 Reflected.XSS HIGH" "woocommerce-bulk-order-form 3.6.0 Shop.Manager+.Stored.XSS MEDIUM" "wpbrutalai 2.06 Admin+.Stored.XSS LOW" "wpbrutalai 2.0.1 Admin+.Reflected.XSS HIGH" "wpbrutalai 2.0.0 SQL.Injection.via.CSRF HIGH" "watermark-reloaded No.known.fix Cross-Site.Request.Forgery.via.optionsPage HIGH" "wp-reset 2.03 Missing.Authorization.to.License.Key.Modification MEDIUM" "wp-reset 2.0 Sensitive.Information.Exposure.due.to.Insufficient.Randomness MEDIUM" "wp-reset 5.99 Subscriber+.Database.Reset CRITICAL" "wp-reset 5.99 Database.Reset.via.CSRF CRITICAL" "wp-reset 1.90 Authenticated.Stored.XSS MEDIUM" "woo-advanced-shipment-tracking 3.5.3 CSRF MEDIUM" "woo-advanced-shipment-tracking 3.2.7 Authenticated.Options.Change CRITICAL" "woo-related-products-refresh-on-reload 3.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Checkout.Fields.Update.via.CSRF MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery.to.Checkout.Fields.Update MEDIUM" "wp-amazon-shop No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-multi-store-locator 2.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator 2.5.1 Contributor+.Stored.XSS MEDIUM" "www-xml-sitemap-generator-org 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-smart-wishlist 4.7.2 Add/Remove.Wishlist.Items.via.CSRF MEDIUM" "woo-smart-wishlist 2.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-smart-wishlist 2.9.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-qiwi-payment-gateway No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-expand-tabs-free 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-expand-tabs-free 2.1.17 Contributor+.Stored.XSS MEDIUM" "wp-expand-tabs-free 2.1.15 Multiple.CSRF MEDIUM" "wp-t-wap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-admin-style No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wassup No.known.fix Unauthenticated.Stored.XSS HIGH" "wassup 1.9.1 Cross.Site.Scripting MEDIUM" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wpdm-gutenberg-blocks 2.1.9 Contributor+.XSS MEDIUM" "wp-facebook-reviews 12.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 13.0 Admin+.Stored.XSS LOW" "wp-facebook-reviews 3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 12.2 Subscriber+.SQLi HIGH" "wp-facebook-reviews 11.0 Admin+.SQL.Injection MEDIUM" "wp-word-count No.known.fix Missing.Authorization.via.calculate_statistics MEDIUM" "wp-word-count 3.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "website-testimonials 6.1.1 Reflected.Cross-Site.Scripting MEDIUM" "watu 3.4.1.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "watu 3.4.1.2 Author+.Stored.XSS MEDIUM" "watu 3.4.1.1 Sensitive.Information.Disclosure MEDIUM" "watu 3.4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "watu 3.3.9.3 Reflected.XSS HIGH" "watu 3.3.9.1 Reflected.XSS HIGH" "watu 3.3.8.1 Admin+.Stored.XSS LOW" "watu 3.3.8.3 Admin+.Stored.XSS LOW" "watu 3.3.8.2 Reflected.XSS HIGH" "watu 3.1.2.6 Reflected.XSS.via.question-form.html.php HIGH" "wp-memory 2.46 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wp-planet No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "wp-logo-showcase 1.3.37 Editor.Plugin's.Settings.Update LOW" "wp-auto-republish 1.5.6.1 Subscriber+.Settings.Update/Access MEDIUM" "wp-auto-republish 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-auto-republish 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-db-backup 2.5.2 Arbitrary.Schedule.Settings.Update.via.CSRF MEDIUM" "wp-db-backup 2.5.1 Admin+.SQL.Injection MEDIUM" "wp-db-backup 2.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "wp-db-backup 2.3.0 Backup.Filename.Brute.Forcing HIGH" "wppdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "weixin-robot-advanced No.known.fix Reflected.XSS HIGH" "wp-foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-politic 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-politic 2.3.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-simple-booking-calendar 2.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-booking-calendar 2.0.8.5 Cross-Site.Request.Forgery MEDIUM" "wp-simple-booking-calendar 2.0.6 Authenticated.SQL.Injection MEDIUM" "woocommerce-inventory-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-orders-tracking 1.2.11 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woo-orders-tracking 1.2.6 Admin+.Arbitrary.File.Access/Read MEDIUM" "woo-orders-tracking 1.1.10 Reflected.Cross-Site.Scripting HIGH" "wp-mail-bank 3.0.13 Reflected.Cross-Site.Scripting MEDIUM" "wcsm-search-merchandising No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcsm-search-merchandising No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-gateway-gocardless 2.5.7 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "wp-awesome-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn2.Shortcode MEDIUM" "wp-front-end-profile 1.3.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-front-end-profile 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-front-end-profile 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-front-end-profile 1.2.2 CSRF.Check.Incorrectly.Implemented LOW" "wp-front-end-profile 0.2.2 Privilege.Escalation.&.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-staging-pro 5.6.1 Backup.Duplicator.&.Migration.<.5.6.1.-.Cross-Site.Request.Forgery.to.Limited.Local.File.Inclusion HIGH" "wp-staging-pro 5.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging-pro 5.4.0 Admin+.Stored.XSS LOW" "wp-staging-pro 5.1.3 Unauthenticated.Backup.Download HIGH" "woo-extra-flat-rate 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-extra-flat-rate 4.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-sourceforge-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wise-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-browser-update 4.5 Settings.Update.via.CSRF MEDIUM" "wp-browser-update 4.6 Admin+.Stored.XSS LOW" "wp-persistent-login 2.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wp-persistent-login 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-tuner No.known.fix Missing.Authorization MEDIUM" "whmpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "whmpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-floating-menu 1.4.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-floating-menu 1.4.1 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "wp-super-popup No.known.fix Admin+.Stored.XSS LOW" "wpo365-login 28.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pintra.Shortcode MEDIUM" "wpo365-login 15.4 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpo365-login 11.7 JWT.Signature.Verification.Bypass HIGH" "wp-total-branding 1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.title.Parameter MEDIUM" "wizhi-multi-filters No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpc-grouped-product 4.4.3 Missing.Authorization MEDIUM" "wordlift No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wordlift 3.37.2 Admin+.Stored.Cross-Site.Scripting LOW" "wppricing-builder-lite-responsive-pricing-table-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-csv-exporter 1.3.7 CSV.Injection LOW" "wp-csv-exporter 1.3.7 Admin+.SQLi MEDIUM" "wp-store-locator-extenders 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-store-locator-extenders 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ad-guru No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-concours No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wc-multivendor-marketplace 3.6.12 Reflected.Cross-Site.Scripting MEDIUM" "wc-multivendor-marketplace 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wc-multivendor-marketplace 3.4.12 Subscriber+.Unauthorised.AJAX.Calls HIGH" "wc-multivendor-marketplace 3.5.0 Multiple.CSRF MEDIUM" "wc-multivendor-marketplace 3.4.12 WooCommerce.Multivendor.Marketplace.<.3.4.12.-.Unauthenticated.SQL.Injection HIGH" "wp-dropbox-dropins No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-gotowebinar 15.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.7 Missing.Authorization MEDIUM" "wp-gotowebinar 15.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.1 Missing.Authorization MEDIUM" "wp-gotowebinar 14.46 Admin+.Stored.XSS LOW" "wp-course-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-custom-profile-picture No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "woo-payment-gateway-for-piraeus-bank 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "webful-simple-grocery-shop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-edit-menu No.known.fix Arbitrary.Post.Deletion.via.CSRF MEDIUM" "wp-edit-menu 1.5.0 Unauthenticated.Arbitrary.Post.Deletion HIGH" "wp-insert 2.5.1 Admin+.Stored.XSS MEDIUM" "wp-optin-wheel 1.4.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "web-push No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpvr 8.5.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpvr 8.5.6 Missing.Authorization MEDIUM" "wpvr 8.5.5 Missing.Authorization MEDIUM" "wpvr 8.3.15 Unauthenticated.Plugin.Downgrade.leading.to.XSS HIGH" "wpvr 8.3.5 Reflected.XSS HIGH" "wpvr 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wpvr 8.3.0 Subscriber+.Arbitrary.Tour.Update MEDIUM" "wpvr 8.2.9 Reflected.XSS HIGH" "wpvr 8.2.8 Subscriber+.Settings.Update MEDIUM" "wpvr 8.2.7 Contributor+.Stored.XSS MEDIUM" "woo-product-carousel-slider-and-grid-ultimate 1.10.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Authenticated.(Contributor+).Local.File.Inclusion.via.'theme' HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Contributor+.Local.File.Inclusion HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.9.8 Authenticated(Contributor+).PHP.Object.Injection HIGH" "wp-wc-affiliate-program 8.5.0 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "webriti-custom-login-page No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-ticket 5.10.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ticket 5.6.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-superfaktura 1.40.4 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "wp-crm No.known.fix CSV.Injection LOW" "wp-notification-bell 1.3.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-twitterbot No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-remote-users-sync 1.2.13 Subscriber+.SSRF HIGH" "wp-remote-users-sync 1.2.12 Subscriber+.Log.Access MEDIUM" "wp-security-audit-log 5.2.2 Unauthenticated.Stored.Cross-Site.Scripting.via.User_id.Parameter HIGH" "wp-security-audit-log 4.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.5.2 Subscriber+.Information.Leak MEDIUM" "wp-security-audit-log 4.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log 4.1.5 SQL.Injection.in.External.Database.Module HIGH" "wp-security-audit-log 4.0.2 Broken.Access.Control.in.First-Time.Install.Wizard CRITICAL" "wp-security-audit-log 3.3.1.2 Subscriber+.Arbitrary.Option.Update MEDIUM" "woocommerce-shipping-gateway-per-product 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-gateway-per-product 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-hardening 1.2.7 Unauthenticated.Security.Feature.Bypass.to.Username.Enumeration MEDIUM" "wp-security-hardening 1.2.2 Reflected.XSS.via.URI MEDIUM" "wp-security-hardening 1.2.2 Reflected.XSS.via.historyvalue HIGH" "wip-woocarousel-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-product-gallery-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woo-bought-together 7.2.0 Missing.Authorization MEDIUM" "woo-bought-together 7.0.4 Missing.Authorization MEDIUM" "world-travel-information No.known.fix Reflected.Cross-Site.Scripting HIGH" "wpguppy-lite 1.1.1 Subscriber+.Privilege.Escalation HIGH" "wpguppy-lite 1.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wpbricks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpbricks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mlm No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-mlm No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-copyprotect No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-floating-cart-lite 2.8.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "woo-floating-cart-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-floating-cart-lite 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpb-advanced-faq No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-composite-products 8.7.6 Reflected.XSS MEDIUM" "wp-event-partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-event-partners No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-job-portal 2.2.7 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Job.Deletion MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Company.Logo.Deletion MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Company.Deletion MEDIUM" "wp-job-portal 2.2.6 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.wpjobportal_deactivate() MEDIUM" "wp-job-portal 2.2.3 Unauthenticated.SQL.Injection HIGH" "wp-job-portal 2.2.3 Missing.Authorization.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.3 Missing.Authorization.to.Limited.Privilege.Escalation MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.getFieldsForVisibleCombobox() MEDIUM" "wp-job-portal 2.2.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.7 Missing.Authorization.to.Unauthenticated.Local.File.Inclusion,.Arbitrary.Settings.Update,.and.User.Creation CRITICAL" "wp-job-portal 2.1.9 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-job-portal 2.0.6 Unauthenticated.SQLi HIGH" "wp-job-portal 2.0.2 Unauthenticated.Settings.Update MEDIUM" "wp-job-portal 2.0.6 Subscriber+.Stored.XSS HIGH" "wp-links-page 4.9.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Image.Update MEDIUM" "wp-links-page 4.9.5 Cross-Site.Request.Forgery.via.wplf_ajax_update_screenshots MEDIUM" "wp-links-page 4.9.4 Contributor+.Stored.XSS MEDIUM" "wp-maximum-upload-file-size 1.1.4 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "woo-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-advance-search 1.1 Multiple.XSS MEDIUM" "wordpress-data-guards No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wcc-seo-keyword-research No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcc-seo-keyword-research No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-pdf-vouchers 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.9 Authentication.Bypass CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.5 Missing.Authorization MEDIUM" "woocommerce-pdf-vouchers 4.9.4 PDF.Vouchers.<.4.9.4.-.Authentication.Bypass.to.Voucher.Vendor HIGH" "wordapp-mobile-app No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordapp-mobile-app No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-charts No.known.fix Contributor+.Stored.XSS MEDIUM" "which-template-file 5.1.0 Reflected.XSS HIGH" "which-template-file 4.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-captcha No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-captcha No.known.fix Captcha.Bypass MEDIUM" "woocommerce-check-pincode-zipcode-for-shipping No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-category-dropdown 1.9 Contributor+.Stored.XSS MEDIUM" "wp-docs 2.2.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.2.1 Authenticated.(Subscriber+).Time-Based.SQL.Injection.via.'dir_id' MEDIUM" "wp-docs 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.1.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-docs 2.0.0 Reflected.XSS HIGH" "wpdatatables 6.3.2 Tables.&.Table.Charts.(Premium).<.6.3.2.-.Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 6.4 Tables.&.Table.Charts.(Premium).<.6.4.-.Missing.Authorization.to.DataTable.Access.&.Modification HIGH" "wpdatatables 3.4.2.14 Unauthenticated.Stored.Cross-Site.Scripting.via.CSV.Import MEDIUM" "wpdatatables 3.4.2.5 Reflected.Cross-Site.Scripting. MEDIUM" "wpdatatables 2.1.66 Admin+.PHP.Object.Injection MEDIUM" "wpdatatables 2.1.50 Contributor+.Stored.XSS MEDIUM" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Permission.Takeover HIGH" "wpdatatables 3.4.2 Blind.SQL.Injection.via.start.Parameter CRITICAL" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Data.Deletion MEDIUM" "wpdatatables 3.4.2 Blind.SQL.Injection.via.length.Parameter CRITICAL" "wpdatatables 3.4.1 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 2.0.12 Cross-Site.Scripting.(XSS).&.SQL.Injection HIGH" "wpdatatables 1.5.4 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 1.5.4 Unauthenticated.Shell.Upload CRITICAL" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.25.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.24.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-limit-failed-login-attempts 5.6 Unauthenticated.SQL.Injeciton HIGH" "wp-limit-failed-login-attempts 5.4 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "wp-limit-failed-login-attempts 5.1 Unauthenticated.SQLi HIGH" "wp-limit-failed-login-attempts 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-limit-failed-login-attempts 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-insurance 2.1.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wesecur-security No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-experiments-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-experiments-free No.known.fix Missing.Authorization MEDIUM" "wp-experiments-free 9.0.1 Unauthenticated.SQLi HIGH" "woo-inquiry No.known.fix Unauthenticated.SQL.Injection CRITICAL" "woocommerce-ultimate-gift-card 2.9.1 Create,.Sell.and.Manage.Gift.Cards.with.Customized.Email.Templates.<.2.9.1.-.Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-admin-interface 7.32 Missing.Authorization.via.wpcai_pro_notice_disable MEDIUM" "wp-custom-admin-interface 7.33 Missing.Authorization.to.Transients.Deletion MEDIUM" "wp-custom-admin-interface 7.29 Admin+.PHP.Object.Injection MEDIUM" "wptouch 4.3.45 Admin+.PHP.Object.Injection MEDIUM" "wptouch 4.3.45 Admin+.Arbitrary.File.Upload MEDIUM" "wptouch 4.3.44 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-variation-swatches 2.3.8 Reflected.Cross-Site.Scripting HIGH" "wpgetapi 2.2.2 2.2.1.-.Authenticated.(Subscriber+).Arbitrary.Options.Update MEDIUM" "wp-log-viewer No.known.fix Missing.Authorization MEDIUM" "wp-free-ssl No.known.fix Missing.Authorization MEDIUM" "wp-free-ssl 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-prayers-request No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayers-request No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-esto 2.23.2 Settings.Update.via.CSRF MEDIUM" "webinar-ignition 3.06.0 Cross-Site.Request.Forgery MEDIUM" "webinar-ignition 3.05.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "webinar-ignition 3.05.1 Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "webinar-ignition 3.05.1 Unauthenticated.SQL.Injection CRITICAL" "webinar-ignition 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "webinar-ignition 2.14.3 Admin+.Stored.XSS LOW" "webinar-ignition 2.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-map No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-login-customizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "waiting No.known.fix Subscriber+.Stored.XSS HIGH" "waiting No.known.fix Subscriber+.SQLi HIGH" "waiting No.known.fix Cross-Site.Request.Forgery MEDIUM" "waiting No.known.fix Missing.Authorization MEDIUM" "waiting No.known.fix Admin+.Cross-Site.Scripting LOW" "wpc-shop-as-customer 1.2.9 Authentication.Bypass.Due.to.Insufficiently.Unique.Key HIGH" "wpc-shop-as-customer 1.2.7 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "wp-mediatagger No.known.fix Reflected.XSS HIGH" "wp-mediatagger No.known.fix Contributor+.Stored.XSS MEDIUM" "wechat-broadcast No.known.fix Local/Remote.File.Inclusion CRITICAL" "wp-dream-carousel No.known.fix Reflected.XSS HIGH" "wp-guppy 1.3 Sensitive.Information.Disclosure HIGH" "wp-cloudy 4.4.9 Admin+.SQL.Injection MEDIUM" "wp-maintenance 6.1.9.3 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-maintenance 6.1.7 Information.Exposure MEDIUM" "wp-maintenance 6.1.4 IP.Restriction.Bypass MEDIUM" "wp-maintenance 6.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 6.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 5.0.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "windsor-strava-club No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-users No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.3 Unauthenticated.Arbitrary.Shortcode.Execution CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Missing.Authorization MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.1 Reflected.XSS HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wpbits-addons-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wpbits-addons-for-elementor 1.5 Contributor+.Stored.XSS MEDIUM" "wpbits-addons-for-elementor 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-jobhunt 2.4 User.enumeration.&.Reset.password CRITICAL" "wp-setup-wizard 1.0.8.2 Authenticated.(Subscriber+).Full.Database.Download MEDIUM" "website-article-monetization-by-magenet 1.0.12 Unauthenticated.Stored.XSS HIGH" "wpgenealogy 0.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wpgenealogy 0.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-auto-top No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpgform No.known.fix Admin+.Stored.XSS LOW" "wpgform 0.94 Eval.Injection HIGH" "wp-ban 1.69.1 Admin+.Stored.XSS LOW" "wp-custom-fields-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcfs-preset.Shortcode MEDIUM" "wp-custom-fields-search 1.2.35 Admin+.Stored.XSS LOW" "wp-custom-fields-search 1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-youtube-gallery 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "wp-upg No.known.fix Unauthenticated.RCE CRITICAL" "woo-aliexpress-dropshipping 2.1.2 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woo-aliexpress-dropshipping No.known.fix Missing.Authorization MEDIUM" "wc-peach-payments-gateway 3.2.0 Missing.Authorization.via.peach_core_version_rollback() MEDIUM" "wps-telegram-chat No.known.fix Missing.Authorization.to.Information.Exposure MEDIUM" "wps-telegram-chat No.known.fix Authenticated.(Subscriber+).Unauthorized.Access.to.Telegram.Bot.API MEDIUM" "wp-social 3.0.8 Authentication.Bypass CRITICAL" "wp-social 3.0.1 Missing.Authorization.to.Unauthenticated.Social.Login/Share.Status.Update MEDIUM" "wphrm 1.1 Authenticated.SQL.Injection HIGH" "wdes-responsive-mobile-menu No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "woo-wholesale-pricing 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-wholesale-pricing 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-maintenance-mode 2.6.9 Subscriber+.Page.design.Update MEDIUM" "wp-maintenance-mode 2.4.5 Subscribed.Users.Deletion.via.CSRF MEDIUM" "wp-maintenance-mode 2.0.7 Authenticated.Multisite.Remote.Code.Execution HIGH" "wp-maintenance-mode 2.0.7 Missing.Settings.Authorization MEDIUM" "wp-maintenance-mode 2.0.7 Subscriber.Information.Disclosure MEDIUM" "woocommerce-simple-registration No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-webinarsystem 1.33.25 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Creation HIGH" "wp-webinarsystem 1.33.25 Missing.Authorization.to.Authenticated.(Subscriber+).Webinar.Updates HIGH" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-ultimate-review 2.3.0 Missing.Authorization MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Review.Restriction.Bypass MEDIUM" "wp-ultimate-review No.known.fix IP.Spoofing MEDIUM" "wp-ultimate-review 2.3.1 Settings.Update.via.CSRF MEDIUM" "wp-ultimate-review 2.1.0 Admin+.Stored.XSS LOW" "wp-ultimate-review 2.1.0 Settings.Update.via.CSRF MEDIUM" "wp-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-affiliate-disclosure 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$id MEDIUM" "wp-affiliate-disclosure 1.2.7 Cross-Site.Request.Forgery.via.check_capability MEDIUM" "wp-affiliate-disclosure 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-affiliate-disclosure 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "wpforms 1.8.5.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Form.Submission HIGH" "wpforms 1.7.7 CSV.Injection MEDIUM" "wp-ultimate-exporter 2.9.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "wp-ultimate-exporter 2.9.2 Authenticated.(Admin+).Remote.Code.Execution MEDIUM" "wp-ultimate-exporter 2.4.2 Unauthenticated.Information.Disclosure MEDIUM" "wp-ultimate-exporter 1.4.2 CSRF HIGH" "wp-ultimate-exporter 1.2 Unauthenticated.SQL.Injection CRITICAL" "wp-database-admin No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-wallet 1.5.7 Subscriber+.Funds.Creation MEDIUM" "woo-wallet 1.5.5 Authenticated.(Subscriber+).SQL.Injection.via.'search[value]' HIGH" "woo-wallet 1.5.1 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-wallet 1.4.11 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Export MEDIUM" "woo-wallet 1.4.4 For.WooCommerce.<.1.4.4.-.Subscriber+.Arbitrary.Wallet.Lock/Unlock.via.IDOR MEDIUM" "woo-wallet 1.4.0 Settings.Update.via.CSRF MEDIUM" "wpb-show-core 2.6 Reflected.XSS HIGH" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wpb-show-core No.known.fix Unauthenticated.Server.Side.Request.Forgery MEDIUM" "wpb-show-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-coming-soon-booster 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.3 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Content.Injection MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Settings.Change.leading.to.Stored.XSS CRITICAL" "wp-cloudflare-page-cache 4.7.6 Cross-Site.Request.Forgery MEDIUM" "wp-social-widget 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-social-widget 2.2.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-aweber-newsletter-subscription 4.0.3 Missing.Authorization.to.Access.Token.Modification MEDIUM" "wp-private-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-private-media No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-private-media No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woo-quick-view 1.1.3 Unauthenticated.Information.Disclosure MEDIUM" "wp-media-folder 5.7.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Plugin.settings.change MEDIUM" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Title.Modification MEDIUM" "wp2speed No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp2speed No.known.fix Improper.Authorization.due.to.use.of.Hardcoded.Credentials MEDIUM" "wp-smtp 1.2.7 1.2.6.-.Authenticated.(Admin+).SQL.Injection HIGH" "wpbenchmark 1.3.7 Cross-Site.Request.Forgery.via.execute_plugin() MEDIUM" "wp-geonames 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-geonames 1.9 Reflected.Cross-Site.Scripting MEDIUM" "wp24-domain-check 1.6.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wccp-pro 15.3 Admin+.Stored.XSS LOW" "wccp-pro 15.3 Open.Redirect MEDIUM" "wp-ecommerce-shop-styling No.known.fix Unauthenticated.Dompdf.Local.File.Inclusion.(LFI) HIGH" "woocommerce-multiple-customer-addresses 21.7 Arbitrary.Address.Creation/Deletion/Access/Update.via.IDOR HIGH" "wp-piwik 1.0.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-piwik 1.0.28 Admin+.Stored.XSS LOW" "wp-piwik 1.0.27 Plugin.Settings.Reset.via.CSRF MEDIUM" "wp-piwik 1.0.10 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-login-and-logout-redirect 2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-show-posts 1.1.6 Improper.Authorization.to.Information.Exposure MEDIUM" "wp-show-posts 1.1.5 Information.Exposure MEDIUM" "wp-show-posts 1.1.4 Contributor+.Stored.XSS MEDIUM" "weaver-for-bbpress 1.7.1 Reflected.Cross-Site.Scripting.via._wpnonce.Parameter MEDIUM" "webhotelier 1.6.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-seo-redirect-301 2.3.2 Redirect.Deletion.via.CSRF MEDIUM" "woo-inpost No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "wp-emember 10.6.6 Authenticated.(Admin+).Arbitrary.File.Upload MEDIUM" "wow-moodboard-lite No.known.fix Open.Redirect MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.7 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.1 Cross-Site.Request.Forgery MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.23 Reflected.XSS HIGH" "wpfrom-email 1.8.9 Admin+.Stored.XSS LOW" "wp-db-table-editor No.known.fix Missing.Authorization.to.Authenticated(Contributor+).Database.Access HIGH" "wp-ajax-contact-form No.known.fix Arbitrary.Email.Deletion.via.CSRF MEDIUM" "wp-ajax-contact-form No.known.fix Reflected.Cross-Site.Scripting HIGH" "wsm-downloader No.known.fix Domain.Name.Restriction.Bypass LOW" "wsm-downloader No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wp-sitemap-page 1.7.0 Admin+.Stored.Cross.Site.Scripting LOW" "wb-custom-product-tabs-for-woocommerce 1.2.5 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "wp-email 2.69.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-email 2.69.0 Anti-Spam.Protection.Bypass.via.IP.Spoofing MEDIUM" "wp-email 2.69.0 Log.Deletion.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "woo-bulk-editor 1.1.4.4 Missing.Authorization MEDIUM" "woo-bulk-editor 1.1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.1 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Plugin.Options MEDIUM" "woo-bulk-editor 1.1.4.1 Missing.Authorization.via.Several.Functions MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.7 Missing.Authorization MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Server-Side.Request.Forgery MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 3.7.6 Shop.Manager+.SQL.Injection HIGH" "woocommerce-pdf-invoices-packing-slips 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.16.0 Reflected.Cross-Site.Scripting LOW" "woocommerce-pdf-invoices-packing-slips 2.15.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.10.5 Reflected.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 2.0.13 XSS MEDIUM" "wp-media-category-management 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-media-category-management 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "word-freshener No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-post-disclaimer 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-orphanage-extended 1.3 Cross-Site.Request.Forgery.to.Orphan.Account.Privilege.Escalation HIGH" "widgetkit-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor No.known.fix Missing.Authorization.to.Notice.Dismissal NONE" "widgetkit-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "widgetkit-for-elementor 2.4.4 WidgetKit.<.2.4.4.-.Admin+.Stored.XSS LOW" "widgetkit-for-elementor 2.3.10 WidgetKit.<.2.3.10.-.Contributor+.Stored.XSS MEDIUM" "wte-elementor-widgets 1.3.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "widget-or-sidebar-per-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wpzoom-portfolio 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "wpzoom-portfolio 1.2.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "web-stories 1.38.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "web-stories 1.32 Author+.Auth.Bypass LOW" "web-stories 1.25.0 Subscriber+.Server.Side.Request.Forgery MEDIUM" "wp-meetup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-visited-countries-reloaded 3.1.1 Reflected.Cross-Site.Scripting HIGH" "wpcargo No.known.fix Missing.authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wpcargo No.known.fix Unauthenticated.SQL.Injection HIGH" "wpcargo 6.9.5 Admin+.Stored.Cross.Site.Scripting LOW" "wpcargo 6.9.5 Reflected.Cross.Site.Scripting MEDIUM" "wpcargo 6.9.0 Unauthenticated.RCE CRITICAL" "wpsimpletools-log-viewer No.known.fix Cross-Site.Request.Forgery.via.wpst_lw_viewer MEDIUM" "woocommerce-order-status-change-notifier No.known.fix Subscriber+.Arbitrary.Order.Status.Update MEDIUM" "wp-native-articles 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-lijit-wijit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-blog-carousel 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-blog-carousel 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wcs-qr-code-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-plotly 1.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-code-highlightjs No.known.fix Undisclosed.Cross-Site.Scripting.(XSS) MEDIUM" "wp-code-highlightjs 0.6.3 CSRF.to.Stored.XSS MEDIUM" "wp-translitera No.known.fix Settings.Update.via.CSRF MEDIUM" "white-label 2.9.1 Cross-Site.Request.Forgery.via.white_label_reset_wl_admins MEDIUM" "wp-terms-popup 2.6.1 Admin+.Stored.XSS LOW" "wp-ultimate-recipe 3.12.7 Authenticated.Stored.XSS MEDIUM" "wordpress-plugin-for-simple-google-adsense-insertion 2.1 Inject.ads.and.javascript.via.CSRF MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.deleteCustomType MEDIUM" "wp-upload-restriction No.known.fix Authenticated.Stored.XSS MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.getSelectedMimeTypesByRole MEDIUM" "woocommerce-bookings 2.0.4 Cross-Site.Request.Forgery MEDIUM" "woo-bulk-edit-products 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-edit-products 1.7.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-place-order-without-payment 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-place-order-without-payment 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-popup-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-joomag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-carousel-free 2.7.4 Admin+.Stored.XSS LOW" "wp-carousel-free 2.6.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "wp-carousel-free 2.6.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "wp-carousel-free 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'sp_wp_carousel_shortcode' MEDIUM" "wp-carousel-free 2.6.9 Editor+.Stored.XSS LOW" "wp-carousel-free 2.5.3 Contributor+.Stored.XSS MEDIUM" "wp-page-widget 4.0 Settings.Update.via.CSRF MEDIUM" "wp-header-notification No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpsimpletools-upload-limit No.known.fix Reflected.XSS HIGH" "wp-asset-clean-up 1.3.9.9 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "wp-asset-clean-up 1.3.9.4 Missing.Authorization MEDIUM" "wp-asset-clean-up 1.3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting.via.AJAX.Action HIGH" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.6.7 CSRF.&.XSS LOW" "wp-tradingview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpqa 6.1.1 Contributor+.Stored.XSS MEDIUM" "wpqa 6.1.1 Arbitrary.Category.and.Tag.Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.9.3 Missing.validation.lead.to.functionality.abuse LOW" "wpqa 5.9 Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.7 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.5 Unauthenticated.Private.Message.Disclosure MEDIUM" "wpqa 5.4 Reflected.Cross-Site.Scripting MEDIUM" "wpqa 5.2 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.2 Subscriber+.Stored.Cross-Site.Scripting.via.Profile.fields MEDIUM" "wpqa 5.2 Subscriber+.Arbitrary.Profile.Picture.Deletion.via.IDOR MEDIUM" "wp-file-checker No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "woo-product-feed-pro 13.3.2 Sensitive.Information.Exposure.via.Log.Files MEDIUM" "woo-product-feed-pro 13.2.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 12.4.5 Multiple.CSRF MEDIUM" "woo-product-feed-pro 11.2.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 11.0.7 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wp2android-turn-wp-site-into-android-app No.known.fix Unauthenticated.File.Upload CRITICAL" "wpgenious-job-listing No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wc-multi-currency 1.5.6 Missing.Authorization MEDIUM" "wc-multi-currency 1.5.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-sendinblue-newsletter-subscription 4.0.18 Authenticated.(Editor+).Arbitrary.File.Download.and.Deletion HIGH" "woocommerce-product-addons 6.2.0 Shop.Manager+.PHP.Object.Injection HIGH" "woocommerce-product-addons 6.2.0 Cross-Site.Request.Forgery MEDIUM" "webp-converter-for-media 4.0.3 Unauthenticated.Open.redirect MEDIUM" "webp-converter-for-media 1.0.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "woo-product-tables 2.1.3 Unuthenticated.SQL.Injection HIGH" "woo-product-tables 2.0.2 Unauthenticated.Remote.Code.Execution CRITICAL" "woo-product-tables 1.8.7 Cross-Site.Request.Forgery.via.saveGroup MEDIUM" "woocommerce-booking 6.10.0 Subscriber+.Arbitrary.Option.Update HIGH" "wordprezi 0.9 Contributor+.Strored.XSS MEDIUM" "wp-panoramio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Import.to.Stored.XSS HIGH" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Export MEDIUM" "wp-able-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wonderplugin-slider-lite 14.0 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-table-builder 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder No.known.fix Admin+.Stored.XSS LOW" "wp-table-builder 1.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.7 Admin+.Stored.XSS MEDIUM" "wp-table-builder 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-table-builder 1.3.10 Reflected.Cross-Site.Scripting HIGH" "wp-githuber-md No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-githuber-md 1.16.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "webinar-and-video-conference-with-jitsi-meet 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "webo-facto-connector 1.41 Unauthenticated.Privilege.Escalation CRITICAL" "wp-ical-availability No.known.fix Missing.Authorization MEDIUM" "wp-ical-availability No.known.fix Settings.Update.via.CSRF MEDIUM" "w3speedster-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "w3speedster-wp 7.27 Cross-Site.Request.Forgery MEDIUM" "w3speedster-wp 7.27 Admin+.RCE MEDIUM" "w3speedster-wp 7.20 Settings.Update.via.CSRF MEDIUM" "wordpress-form-manager 1.7.3 Authenticated.Remote.Command.Execution.(RCE) CRITICAL" "woo-abandoned-cart-recovery 1.0.4.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 Cross-Site.Request.Forgery MEDIUM" "wc1c-main No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-export No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-auto-affiliate-links 6.4.4 Authenticated.(Editor+).SQL.Injection CRITICAL" "wp-auto-affiliate-links 6.4.3.1 Missing.Authorization.via.aalAddLink MEDIUM" "wp-auto-affiliate-links 6.4.2.8 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.6 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.5 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-auto-affiliate-links 6.3.0.3 Settings.Update.via.CSRF MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.2 Cross-Site.Request.Forgery MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.1 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.0 Subscriber+.Arbitrary.Plugin.Installation/Activation HIGH" "widgets-for-zillow-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-e-commerce No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-e-commerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Creation MEDIUM" "wp-automedic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-automedic 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-catalogue No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-roadmap 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-svg-images 4.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "wp-svg-images 3.4 Authenticated.(author+).Stored.XSS.via.SVG MEDIUM" "wemanage-app-worker 1.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "wpeform-lite 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wpeform-lite 1.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-sentry No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "wp-easycart 5.7.9 Missing.Authorization.to.Order.Updates MEDIUM" "wp-easycart 5.7.3 Authenticated.(Contributor+).SQL.Injection.via.model_number.Parameter HIGH" "wp-easycart 5.6.0 Missing.Authorization MEDIUM" "wp-easycart 5.6.5 Sensitive.Information.Exposure MEDIUM" "wp-easycart 5.6.0 Cross-Site.Request.Forgery MEDIUM" "wp-easycart 5.6.4 Contributor+.SQL.Injection MEDIUM" "wp-easycart 5.4.11 Administrator+.Time-based.SQL.Injection HIGH" "wp-easycart 5.4.9 Multiple.CSRFs MEDIUM" "wp-easycart 5.4.9 Product.Deletion.via.CSRF MEDIUM" "wp-easycart 5.4.3 Admin+.LFI MEDIUM" "wp-easycart 5.2.5 Arbitrary.Design.Settings.Update.via.CSRF MEDIUM" "wp-easycart 5.1.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-easycart 3.0.21 3.0.20.-.Privilege.Escalation HIGH" "wha-crossword No.known.fix Contributor+.Stored.XSS MEDIUM" "wha-crossword No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-advance-comment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-advance-comment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-advance-comment No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "web-stat 1.4.1 API.Key.Disclosure HIGH" "wpshopgermany-it-recht-kanzlei 1.8 Admin+.Stored.XSS LOW" "wpadverts 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "wpadverts 2.1.7 Unauthenticated.Stored.Cross-Site.Scripting.via.adverts_add.Shortcode HIGH" "wpadverts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "woocommerce-eu-vat-assistant 2.1.2.230718 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-eu-vat-assistant 2.0.28.220224 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-search-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-search-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-zoho 1.2.4 Reflected.Cross-Site.Scripting HIGH" "wha-wordsearch No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wha-wordsearch No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-bulk-price-update 2.2.2 Reflected.XSS HIGH" "wp-spell-check 9.18 Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.13 Ignored.Word.Deletion.via.CSRF MEDIUM" "wp-spell-check 9.13 Admin+.Stored.Cross-Site.Scripting LOW" "wp-spell-check 9.3 Reflected.Cross-Site.Scripting HIGH" "wp-spell-check 7.1.10 Cross-Site.Request.Forgery.(CSRF) HIGH" "wc-multivendor-membership 2.11.0 Unauthenticated.Arbitrary.Password.Update.via.IDOR CRITICAL" "wc-multivendor-membership 2.10.1 Unauthenticated.AJAX.Calls HIGH" "wc-multivendor-membership 2.10.1 Unauthenticated.Privilege.Escalation CRITICAL" "wc-multivendor-membership 2.10.0 Multiple.CSRF MEDIUM" "wp-scrive 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-scrive 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-controller No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "wp-attachment-export 0.2.4 Unauthenticated.Posts.Download HIGH" "woorewards 5.3.1 Missing.Authorization MEDIUM" "where-i-was-where-i-will-be No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "wp-postratings 1.91.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-postratings 1.90 Ratings.Tempering.via.Race.Condition MEDIUM" "wp-postratings 1.86.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-postratings 1.62 Authenticated.SQL.Injection CRITICAL" "wordpress-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-masquerade No.known.fix Subscriber+.Account.Takeover HIGH" "wp-hubspot-woocommerce 1.0.5 Reflected.Cross-Site.Scripting HIGH" "wp-reviews-plugin-for-google 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-reviews-plugin-for-google 10.9.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-reviews-plugin-for-google 9.8 Contributor+.Stored.XSS MEDIUM" "wp-lister-for-amazon 2.6.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.4.4 Reflected.XSS HIGH" "wp-cirrus No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-eventpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widget-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-emoji-one No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-ecommerce-paypal 1.9.1 Unauthenticated.Open.Redirect HIGH" "wp-ecommerce-paypal 1.9 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-ecommerce-paypal 1.8.2 Cross-Site.Request.Forgery MEDIUM" "wp-ecommerce-paypal 1.7.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wp-ecommerce-paypal 1.7.3 CSRF.to.Stored.Cross-Site.Scripting HIGH" "woocommerce-subscriptions 5.8.0 Missing.Authorization MEDIUM" "woocommerce-subscriptions 4.6.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-subscriptions 4.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-subscriptions 2.6.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-subscriptions 3.0.3 CSRF.to.Cancel/Re-Activate.Subscription LOW" "wp-gdpr-core No.known.fix Multiple.Unauthenticated.Issues HIGH" "webtoffee-gdpr-cookie-consent 2.6.1 Bulk.Delete.via.CSRF MEDIUM" "webtoffee-gdpr-cookie-consent 2.6.1 Unauthenticated.Stored.XSS HIGH" "widget-for-eventbrite-api 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "widget-for-eventbrite-api 4.4.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-wholesale-prices 2.2.0 Missing.Authorization MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Missing.Authorization.for.Plugin.Settings.Change MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp2leads 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp2leads 3.2.8 Missing.Authorization MEDIUM" "woocommerce-delivery-date No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-gallery-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wplite No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-calameo 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-recipe-maker 9.7.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'tooltip' MEDIUM" "wp-recipe-maker 9.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'group_tag' MEDIUM" "wp-recipe-maker 9.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wprm-recipe-roundup-item.Shortcode MEDIUM" "wp-recipe-maker 9.3.0 Authenticated.Stored.Cross-Site.Scripting.via.Video.Embed MEDIUM" "wp-recipe-maker 9.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).SQL.Injecton HIGH" "wp-recipe-maker 9.1.1 Reflected.Cross-Site.Scripting.via.Referer MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.icon_color MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.'tag' MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.header_tag MEDIUM" "wp-recipe-maker 9.1.1 Directory.Traversal MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Recipe.Notes MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recipe-maker 8.6.1 Contributor+.Stored.XSS MEDIUM" "wp-cookies-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-central No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-central 1.5.1 Improper.Access.Control.to.Privilege.Escalation HIGH" "web-instant-messenger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-debugging 2.11.7 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "wp-debugging 2.11.7 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "wp-debugging 2.11.0 Unauthenticated.Plugin's.Settings.Update MEDIUM" "woo-vietnam-checkout 2.0.8 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.6 Unauthenticated.Stored.XSS HIGH" "woo-vietnam-checkout 2.0.5 Reflected.XSS HIGH" "wpachievements-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-rest-user No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log-premium 4.6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wc-sudan-payment-gateway No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-opt-in No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-easy-contact 3.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-openagenda 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-super-cache 1.9 Unauthenticated.Cache.Poisoning MEDIUM" "wp-super-cache 1.7.3 Authenticated.Remote.Code.Execution HIGH" "wp-super-cache 1.7.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.7.2 Authenticated.Remote.Code.Execution.(RCE) HIGH" "wp-super-cache 1.4.9 Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.4.5 PHP.Object.Injection HIGH" "wp-super-cache 1.4.3 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-super-cache 1.3.1 trunk/plugins/domain-mapping.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/awaitingmoderation.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/badbehaviour.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/wp-cache.php.wp_nonce_url.Function.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/searchengine.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/wptouch.php.URI.XSS MEDIUM" "wp-super-cache 1.3.2 Remote.Code.Execution HIGH" "wp-fusion-lite 3.43.0 Information.Exposure MEDIUM" "wp-fusion-lite 3.42.10 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "wp-fusion-lite 3.37.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-fusion-lite 3.37.30 CSRF.to.Data.Deletion MEDIUM" "wp-fusion-lite 3.37.30 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wpdbspringclean No.known.fix Reflected.XSS HIGH" "wp-rss-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wr-price-list-for-woocommerce No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wpb-popup-for-contact-form-7 1.7.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.wpb_pcf_fire_contact_form HIGH" "wp-gallery-metabox No.known.fix Settings.Update.via.CSRF MEDIUM" "wpforo 2.3.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wpforo 2.3.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wpforo 2.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wpforo 2.2.6 Subscriber+.Content.Injection MEDIUM" "wpforo 2.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wpforo 2.1.9 Reflected.Cross-Site.Scripting HIGH" "wpforo 2.1.8 Subscriber+.Arbitrary.File.Read,.Author+.PHAR.Deserialization,.and.Subscriber+.Server-Side.Request.Forgery.via.file_get_contents HIGH" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Private/Public.via.IDOR MEDIUM" "wpforo 2.1.0 Arbitrary.User.Deletion.via.CSRF HIGH" "wpforo 2.1.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Solved/Unsolved.via.IDOR MEDIUM" "wpforo 2.0.6 Topic.Deletion.via.CSRF MEDIUM" "wpforo 2.0.6 Cross-Site.Request.Forgery MEDIUM" "wpforo 1.9.7 Open.Redirect MEDIUM" "wpforo 1.7.0 New.Users.Set.as.Admin.via.CSRF HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.langid.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.s.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.User.Agent MEDIUM" "wpforo 1.5.2 Privilege.Escalation CRITICAL" "wpforo 1.4.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpforo 1.4.11 Unauthenticated.SQL.Injection CRITICAL" "wp-login-box No.known.fix Admin+.Stored.XSS LOW" "woo-badge-designer-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wordpress-logging-service No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wisdm-reports-for-learndash 1.8.2.2 Reports.Free.<.1.8.2.2.-.Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "wp-linkedin-auto-publish 8.12 Missing.Authorization MEDIUM" "wezido-elementor-addon-based-on-easy-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-seo-addon 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-seo-addon 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-born-babies No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-social-buttons No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce 9.4.3 Unauthenticated.Order.Creation MEDIUM" "woocommerce 9.4.3 Reflected.XSS HIGH" "woocommerce 9.1.0 Unauthenticated.HTML.Injection MEDIUM" "woocommerce 9.2 Contributor+.Stored.XSS MEDIUM" "woocommerce 9.1.4 Stored.XSS LOW" "woocommerce 9.0.0 Shop.Manager+.Content.Injection LOW" "woocommerce 8.9.3 8.9.2.-.Reflected.XSS HIGH" "woocommerce 8.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.6 Contributor+.Private/Draft.Products.Access LOW" "woocommerce 8.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce 8.3.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woocommerce 7.0.1 Authenticated(Shop.Manager+).Sensitive.Information.Exposure MEDIUM" "woocommerce 8.1.1 Shop.Manager+.User.Metadata.Disclosure MEDIUM" "woocommerce 7.9 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce 7.9.0 Sensitive.Information.Exposure MEDIUM" "woocommerce 6.6.0 Admin+.Stored.HTML.Injection LOW" "woocommerce 6.3.1 Orders.Marked.as.Paid.(via.PayPal.Standard.Gateway) LOW" "woocommerce 6.2.1 Path.Traversal.via.Importers MEDIUM" "woocommerce 6.2.1 Subscriber+.Arbitrary.Comment.Deletion MEDIUM" "woocommerce 5.7.0 Analytics.Report.Leaks MEDIUM" "woocommerce 5.5.1 Authenticated.Blind.SQL.Injection HIGH" "woocommerce 5.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce 4.7.0 Arbitrary.Order.Status.Disclosure.via.IDOR MEDIUM" "woocommerce 4.6.2 Guest.Account.Creation MEDIUM" "woocommerce 4.2.1 Potential.Cross-Site.Scripting.(XSS).via.SelectWoo MEDIUM" "woocommerce 4.1.0 Unescaped.Metadata.when.Duplicating.Products LOW" "woocommerce 3.6.5 Cross-Site.Request.Forgery.(CSRF).&.File.Type.Check MEDIUM" "woocommerce 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "woocommerce 3.5.1 Authenticated.Stored.XSS HIGH" "woocommerce 3.4.6 Authenticated.Stored.XSS MEDIUM" "woocommerce 3.4.6 Authenticated.Phar.Deserialization MEDIUM" "wp-polls 2.77.3 Unauthenticated.SQL.Injection.to.Stored.Cross-Site.Scripting MEDIUM" "wp-polls 2.76.0 IP.Validation.Bypass MEDIUM" "wp-polls 2.77.0 Subscriber+.Race.Condition MEDIUM" "wp-polls 2.73.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-polls 2.72 SQL.Injection CRITICAL" "wp-email-newsletter No.known.fix Reflected.XSS HIGH" "woorousell 1.1.1 Contributor+.Stored.XSS MEDIUM" "woorousell 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-music-player No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpglobus-translate-options No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpglobus-translate-options 2.2.0 Reflected.XSS HIGH" "wp-signals 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-olivecart No.known.fix Admin+.Stored.XSS LOW" "wp-aparat 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpfront-user-role-editor 4.1.0 Limited.Information.Exposure MEDIUM" "wpfront-user-role-editor 3.2.1.11184 Reflected.Cross-Site.Scripting MEDIUM" "wtyczka-seopilot-dla-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-vendors 2.4.7.1 Authenticated.(Shop.manager+).SQL.Injection.via.search.dates HIGH" "wc-vendors 2.4.5 Contributor+.Stored.XSS MEDIUM" "wpdm-premium-packages 5.9.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpdm-premium-packages 5.9.4 Reflected.Cross-Site.Scripting.via.add_query_arg MEDIUM" "wpdm-premium-packages No.known.fix Sell.Digital.Products.Securely.<=.5.9.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdmpp_pay_link.Shortcode MEDIUM" "wpdm-premium-packages No.known.fix Admin+.SQL.Injection MEDIUM" "wpdm-premium-packages 5.9.2 Cross-Site.Request.Forgery MEDIUM" "wpdm-premium-packages 5.8.3 Reflected.Cross-Site.Scripting MEDIUM" "wpdm-premium-packages 5.7.5 Sell.Digital.Products.Securely.<.5.7.5.-.Subscriber+.Privilege.Escalation HIGH" "web3-coin-gate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-parsidate 5.1.2 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "wp-parsidate 4.0.2 Reflected.Cross-Site.Scripting MEDIUM" "weather-effect 1.3.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "weather-effect 1.3.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-shipping-multiple-addresses 3.8.10 Missing.Authorization MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Reflected.Cross-Site.Scripting HIGH" "woocommerce-shipping-multiple-addresses 3.8.6 Customer+.Shipping.Address.Update MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Billing.Address.Update.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.4 Subscriber+.Shipping.Address.Disclosure.via.IDOR MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Address.Creation/Update/Deletion.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Reflected.Cross-Site.Scripting HIGH" "wc-sms 2.8.1.1 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wc-sms 2.7 Reflected.Cross-Site.Scripting MEDIUM" "woo-cart-count-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-abandoned-cart 5.16.2 Multiple.CSRF MEDIUM" "woocommerce-abandoned-cart 5.16.2 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_delete_expired_used_coupon_code LOW" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_preview_emails LOW" "woocommerce-abandoned-cart 5.16.0 Admin+.Stored.XSS LOW" "woocommerce-abandoned-cart 5.15.0 Authentication.Bypass CRITICAL" "woocommerce-abandoned-cart 5.8.6 CSRF.Nonce.Bypasses MEDIUM" "woocommerce-abandoned-cart 5.8.3 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-abandoned-cart 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-abandoned-cart 1.9 Authenticated.Blind.SQL.Injection CRITICAL" "wp-reroute-email 1.4.8 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "wp-reroute-email 1.4.8 Cross-Site.Request.Forgery HIGH" "wp-custom-widget-area No.known.fix Subscriber+.Menus.Creation/Deletion/Update MEDIUM" "wp-custom-widget-area No.known.fix Missing.Authorization MEDIUM" "woo-product-category-discount 4.13 Missing.Authorization.via.wpcd_save_discount() MEDIUM" "woo-permalink-manager 2.3.11 Unauthenticated.Local.File.Inclusion CRITICAL" "woo-permalink-manager 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-permalink-manager 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-tools-gravity-forms-divi-module 7.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-gravity-forms-divi-module 6.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpsol No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-poll No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.form_data.Parameter HIGH" "wp-poll 3.3.78 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-poll 3.3.77 Information.Exposure MEDIUM" "wp-contacts-manager No.known.fix Unauthenticated.SQLi CRITICAL" "word-count-analysis No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-scheduled-posts 5.1.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-scheduled-posts 5.0.9 Missing.Authorization MEDIUM" "wp-scheduled-posts 5.0.5 Contributor+.Arbitrary.Post.Update/Deletion LOW" "wp-smart-preloader 1.15.1 Admin+.Stored.XSS LOW" "wp-my-admin-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-my-admin-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-imageflow2 5.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-imageflow2 5.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-tiles No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-tiles No.known.fix Subscriber+.Draft/Private.Post.Title.Disclosure MEDIUM" "wp-tiles No.known.fix Contributor+.Stored.XSS HIGH" "wpdiscuz 7.6.25 Authentication.Bypass CRITICAL" "wpdiscuz 7.6.22 Unauthenticated.HTML.Injection MEDIUM" "wpdiscuz 7.6.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdiscuz 7.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Uploaded.Image.Alternative.Text MEDIUM" "wpdiscuz 7.6.13 Admin+.Stored.XSS LOW" "wpdiscuz 7.6.12 Cross-Site.Request.Forgery MEDIUM" "wpdiscuz 7.6.12 Unauthenticated.Stored.XSS HIGH" "wpdiscuz 7.6.11 Unauthenticated.Content.Injection MEDIUM" "wpdiscuz 7.6.4 Author+.IDOR LOW" "wpdiscuz 7.6.11 Insufficient.Authorization.to.Comment.Submission.on.Deleted.Posts MEDIUM" "wpdiscuz 7.6.12 Missing.Authorization.in.AJAX.Actions MEDIUM" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.4 Unauthenticated.Data.Modification.via.IDOR MEDIUM" "wpdiscuz 7.6.4 Post.Rating.Increase/Decrease.iva.IDOR MEDIUM" "wpdiscuz 7.5 wpDiscuz.7.4.2.-.Subscriber+.IDOR MEDIUM" "wpdiscuz 7.3.12 Sensitive.Information.Disclosure LOW" "wpdiscuz 7.3.4 Arbitrary.Comment.Addition/Edition/Deletion.via.CSRF MEDIUM" "wpdiscuz 7.3.2 wpDiscuz.<.7.3.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "wpdiscuz 7.0.5 wpDiscuz.7.0.0.-.7.0.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpdiscuz 5.3.6 Unauthenticated.SQL.Injection CRITICAL" "wp-coder 3.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-coder 2.5.6 Reflected.XSS MEDIUM" "wp-coder 2.5.4 Admin+.SQLi MEDIUM" "wp-coder 2.5.3 Code.Deletion.via.CSRF MEDIUM" "wp-coder 2.5.2 RFI.leading.to.RCE.via.CSRF HIGH" "wp-smart-import 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.1.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.3 Reflected.Cross-Ste.Scripting MEDIUM" "wp-smart-import 1.0.1 Auhenticated.Server-side.Request.Forgery MEDIUM" "wpmandrill No.known.fix Missing.Authorization.via.getAjaxStats MEDIUM" "webp-svg-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wp-youtube-live 1.8.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-youtube-live 1.7.22 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "woo-add-to-cart-text-change 2.1 Add.to.cart.Text.Update.via.CSRF MEDIUM" "wp-comment-designer-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-easy-pay 4.2.4 Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "wp-easy-pay 4.2b1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 CSRF MEDIUM" "wp-easy-pay 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easy-pay 3.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-easy-pay 3.2.3 Cross-Site.Request.Forgery MEDIUM" "wp-domain-redirect No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-system-log No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpforms-lite 1.9.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fieldHTML.Parameter MEDIUM" "wpforms-lite 1.9.2.3 Contributor+.Custom.Form.Theme.Creation LOW" "wpforms-lite 1.9.2.2 1.9.2.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Payment.Refund.and.Subscription.Cancellation HIGH" "wpforms-lite 1.9.2.3 Admin+.Stored.XSS LOW" "wpforms-lite 1.9.2.1 Cross-Site.Request.Forgery.(CSRF).to.Plugin's.Log.Deletion MEDIUM" "wpforms-lite 1.9.1.6 Admin+.Stored.XSS LOW" "wpforms-lite 1.8.8.2 Unauthenticated.Price.Manipulation MEDIUM" "wpforms-lite 1.8.1.3 Reflected.XSS MEDIUM" "wpforms-lite 1.7.5.5 Admin+.Arbitrary.File.Access MEDIUM" "wpforms-lite 1.6.0.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.5.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-whatsapp 3.6.9 Missing.Authorization.to.Authenticated.(Subscriber+).Filebird.Plugin.Installation MEDIUM" "wp-whatsapp 3.6.5 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.4 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.3 Contributor+.Stored.XSS MEDIUM" "wp-whatsapp 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "wp-whatsapp 3.4.5 Admin+.Stored.XSS LOW" "websimon-tables No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-smart-contracts 1.3.12 Author+.SQLi MEDIUM" "wpml-string-translation 3.2.6 Admin+.SQLi MEDIUM" "wordpress-gdpr 2.0.3 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "wordpress-gdpr 2.0.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wordpress-gdpr 1.9.27 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wordpress-gdpr 1.9.26 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "weaverx-theme-support 6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.div.Shortcode MEDIUM" "weaverx-theme-support 6.3.1 Admin+.PHP.Object.Injection LOW" "weaverx-theme-support 6.2.7 Contributor+.Stored.XSS MEDIUM" "wp-tools-divi-product-carousel 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-product-carousel 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-altcoin-payment-gateway 1.7.3 Unauthenticated.SQLi HIGH" "woo-altcoin-payment-gateway 1.6.1 Reflected.Cross-Site.Scripting HIGH" "wp-ultimate-post-grid 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-grid-with-filters.Shortcode MEDIUM" "wp-ultimate-post-grid 3.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-text.Shortcode MEDIUM" "wp-migrate-2-aws 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wd-instagram-feed 1.4.29 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wd-instagram-feed 1.3.1 XSS MEDIUM" "wp-inimat No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-disable-sitemap 1.1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-disable-sitemap 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-eis No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-raptor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-tag-manager No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woo-smart-quick-view 4.1.2 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "woo-smart-quick-view 4.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-blackcheck No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-structured-data-schema 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-structured-data-schema 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-countdown-widget 3.1.9.3 Admin+.Stored.XSS LOW" "wp-editor 1.2.9.1 Authenticated.(Admin+).PHAR.Deserialization HIGH" "wp-editor 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-editor 1.2.8 Sensitive.Information.Exposure.via.log.file MEDIUM" "wp-editor 1.2.7 Authenticated.SQL.injection CRITICAL" "wp-editor 1.2.6.3 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-editor 1.2.6 CSRF.&.Incorrect.Permissions CRITICAL" "wp-airbnb-review-slider 3.3 Subscriber+.SQLi HIGH" "wp-airbnb-review-slider 3.3 CSRF MEDIUM" "woorocks-magic-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-gdpr-compliance No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-gdpr-compliance 2.0.23 Subscriber+.Arbitrary.Options.Update HIGH" "wp-gdpr-compliance 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-gdpr-compliance 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-gdpr-compliance 1.4.3 Unauthenticated.Call.Any.Action.or.Update.Any.Option CRITICAL" "wp-blogs-planetarium No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-pro-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pro-counter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wpoptin 2.0.2 Unauthenticated.Local.File.Inclusion HIGH" "wpoptin 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "wpoptin 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-s3 1.6 Reflected.XSS HIGH" "wp-photo-text-slider-50 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-text-slider-50 8.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "webriti-companion 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-backup-manager No.known.fix Reflected.XSS HIGH" "wc-j-upsellator 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ada-compliance-check-basic 3.1.4 Cross-Site.Request.Forgery MEDIUM" "wp-meta-and-date-remover 2.3.1 Cross-Site.Request.Forgery.via.updateSettings MEDIUM" "wp-meta-and-date-remover 2.2.0 Subscriber+.Stored.XSS HIGH" "wp-meta-and-date-remover 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-follow-up-emails 4.9.50 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woocommerce-follow-up-emails 4.9.50 Unauthenticated.Reflected.XSS HIGH" "woo-enviopack No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-soononline-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpdirectorykit 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.3.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wpdirectorykit 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.2.7 Missing.Authorization MEDIUM" "wpdirectorykit 1.2.4 Missing.Authorization.for.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.4 Reflected.Cross-Site.Scripting.via.search.parameter MEDIUM" "wpdirectorykit 1.2.0 Unauthenticated.Local.File.Inclusion HIGH" "wpdirectorykit 1.2.3 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "wpdirectorykit 1.2.0 Cross-Site.Request.Forgery MEDIUM" "wpdirectorykit 1.2.2 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.0 Open.Redirect MEDIUM" "woocommerce-gateway-nab-dp 2.1.2 NAB.Transact.<.2.1.2.-.Payment.Bypass HIGH" "wp-better-emails No.known.fix Admin+.Stored.XSS LOW" "wpgsi 3.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wpgsi 3.7.9 Reflected.Cross-Site.Scripting MEDIUM" "wpgsi 3.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpgsi 3.6.0 CSRF.Bypass MEDIUM" "wpgsi 3.6.0 Reflected.Cross-Site.Scripting HIGH" "woocommerce-catalog-enquiry 5.0.6 Cross-Site.Request.Forgery.via.REST.API MEDIUM" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Stored.XSS.via.Arbitrary.Setting.Update HIGH" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Inquiry.Saving.&.Sensitive.Information.Disclosure MEDIUM" "woocommerce-catalog-enquiry 3.1.0 Arbitrary.File.Upload HIGH" "wp-editor-bootstrap-blocks 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wplms-plugin 1.9.9.5.3 Unauthenticated.SQL.Injection HIGH" "wp-report-post No.known.fix Reflected.XSS HIGH" "woocommerce-add-to-cart-custom-redirect 1.2.14 Authenticated(Contributor+).Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wp-category-meta No.known.fix CSRF MEDIUM" "wp-members 3.4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpmem_loginout.Shortcode MEDIUM" "wp-members 3.4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-members 3.4.9.4 Unprotected.Storage.of.Potentially.Sensitive.Files MEDIUM" "wp-members 3.4.9.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-members 3.4.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-members 3.4.9 Contributor+.Sensitive.Information.Exposure MEDIUM" "wp-members 3.4.8 Subscriber+.Unauthorized.Plugin.Settings.Update MEDIUM" "wp-members 3.2.8.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-members 3.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wppageflip No.known.fix index.php.pageflipbook_language.Parameter.Traversal.Local.File.Inclusion CRITICAL" "wish-list-for-woocommerce 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.13 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer.header HIGH" "wp-meta-seo 4.5.13 Unauthenticated.Password.Protected.Content.Access MEDIUM" "wp-meta-seo 4.5.5 Author+.PHAR.Deserialization HIGH" "wp-meta-seo 4.5.3 Subscriber+.SQLi HIGH" "wp-meta-seo 4.5.3 Subscriber+.Improper.Authorization.causing.Arbitrary.Redirect MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.Google.Analytics.Settings.Update MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.SiteMap.Settings.Update MEDIUM" "wp-meta-seo 4.4.9 Social.Settings.Update.via.CSRF MEDIUM" "wp-meta-seo 4.4.7 Admin+.Stored.Cross-Site.Scripting.via.breadcrumbs LOW" "wp-optimize 3.2.13 Cross-Site.Scripting.From.Third-party.Library HIGH" "wplistcal No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wpcalc No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.19 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.9 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.6 Contributor+.Stored.Cross-Site.Scripting.via.'reg-single-checkbox' MEDIUM" "wp-user-avatar 4.15.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.profilepress-edit-profile.Shortcode MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[reg-select-role].Shortcode MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Unauthenticated.Stored.XSS MEDIUM" "wp-user-avatar 4.14.4 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.13.3 Information.Disclosure.via.Debug.Log MEDIUM" "wp-user-avatar 4.13.2 Limited.Privilege.Escalation.via.'acceptable_defined_roles' HIGH" "wp-user-avatar 4.13.2 ProfilePress.<.4,13,2.Cross-Site.Request.Forgery.via.'admin_notice' MEDIUM" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.5.4 Admin+.Stored.XSS LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting.via.Form.Settings LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting HIGH" "wp-user-avatar 3.1.11 Unauthenticated.Cross-Site.Scripting.(XSS).in.tabbed.login/register.widget MEDIUM" "wp-user-avatar 3.1.11 Multiple.Vulnerabilities MEDIUM" "wp-user-avatar 3.1.8 Authenticated.Stored.XSS CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Authenticated.Privilege.Escalation CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Arbitrary.File.Upload.in.File.Uploader.Component CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "wp-stats-manager 7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stats-manager 7.6 Missing.Authorization MEDIUM" "wp-stats-manager 6.9.5 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-stats-manager 6.9 Unauthenticated.SQLi HIGH" "wp-stats-manager 6.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-stats-manager 5.8 Unauthenticated.SQLi HIGH" "wp-stats-manager 5.6 .Subscriber+.SQL.Injection HIGH" "wp-stats-manager 5.5 Arbitrary.IP.Address.Exclusion.to.Stored.XSS HIGH" "wp-stats-manager 4.8 Subscriber+.SQL.Injection HIGH" "widgets-for-alibaba-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "webba-booking-lite 5.0.50 Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Settings.Update MEDIUM" "webba-booking-lite 5.0 Cross-Site.Request.Forgery MEDIUM" "webba-booking-lite 4.5.31 Reflected.Cross-Site.Scripting MEDIUM" "webba-booking-lite 4.2.22 Admin+.Stored.Cross-Site.Scripting LOW" "webba-booking-lite 4.2.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "writer-helper No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "woo-conditional-product-fees-for-checkout 3.9.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-product-fees-for-checkout 3.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-gutenberg-products-block 11.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woo-gutenberg-products-block 5.5.1 Unauthenticated.SQL.Injection CRITICAL" "woo-gutenberg-products-block 3.7.1 Guest.Account.Creation MEDIUM" "wp-backgrounds-lite No.known.fix CSRF.Bypass MEDIUM" "wp-tithely No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woocommerce-upload-files 84.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-upload-files 59.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-cfm 1.7.9 Cross-Site.Request.Forgery.via.multiple.AJAX.functions MEDIUM" "wwm-social-share-on-image-hover No.known.fix Admin+.Stored.XSS LOW" "wp-responsive-slider-with-lightbox 1.0.1 Arbitrary.File.Upload.via.CSRF HIGH" "wp-responsive-slider-with-lightbox No.known.fix Admin+.Stored.XSS MEDIUM" "wp-responsive-slider-with-lightbox 1.0.1 Image.Lightboxes.via.CSRF MEDIUM" "wordpress-tabs-slides No.known.fix CSRF MEDIUM" "webriti-smtp-mail No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "woocommerce-multi-currency 2.1.18 Authenticated.Product.Price.Change MEDIUM" "wp-editormd 10.0.4 Cross-Site.Scripting.(XSS) MEDIUM" "wpheka-request-for-quote 1.3 CSRF.Bypass MEDIUM" "wp-mobile-detector 3.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wordpress-backup-to-dropbox 4.1 Reflected.XSS MEDIUM" "wpfront-scroll-top 2.0.6.07225 Admin+.Stored.XSS MEDIUM" "wp-product-review 3.7.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-announcements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-thumbtack-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-useronline 2.88.3 Unauthenticated.Stored.XSS HIGH" "wp-useronline 2.88.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-useronline 2.88.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-donimedia-carousel No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wc-zelle 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-zelle 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wooswipe 3.0.0 Subscriber+.Settings.Update MEDIUM" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wicked-folders 2.18.17 Subscriber+.Folder.Structure.Update MEDIUM" "wicked-folders 2.18.17 Folder.Structure.Update.via.CSRF MEDIUM" "wicked-folders 2.8.10 Subscriber+.SQL.Injection HIGH" "wpzoom-elementor-addons 1.1.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wpzoom-elementor-addons 1.1.38 Unauthenticated.Local.File.Inclusion CRITICAL" "wpzoom-elementor-addons 1.1.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-elementor-addons 1.1.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-flybox No.known.fix CSRF MEDIUM" "webbricks-addons 1.1.11 Contributor+.Stored.XSS MEDIUM" "woocommerce-discounts-plus 3.4.5 Reflected.Cross-Site.Scripting HIGH" "wp-menu-image 2.3 Unauthenticated.Menu.Image.Deletion MEDIUM" "wp-menu-image 2.3 Missing.Authorization.to.Unauthenticated.Menu.Image.Deletion MEDIUM" "wp-crowdfunding 2.1.13 Missing.Authorization.to.Authenticated.(Subscriber+).WooCommerce.Installation MEDIUM" "wp-crowdfunding 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcf_donate.Shortcode MEDIUM" "wp-crowdfunding 2.1.11 Missing.Authorization.to.Authenticated.(Subscriber+).to.Enable/Disable.Addons MEDIUM" "wp-crowdfunding 2.1.10 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.9 Reflected.XSS HIGH" "wp-crowdfunding 2.1.8 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Reflected.XSS HIGH" "wp-crowdfunding 2.1.6 Cross-Site.Request.Forgery MEDIUM" "wp-crowdfunding 2.1.5 Missing.Authorization.via.settings_reset MEDIUM" "wp-home-page-menu 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wpshopgermany-protectedshops 2.1 Admin+.Stored.XSS LOW" "wp-baidu-submit No.known.fix Admin+.Stored.XSS LOW" "wp-gmappity-easy-google-maps No.known.fix Subscriber+.SQL.Injection HIGH" "wp-quick-setup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin/Theme.Installation HIGH" "wp-database-error-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-songbook No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-open-street-map 1.30 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-contact-slider 2.4.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-contact-slider 2.4.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.7 Editor+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcodefactory-helper 1.7.1 .Reflected.Cross-Site.Scripting MEDIUM" "wpcodefactory-helper 1.5.3 Reflected.Cross-Site.Scripting HIGH" "wp-mathjax-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-background-tile No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-js No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-projects-portfolio No.known.fix Stored.XSS.via.CSRF HIGH" "wp-projects-portfolio No.known.fix Reflected.XSS HIGH" "wp-rocket 2.10.4 Local.File.Inclusion.(LFI) HIGH" "wp-simple-post-view 2.0.1 Post.View.Data.Reset.via.CSRF MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Data.Export MEDIUM" "woo-thank-you-page-customizer 1.0.14 CSRF MEDIUM" "writersblok-ai 1.3.20 Reflected.Cross-Site.Scripting MEDIUM" "wpremote 4.65 Reflected.Cross-Site.Scripting MEDIUM" "wp-pano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-rollback 1.2.3 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "woo-social-login 2.7.8 WordPress./.WooCommerce.Plugin.<.2.7.8.-.Authentication.Bypass HIGH" "woo-social-login 2.7.6 Social.Login.<.2.7.6.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Privilege.Escalation.via.One-Time.Password HIGH" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Authentication.Bypass HIGH" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "woo-social-login 2.7.0 Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Email.Verification.due.to.Insufficient.Randomness MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Cross-Site.Request.Forgery MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Admin+.Stored.XSS LOW" "woocommerce-order-searching No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-thanks-redirect 3.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-thanks-redirect 3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-simple-anchors-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpanchor.Shortcode MEDIUM" "website-toolbox-forums 2.0.2 Reflected.Cross-Site.Scripting.via.websitetoolbox_username MEDIUM" "widgets-for-aliexpress-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wholesale-market-for-woocommerce 2.0.0 Admin+.Arbitrary.Log.Download MEDIUM" "wholesale-market-for-woocommerce 2.0.1 Settings.Update.via.CSRF MEDIUM" "wholesale-market-for-woocommerce 1.0.8 Admin+.Arbitrary.File.Download MEDIUM" "wholesale-market-for-woocommerce 1.0.7 Unauthenticated.Arbitrary.File.Download HIGH" "wp-clone-by-wp-academy 2.4.7 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialized_replace' HIGH" "wp-clone-by-wp-academy 2.4.6 Missing.Authorization MEDIUM" "wp-clone-by-wp-academy 2.4.4 Subscriber+.Unauthorised.Action.Calls MEDIUM" "wp-clone-by-wp-academy 2.4.3 Unauthenticated.Backup.Download HIGH" "wp-clone-by-wp-academy 2.3.8 Subscriber+.Plugin.Installation MEDIUM" "wp-clone-by-wp-academy 2.3.8 Plugin.Installation.via.CSRF MEDIUM" "wpfavicon No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting LOW" "wp-bulk-sms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wsecure No.known.fix Admin+.Stored.XSS LOW" "wsecure 2.4 Remote.Code.Execution.(RCE) HIGH" "wp-hide-security-enhancer 2.5.2 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Contents.Deletion HIGH" "wp-hide-security-enhancer 1.8 Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-siteorigin 1.4.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wpmm-memory-meter 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "watupro 5.5.3.7 SQL.Injection CRITICAL" "watupro 4.9.0.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woocommerce-products-slider 1.13.51 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-products-slider 1.13.42 Contributor+.Stored.XSS MEDIUM" "woocommerce-products-slider 1.13.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-jobs 1.7 XSS MEDIUM" "wp-jobs 1.5 Authenticated.SQL.Injection HIGH" "wallet-system-for-woocommerce 2.5.14 Information.Exposure.via.Log.Files MEDIUM" "wallet-system-for-woocommerce 2.5.10 Cross-Site.Request.Forgery MEDIUM" "wp-subscribe 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "wp-page-post-widget-clone No.known.fix Missing.Authorization MEDIUM" "wp-hijri 1.5.2 Reflected.XSS HIGH" "woo-address-book 1.6.0 CSRF HIGH" "woo-document-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-meteor 3.4.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wpstream 4.5.5 Local.Event.Settings.Update.via.CSRF MEDIUM" "wpstream 4.4.10.6 Settings.Update.via.CSRF MEDIUM" "wp-listings-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-styling 1.3.1 Multiple.CSRF MEDIUM" "wphobby-demo-import No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-import-export-lite 3.9.27 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-import-export-lite 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-import-export-lite 3.9.5 Subscriber+.Extensions.Update MEDIUM" "wp-import-export-lite 3.9.5 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-commentnavi 1.12.2 Admin+.Stored.XSS LOW" "woo-additional-fees-on-checkout-wordpress 1.4.8 Reflected.Cross-Site.Scripting.via.'number' MEDIUM" "wp-recaptcha-integration 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-recaptcha-integration No.known.fix Admin+.Stored.XSS LOW" "woocommerce-checkout-cielo No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Order.Payment.Status.Update MEDIUM" "wp-business-intelligence-lite 1.6.3 SQL.Injection CRITICAL" "wise-chat 2.8.4 CSV.Injection HIGH" "wise-chat 2.7 Reverse.Tabnabbing MEDIUM" "wp-basics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordable 3.1.2 Plugin's.Authentication.Bypass HIGH" "wp-youtube-lyte 1.7.16 Authenticated.Stored.XSS MEDIUM" "wp-events-manager 2.2.0 Authenticated.(Subscriber+).Time-Based.SQL.Injection HIGH" "wp-design-maps-places No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-yadisk-files No.known.fix Admin+.Stored.XSS LOW" "wp-yadisk-files No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woocommerce-cloak-affiliate-links 1.0.36 Cross-Site.Request.Forgery MEDIUM" "woocommerce-cloak-affiliate-links 1.0.34 Missing.Authorization.to.Unauthenticated.Permalink.Modification HIGH" "woocommerce-amazon-affiliates-light-version No.known.fix Lite.<=.3.1.-.CSRF MEDIUM" "wp-jquery-lightbox 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.Attribute MEDIUM" "wp-twilio-core 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-twilio-core 1.3.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-myparcel 4.24.2 Reflected.Cross-Site.Scripting MEDIUM" "webmaster-tools-verification No.known.fix Unauthenticated.Arbitrary.Plugin.Deactivation HIGH" "wp-ispconfig3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-gratify No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocustomizer 2.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-special-textboxes 6.2.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-special-textboxes 5.9.110 Admin+.Stored.Cross-Site.Scripting LOW" "woo-coupons-bulk-editor 1.3.40 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupons-bulk-editor 1.3.28 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pocket-urls 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-pocket-urls 1.0.3 Reflected.Cross-Site.Scripting HIGH" "woo-variation-swatches 1.0.62 Reflected.XSS MEDIUM" "woo-tranzila-gateway No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wot-elementor-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-affiliate 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-affiliate 2.4 Reflected.XSS HIGH" "wordpress-gallery No.known.fix "load".Remote.File.Inclusion CRITICAL" "woo-parcel-pro 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-parcel-pro 1.6.12 Cross-Site.Request.Forgery MEDIUM" "woo-parcel-pro 1.6.12 Open.Redirect MEDIUM" "wp-google-analytics-events 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-webauthn 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-webauthn 1.3.4 Contributor+.Stored.XSS.via.wwa_login_form.Shortcode MEDIUM" "woo-coupon-usage 5.16.7.2 Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.12.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.5.1.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.4.4 Unauthenticated.Reflected.XSS HIGH" "woo-coupon-usage 5.4.6 Reflected.XSS HIGH" "woo-coupon-usage 4.16.4.5 Unauthenticated.Stored.XSS HIGH" "woo-coupon-usage 4.16.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-coupon-usage 4.11.3.4 Arbitrary.Referral.Visits.Deletion.via.CSRF MEDIUM" "woo-coupon-usage 4.11.0.2 Reflected.Cross-Site.Scripting HIGH" "wordpress-file-upload-pro 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wp-mail-logging 1.11.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-mail-logging 1.10.0 Outdated.Redux.Framework MEDIUM" "wpfunnels 3.5.6 Reflected.Cross-Site.Scripting MEDIUM" "wpfunnels 3.0.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpfunnels 2.7.17 Reflected.Cross-Site.Scripting HIGH" "wpfunnels 2.6.9 Contributor+.Stored.XSS MEDIUM" "wp-discord-invite 2.5.2 Admin+.Stored.Cross.Site.Scripting LOW" "wp-discord-invite 2.5.1 Arbitrary.Settings.Update.via.CSRF HIGH" "wp-discord-invite 2.5.1 Reflected.Cross-Site.Scripting.via.webhook MEDIUM" "wpc-badge-management 2.4.1 Missing.Authorization MEDIUM" "wp-users-exporter No.known.fix CSV.Injection MEDIUM" "wp-ulike 4.7.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.7.6 Admin+.Stored.XSS LOW" "wp-ulike 4.7.5 Admin+.Stored.XSS.via.Widgets LOW" "wp-ulike 4.7.5 Cross-Site.Request.Forgery.to.Statistic.Deletion MEDIUM" "wp-ulike 4.7.4 Admin+.Stored.XSS LOW" "wp-ulike 4.7.2.1 Subscriber+.Stored-XSS HIGH" "wp-ulike 4.7.1 Admin+.Stored.XSS LOW" "wp-ulike 4.7.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcodes HIGH" "wp-ulike 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 2.7.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.6.9 Contributor+.Stored.Cross.Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 4.6.5 Unauthenticated.Rating.Tampering.via.Race.Condition LOW" "wp-vipergb 1.6.2 Cross-Site.Request.Forgery MEDIUM" "wp-vipergb 1.13.16 XSS MEDIUM" "wp-multisite-content-copier-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-multisite-content-copier-pro 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "widget-options 4.0.9 Missing.Authorization.to.Notice.Dismissal MEDIUM" "widget-options 4.0.8 Missing.Authorization MEDIUM" "widget-options 4.0.8 Contributor+.Remote.Code.Execution CRITICAL" "widget-options 4.0.2 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "wp-fade-in-text-news 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "woocommerce-bulk-stock-management 2.2.34 Reflected.XSS HIGH" "wp-nice-loader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-cookie-law-info No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ecards-invites 1.3.905 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-custom-checkout-fields No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-fullcalendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-fullcalendar 1.5 Unauthenticated.Arbitrary.Post.Access HIGH" "wpagecontact No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "wux-blog-editor No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "wux-blog-editor No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpcs-content-scheduler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpcs-content-scheduler 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-radio No.known.fix Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wp-radio No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-radio No.known.fix CSRF MEDIUM" "wp-radio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-radio 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-frontend-manager 6.7.13 Insecure.Direct.Object.Reference.to.Account.Takeover/Privilege.Escalation HIGH" "wc-frontend-manager 6.7.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wc-frontend-manager 6.6.1 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "wc-frontend-manager 6.6.0 Multiple.CSRF MEDIUM" "wc-frontend-manager 6.5.12 Frontend.Manager.for.WooCommerce.<.6.5.12.-.Customer/Subscriber+.SQL.Injection HIGH" "woo-salesforce-plugin-crm-perks 1.5.9 Reflected.Cross-Site.Scripting HIGH" "wp-extra 6.5 Cross-Site.Request.Forgery.ToolImport MEDIUM" "wp-extra 6.3 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "wp-extra 6.3 Subscriber+..htaccess.File.Modification HIGH" "wp-extra 6.3 Missing.Authorization.to.Export.Settings MEDIUM" "wp-order-by No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-migrate-db-pro 2.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "wordpress-23-related-posts-plugin No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-23-related-posts-plugin 2.7.2 Cross-Site.Request.Forgery MEDIUM" "wp-bulletin-board No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-products-widgets-for-elementor No.known.fix Contributor+.Local.File.Inclusion HIGH" "woo-products-widgets-for-elementor 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-products-widgets-for-elementor 1.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-products-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-slider 2.6.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "woo-product-slider 2.5.7 Subscriber+.Arbitrary.Options.Deletion HIGH" "wp-invoice No.known.fix Arbitrary.Settings.Update.via.CSRF HIGH" "wp-invoice No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-invoice 4.1.1 Multiple.Vulnerabilities MEDIUM" "wp-query-console No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "woocommerce-google-adwords-conversion-tracking-tag 1.43.4 Use.of.Polyfill.io MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.32.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.14.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-board No.known.fix Unauthenticated.SQL.Injection CRITICAL" "web-testimonials No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wip-custom-login 1.3.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-image-zoooom 1.47 Local.File.Inclusion MEDIUM" "wp-bibtex 3.0.2 Cross-Site.Request.Forgery.to.Stored.and.Reflected.Cross-Site.Scripting MEDIUM" "wp-customer-reviews 3.7.1 Malicious.Redirect.via.HTTP-EQUIV.Injection LOW" "wp-customer-reviews 3.6.7 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-customer-reviews 3.6.7 Admin+.Stored.XSS MEDIUM" "wp-customer-reviews 3.5.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-customer-reviews 3.4.3 Multiple.Unauthenticated.and.Low.Priv.Authenticated.Stored.XSS CRITICAL" "wp-customer-reviews 3.0.9 CSRF.&.XSS HIGH" "widget-countdown 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-product-sort-and-display 2.4.2 Missing.Authorization MEDIUM" "woocommerce-shipping-per-product 2.5.5 Missing.Authorization MEDIUM" "wc4bp 3.4.20 Missing.Authorization MEDIUM" "wc4bp 3.4.21 Authenticated.(Subscriber+).PHP.Object.Injection.in.get_simple_request HIGH" "wc4bp 3.4.16 Reflected.Cross-Site.Scripting MEDIUM" "wc4bp 3.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc4bp 3.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-responsive-thumbnail-slider 1.0.1 Cross-Site.Request.Forgery.to.Mass.Slider.Deletion MEDIUM" "wp-responsive-thumbnail-slider 1.1.10 Reflected.XSS HIGH" "wp-responsive-thumbnail-slider 1.0.1 Authenticated.Shell.Upload.&.CSRF HIGH" "wp-responsive-thumbnail-slider 1.0.1 Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "wplyrics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-quantity-plus-minus-button 1.2.0 Quantity.Plus.Minus.Button.for.WooCommerce.by.CodeAstrology.<.1,2,0.Settings.Update.via.CSRF MEDIUM" "wp-helper-lite 4.6.2 Missing.Authorization.in.whp_smtp_send_mail_test MEDIUM" "wp-helper-lite 4.6.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-helper-lite 4.5.2 Cross-Site.Request.Forgery.via.whp_fields MEDIUM" "wp-helper-lite 4.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-exporter 2.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-exporter 2.7.2.1 Store.Exporter.<.2.7.2.1.-.Reflected.XSS HIGH" "woocommerce-exporter 2.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-exporter 2.4 Store.Exporter.<.2.4.-.CSV.Injection CRITICAL" "woo-razorpay 4.5.7 Subscriber+.Transfers.Manipulation MEDIUM" "woo-razorpay 4.5.7 Transfers.Manipulation.via.CSRF MEDIUM" "wd-facebook-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wd-facebook-feed 1.2.9 Reflected.XSS MEDIUM" "wd-facebook-feed 1.1.27 Authenticated.SQL.Injection MEDIUM" "wp-custom-taxonomy-image No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-infusionsoft-woocommerce 1.0.9 Reflected.Cross-Site.Scripting HIGH" "wp-like-button No.known.fix Missing.Authorization.via.crublabFBLBAjax LOW" "wp-like-button No.known.fix Button.Settings.Update.via.CSRF MEDIUM" "wp-like-button 1.6.4 Auth.Bypass MEDIUM" "wp-facebook-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-group No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-news-sliders No.known.fix Missing.Authorization MEDIUM" "wp-mail-log 1.1.3 Contributor+.Arbitrary.File.Upload HIGH" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Incorrect.Authorization.in.REST.API.Endpoints LOW" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.SQL.Injection.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.Arbitrary.File.Upload.to.RCE CRITICAL" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.SQL.Injection.in.wml_logs.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.LFI.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 Editor+.SQL.Injection.via.id HIGH" "wp-mail-log 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-log 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woo-viet 1.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 22.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 22.6 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-seo 21.1 Authenticated.(Seo.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 17.3 Unauthenticated.Full.Path.Disclosure NONE" "wordpress-seo 11.6 Authenticated.Stored.XSS CRITICAL" "wordpress-seo 9.2 Authenticated.Race.Condition MEDIUM" "wordpress-seo 5.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-seo 3.4.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-remote-site-search 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpmu-prefill-post No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpdash-notes No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-live-chat-support-pro 8.0.32 File.Upload.Bypass CRITICAL" "wp-live-chat-support-pro 8.0.0.7 Unauthenticated.RCE CRITICAL" "wp-humanstxt No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-gateway-stripe 7.6.2 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-gateway-stripe 7.6.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-gateway-stripe 7.4.1 Subscriber+.Order.Intent.Update MEDIUM" "woocommerce-gateway-stripe 7.4.1 Unauthenticated.PII.Disclosure.via.IDOR HIGH" "wp-content-pilot 1.3.4 Authenticated.(Contributor+).Content.Injection MEDIUM" "wp-lister-for-ebay 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.5.8 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "wupo-group-attributes 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wupo-group-attributes 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-time-capsule 1.22.22 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-time-capsule 1.22.22 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-time-capsule 1.22.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-time-capsule 1.22.21 Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-time-capsule 1.22.7 Reflected.Cross-Site.Scripting HIGH" "wp-time-capsule 1.21.16 Authentication.Bypass CRITICAL" "wp-google-places-review-slider 13.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 12.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-google-places-review-slider 11.8 Subscriber+.SQLi HIGH" "wp-google-places-review-slider 11.6 Admin+.Stored.XSS LOW" "wp-fiddle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-abandoned-cart-pro 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-responsive-tabs 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-seo-tags No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-mermaid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-data-access 5.5.23 Unauthenticated.SQL.Injection HIGH" "wp-data-access 5.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-data-access 5.3.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-data-access 5.3.8 Subscriber+.Privilege.Escalation HIGH" "wp-data-access 5.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-data-access 5.0.0 Admin+.SQL.Injection HIGH" "wordpress-feed-statistics No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wordpress-feed-statistics 4.0 Open.Redirect MEDIUM" "web-application-firewall 2.1.3 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "web-application-firewall 2.1.2 Unauthenticated.Privilege.Escalation CRITICAL" "woo-moneybird No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-eggdrop No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-eggdrop No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wholesale-market 2.2.1 Unauthenticated.Arbitrary.File.Download HIGH" "wholesale-market 2.2.2 Settings.Update.via.CSRF MEDIUM" "woocommerce-chained-products 2.12.0 Unauthenticated.Arbitrary.Options.Update.to.'no' MEDIUM" "wp-swimteam 1.45 Local.File.Inclusion MEDIUM" "wp-total-hacks No.known.fix Subscriber+.Arbitrary.Options.Update.to.Stored.XSS HIGH" "wp-zillow-review-slider 2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-search-keyword-redirect No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-counter-up No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-counter-up 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-pensopay 6.3.2 Reflected.XSS HIGH" "wp-github No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sendfox No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "wp-sendfox 1.3.1 Missing.Authorization MEDIUM" "wp-security-questions No.known.fix Cross-Site.Request.Forgery HIGH" "wp-security-questions No.known.fix CSRF.Bypass MEDIUM" "woowgallery 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woowgallery 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-products-filter 1.3.6.4 Reflected.Cross-Site.Scripting.via.really_curr_tax.Parameter MEDIUM" "woocommerce-products-filter 1.3.6.2 Insecure.Direct.Object.Reference.to.Unsubscribe MEDIUM" "woocommerce-products-filter 1.3.6.2 Authenticated.(Shop.Manager+).Arbitrary.Options.Update HIGH" "woocommerce-products-filter 1.3.6.1 Products.Filter.Professional.for.WooCommerce.<.1.3.6.1.-.Unauthenticated.Time-Based.SQL.Injection CRITICAL" "woocommerce-products-filter 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Subscriber+..Remote.Code.Execution CRITICAL" "woocommerce-products-filter 1.3.5.2 Cross-Site.Request.Forgery MEDIUM" "woocommerce-products-filter 1.3.5.3 Admin+.Local.File.Inclusion MEDIUM" "woocommerce-products-filter 1.3.5.2 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Contributor+.SQL.Injection HIGH" "woocommerce-products-filter 1.3.4.4 Multiple.Connections/Stats.CSRF MEDIUM" "woocommerce-products-filter 1.3.4.3 Unauthenticated.SQL.Injection.via.search.terms CRITICAL" "woocommerce-products-filter 1.3.4.3 Missing.Authorization.via.woof_meta_get_keys() MEDIUM" "woocommerce-products-filter 1.3.2 Products.Filter.for.WooCommerce.<.1.3.2.-.Admin+.PHP.Object.Injection LOW" "woocommerce-products-filter 1.2.6.3 Products.Filter.for.WooCommerce.<.1.2.6.3.-.Reflected.Cross-Site.Scripting HIGH" "woocommerce-products-filter 1.2.0 Multiple.Issues CRITICAL" "wp-security-pro 4.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-finance No.known.fix Stored.XSS.via.CSRF HIGH" "wp-finance No.known.fix Reflected.XSS HIGH" "woolook No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "ws-bootstrap-vc No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-confirmation-email No.known.fix Reflected.XSS HIGH" "woo-confirmation-email No.known.fix Authentication.bypass.via.weak.token.generation HIGH" "woo-confirmation-email 3.4.0 CSRF.leading.to.Option.Update CRITICAL" "wp-discourse 2.5.2 Missing.Authorization MEDIUM" "world-prayer-time No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "website-monetization-by-magenet 1.0.29.2 Cross-Site.Request.Forgery MEDIUM" "wpr-admin-amplify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-inventory-manager 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-inventory-manager 2.1.0.14 Inventory.Items.Deletion.via.CSRF MEDIUM" "wp-inventory-manager 2.1.0.13 Reflected.Cross-Site.Scripting HIGH" "wp-inventory-manager 2.1.0.12 Reflected.XSS HIGH" "wp-phpmyadmin-extension 5.2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-phpmyadmin-extension 5.2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-file-download-light No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-shieldon 1.6.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-minify 1.6 Settings.Update.via.CSRF MEDIUM" "wcfm-marketplace-rest-api 1.6.0 Subscriber+.Arbitrary.Orders.Item.And.Notes.Update MEDIUM" "wp-video-gallery-free No.known.fix Unauthenticated.SQLi HIGH" "wp-fevents-book No.known.fix Subscriber+.Stored.XSS HIGH" "wp-fevents-book No.known.fix Subscriber+.Arbitrary.Booking.Manipulation.via.IDOR MEDIUM" "wp-mmenu-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-payments 3.5.9 Missing.Authorization MEDIUM" "woocommerce-product-payments 3.2.8 Reflected.XSS HIGH" "woocommerce-product-payments 3.2.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-payments 3.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-plugin-lister No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "woocommerce-openpos 7.0.1 Unauthenticated.SQL.Injection HIGH" "woocommerce-openpos 7.0.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce-openpos 7.0.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wpstickybar-sticky-bar-sticky-header No.known.fix Reflected.XSS HIGH" "wpstickybar-sticky-bar-sticky-header No.known.fix Unauthenticated.SQLi HIGH" "wookit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-user-manager 2.9.12 Missing.Authorization.to.Carbon.Fields.Custom.Sidebar.Addition/Removal MEDIUM" "wp-user-manager 2.9.12 Missing.Authorization.to.Authenticated.(Subscriber+).User.Meta.Key.Enumeration MEDIUM" "wp-user-manager 2.9.11 Cross-Site.Request.Forgery MEDIUM" "wp-user-manager 2.6.3 Arbitrary.User.Password.Reset.to.Account.Compromise HIGH" "wp-bannerize No.known.fix 4.0.2.-.Authenticated.SQL.Injection HIGH" "windsor-strava-athlete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "windsor-strava-athlete No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-hr-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-gdpr 0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcomplete 2.9.5 Reflected.Cross-Site.Scripting HIGH" "woo-tools 1.2.10 Missing.Authorization.to.Authenticated.(Subscriber+)..Plugin.Module.Deactivation MEDIUM" "woocommerce-multilingual 5.3.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-multilingual 5.3.7 Missing.Authorization MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.5 Missing.Authorization MEDIUM" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Product.Editing HIGH" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Customer.Search HIGH" "wp-cart-for-digital-products 8.5.6 Settings.Reset.via.CSRF MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.via.$_SERVER['REQUEST_URI'] MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Customer.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Category.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Discount.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Coupon.Deletion.via.CSRF MEDIUM" "wp-fastest-cache 1.2.7 Admin+.Arbitrary.File.Deletion MEDIUM" "wp-fastest-cache 1.2.2 Unauthenticated.SQL.Injection HIGH" "wp-fastest-cache 1.1.5 Blind.SSRF.via.CSRF LOW" "wp-fastest-cache 1.1.3 Multiple.CSRF LOW" "wp-fastest-cache 0.9.5 Subscriber+.SQL.Injection HIGH" "wp-fastest-cache 0.9.5 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-fastest-cache 0.9.1.7 Authenticated.Arbitrary.File.Deletion.via.Path.Traversal LOW" "wp-fastest-cache 0.9.0.3 Cross-Site.Request.Forgery.(CSRF).Arbitrary.File.Deletion CRITICAL" "wp-fastest-cache 0.8.9.6 Directory.Traversal MEDIUM" "wp-fastest-cache 0.8.9.1 Unauthenticated.Arbitrary.File.Deletion HIGH" "wp-fastest-cache 0.8.8.6 CSRF.and.multiple.XSS CRITICAL" "wp-fastest-cache 0.8.7.5 Blind.SQL.Injection HIGH" "watchtowerhq 3.10.4 Authentication.Bypass.to.Administrator.due.to.Missing.Empty.Value.Check CRITICAL" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Access HIGH" "wp-expert-agent-xml-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Settings.Update MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "woofunnels-aero-checkout 3.11.0 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "wp-listings No.known.fix Missing.Authorization MEDIUM" "wp-listings No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-listings 2.0.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-seo-tdk No.known.fix Unauthenticated.Setting.Update.to.Stored.XSS HIGH" "wp-find-your-nearest No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordapp No.known.fix Authorization.Bypass.via.Insufficiently.Unique.Cryptographic.Signature CRITICAL" "woocommerce-digital-content-delivery-with-drm-flickrocket No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-htaccess-control No.known.fix Admin+.Stored.XSS LOW" "wp-cerber 9.5 IP.Protection.Bypass MEDIUM" "wp-cerber 9.2 Unauthenticated.Stored.XSS HIGH" "wp-cerber 9.3.3 User.Enumeration.Bypass.via.Rest.API LOW" "wp-cerber 9.1 Username.Enumeration.Bypass MEDIUM" "wp-cerber 8.9.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-cerber 8.9.3 Rest-API.Protection.Bypass MEDIUM" "wp-cerber 8.9.3 2FA.Authentication.Bypass MEDIUM" "wp-cerber 2.7 Unauthenticated.Stored.XSS MEDIUM" "xo-liteslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xo-liteslider 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "xpinner-lite No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "xagio-seo 7.0.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xo-security 1.5.3 XSS MEDIUM" "x-forms-express No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "xt-woo-variation-swatches 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-variation-swatches 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xforwoocommerce No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "xforwoocommerce 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "xo-event-calendar 2.3.7 Reflected.Cross-Site.Scripting HIGH" "xpresslane-integration-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "xt-woo-ajax-add-to-cart 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xtremelocator No.known.fix Xtreme.Locator.Dealer.Locator.Plugin.1,5.–.Authenticated.SQL.Injection HIGH" "xt-woo-points-rewards 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-points-rewards 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xpd-reduce-image-filesize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "xllentech-english-islamic-calendar 2.6.8 Authenticated.SQL.Injection MEDIUM" "xola-bookings-for-tours-activities No.known.fix Missing.Authorization MEDIUM" "xlsx-viewer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "xcloner-backup-and-restore 4.7.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "xcloner-backup-and-restore 4.3.6 Plugin.Settings.Reset MEDIUM" "xcloner-backup-and-restore 4.2.13 4.2.12.-.Unprotected.AJAX.Action CRITICAL" "xcloner-backup-and-restore 4.2.153 Cross-Site.Request.Forgery CRITICAL" "xcloner-backup-and-restore 3.1.5 Backup.and.Restore.<.3.1.5.-.Authenticated.Path.Traversal MEDIUM" "xcloner-backup-and-restore 3.1.3 Backup.and.Restore.3.1.2.-.XSS.&.Command.Execution MEDIUM" "xcloner-backup-and-restore 3.1.2 Backup.and.Restore.<.3.1.2.-.Multiple.Vulnerabilities.(RCE.&.LFI) HIGH" "xcloner-backup-and-restore 3.1.1 Backup.and.Restore.<.3.1.1.-.Multiple.Actions.CSRF HIGH" "xserver-migrator 1.6.2.1 Arbitrary.File.Upload.via.CSRF HIGH" "xt-woo-quick-view-lite 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-quick-view-lite 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xml-sitemap-feed 5.4.9 Unauthenticated.Local.File.Inclusion HIGH" "xatkit-chatbot-connector 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xqueue-maileon 2.16.1 Admin+.Stored.XSS LOW" "xpro-elementor-addons 1.4.6.3 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "xpro-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "xpro-elementor-addons 1.4.6.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "xpro-elementor-addons 1.4.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid.Widget MEDIUM" "xpro-elementor-addons 1.4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "xpro-elementor-addons 1.4.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "xpro-elementor-addons 1.4.3.1 Authenticated.(Admin+).Cross.Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xorbin-analog-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xserver-typesquare-webfonts 2.0.8 Missing.Authorization.via.typesquare_admin_init() MEDIUM" "xml-multilanguage-sitemap-generator No.known.fix Missing.Authorization MEDIUM" "xili-tidy-tags 1.12.05 Reflected.Cross-Site.Scripting MEDIUM" "xili-tidy-tags 1.12.04 Cross-Site.Request.Forgery MEDIUM" "xml-sitemaps-for-videos No.known.fix CSRF MEDIUM" "xorbin-digital-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xl-tab 1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "xl-tab 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xml-for-google-merchant-center 3.0.12 Reflected.Cross-Site.Scripting MEDIUM" "xml-for-google-merchant-center 3.0.2 Reflected.XSS HIGH" "yeemail 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yogo-booking 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yds-support-ticket-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "yds-support-ticket-system No.known.fix Cross-Site.Request.Forgery MEDIUM" "yotpo-reviews-for-woocommerce No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "yr-activity-link 1.2.4 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-recover-abandoned-cart 1.3.4 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-mailchimp 2.1.4 Subscriber+.Settings.Update MEDIUM" "yith-pre-order-for-woocommerce 1.2.1 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-best-sellers 1.1.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-affiliates 1.6.3 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-quick-view 1.21.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-quick-view 1.3.15 Subscriber+.Settings.Update MEDIUM" "yaad-sarig-payment-gateway-for-wc 2.2.5 Subscriber+.Log.Read/Deletion MEDIUM" "yith-woocommerce-multi-step-checkout 1.7.5 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-stripe 2.0.2 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-product-bundles 1.1.17 Subscriber+.Settings.Update MEDIUM" "yatri-tools No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yatri-tools 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yoo-slider 2.2.0 Reflected.Cross-Site.Scripting HIGH" "yoo-slider 2.1.0 Arbitrary.Template.Import.via.CSRF MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Creation/Edition.via.CSRF MEDIUM" "yoo-slider 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Duplication/Deletion.via.CSRF MEDIUM" "youtube-video-inserter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yop-poll 6.5.27 Unauthenticated.Vote.Manipulation.via.Race.Condition MEDIUM" "yop-poll 6.5.29 Reusable.Captcha.via.validateImage MEDIUM" "yop-poll 6.4.3 IP.Spoofing MEDIUM" "yop-poll 6.3.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Options.Module MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Preview.Module MEDIUM" "yop-poll 6.2.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.1.5 Authenticated.Stored.XSS LOW" "yop-poll 6.1.2 Reflected.Cross-Site.Scripting HIGH" "yop-poll 6.0.3 Cross-Site.Scripting.(XSS) MEDIUM" "yop-poll 5.8.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-order-tracking 2.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-order-tracking 1.2.11 Subscriber+.Settings.Update MEDIUM" "yt-player 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "yt-player 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yt-player 1.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "youtube-playlist-player 4.6.8 Contributor+.Stored.XSS MEDIUM" "youtube-playlist-player 4.6.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yummy-recipes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-infinite-scrolling 1.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yet-another-related-posts-plugin 5.30.11 Missing.Authorization MEDIUM" "yet-another-related-posts-plugin 5.30.10 Authenticated(Administrator+).Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.10 Admin+.Stored.XSS LOW" "yet-another-related-posts-plugin 5.30.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Subscriber+.SQLi HIGH" "yet-another-related-posts-plugin 5.30.5 Yet.Another.Related.Posts.Plugin.<.5.30.5.-.Subscriber+.LFI HIGH" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-zoom-magnifier 1.3.12 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-request-a-quote 1.6.4 Unauthorised.AJAX.call.via.CSRF MEDIUM" "yith-woocommerce-request-a-quote 1.4.9 Subscriber+.Settings.Update MEDIUM" "yotuwp-easy-youtube-embed 1.3.14 Unauthenticated.Local.File.Inclusion CRITICAL" "yotuwp-easy-youtube-embed 1.3.14 Authenticated.(Contributor+).Arbitrary.File.Inclusion.via.Shortcode MEDIUM" "yotuwp-easy-youtube-embed 1.3.13 Admin+.Stored.XSS LOW" "yikes-inc-easy-custom-woocommerce-product-tabs No.known.fix Shop.Manager+.PHP.Object.Injection MEDIUM" "yikes-inc-easy-custom-woocommerce-product-tabs 1.8.0 Admin+.Stored.XSS LOW" "yikes-inc-easy-custom-woocommerce-product-tabs 1.7.8 Unauthenticated.Toggle.Content.Setting.Update MEDIUM" "yawpp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yatra 2.1.15 Admin+.Stored.XSS LOW" "you-shang No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yith-color-and-label-variations-for-woocommerce 1.8.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-added-to-cart-popup 1.3.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-catalog-mode 2.16.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-authorizenet-payment-gateway 1.1.13 Subscriber+.Settings.Update MEDIUM" "yith-paypal-express-checkout-for-woocommerce 1.2.6 Subscriber+.Settings.Update MEDIUM" "yith-maintenance-mode 1.4.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.2.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-social-login 1.3.6 Subscriber+.Settings.Update MEDIUM" "yabp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youzify No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update.(save_addon_key_license) MEDIUM" "youzify No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "youzify 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Review.Deletion MEDIUM" "youzify 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.youzify_media.Shortcode MEDIUM" "youzify 1.3.1 Subscriber+.Arbitrary.Attachment.Deletion MEDIUM" "youzify 1.2.8 Missing.Authorization MEDIUM" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.3 Insecure.Direct.Object.Reference MEDIUM" "youzify 1.2.2 Contributor+.Stored.XSS MEDIUM" "youzify 1.2.0 Unauthenticated.SQLi HIGH" "youzify 1.0.7 Stored.Cross-Site.Scripting.via.Biography HIGH" "yayextra 1.3.8 Unauthenticated.Arbitrary.File.Upload.via.handle_upload_file.Function CRITICAL" "yith-woocommerce-product-vendors 3.8.1 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-vendors 3.4.1 Subscriber+.Settings.Update MEDIUM" "youneeq-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yourchannel 1.2.5 Multiple.CSRF MEDIUM" "yourchannel 1.2.6 Admin+.Stored.XSS LOW" "yourchannel 1.2.4 Unauthenticated.Settings.Reset MEDIUM" "yourchannel 1.2.2 Subscriber+.Stored.XSS HIGH" "yourchannel 1.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "youtube-showcase 3.4.0 Missing.Authorization.to.Arbitrary.Post/Page.Creation MEDIUM" "youtube-showcase 3.3.6 Settings.Update.via.CSRF MEDIUM" "yith-woocommerce-compare 2.38.0 Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-compare 2.20.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-compare 2.3.15 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-tab-manager 1.35.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-search 2.8.1 Unauthenticated.SQL.Injection HIGH" "yith-woocommerce-ajax-search 2.7.1 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-ajax-search 2.4.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yith-woocommerce-ajax-search 1.7.1 Subscriber+.Settings.Update MEDIUM" "youmax-channel-embeds-for-youtube-businesses No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-ajax-navigation 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-navigation 3.11.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "yith-product-size-charts-for-woocommerce 1.1.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-account-funds-premium 1.34.0 Missing.Authorization MEDIUM" "yith-woocommerce-gift-cards-premium 3.20.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "yith-woocommerce-gift-cards-premium 3.3.1 RCE.via.Arbitrary.File.Upload CRITICAL" "yahoo-media-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-waiting-list 1.3.11 Subscriber+.Settings.Update MEDIUM" "youtube-feeder No.known.fix CSRF.to.Stored.XSS HIGH" "yotpo-social-reviews-for-woocommerce 1.7.10 Reflected.Cross-Site.Scripting MEDIUM" "youtube-video-player 2.6.4 Admin+.Stored.XSS LOW" "youtube-video-player 2.3.9 Contributor+.Stored.XSS MEDIUM" "youtube-embed-plus 11.8.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yith-custom-thank-you-page-for-woocommerce 1.1.8 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-subscription 1.3.6 Subscriber+.Settings.Update MEDIUM" "yuzo-related-post 5.12.94 Unauthenticated.Call.Any.Action.or.Update.Any.Option MEDIUM" "youram-youtube-embed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.14.2 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.13.1 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.9.3 Unauthenticated.Content.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.6.0 Unuathenticated.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.3.1 Authenticated(Shop.Manager+).PHP.Object.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.2.1 Missing.Authorization MEDIUM" "yith-woocommerce-product-add-ons 2.1.0 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-add-ons 2.1.0 Authenticated.Local.File.Inclusion MEDIUM" "yith-woocommerce-product-add-ons 1.5.23 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-bulk-product-editing 1.2.15 Subscriber+.Settings.Update MEDIUM" "youtube-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-frequently-bought-together 1.2.11 Subscriber+.Settings.Update MEDIUM" "youtube-channel 3.23.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "youtube-channel 3.23.0 Admin+.Stored.XSS LOW" "yada-wiki 3.4.1 Contributor+.Stored.XSS MEDIUM" "yandexnews-feed-by-teplitsa No.known.fix Admin+.Stored.XSS LOW" "yt-cookie-nonsense No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yumpu-epaper-publishing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yumpu-epaper-publishing 3.0.0 Missing.Authorization.to.PDF.Upload,.Publishing,.and.API.Key.Modification MEDIUM" "yith-custom-login 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "yith-custom-login 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-advanced-refund-system-for-woocommerce 1.0.12 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-advanced-reviews 1.4.0 Subscriber+.Settings.Update MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.5 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.5.9 Admin+.Stored.XSS LOW" "yellow-pencil-visual-theme-customizer 7.5.4 Reflected.Cross-Site.Scripting HIGH" "yellow-pencil-visual-theme-customizer 7.2.1 Unauthenticated.Arbitrary.Options.Updates HIGH" "yamaps No.known.fix Contributor+.Stored.XSS MEDIUM" "yamaps 0.6.26 Contributor+.Stored.XSS MEDIUM" "youtube-channel-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yith-essential-kit-for-woocommerce-1 2.35.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Install,.Activation,.and.Deactivation MEDIUM" "yith-essential-kit-for-woocommerce-1 2.14.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yphplista No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yphplista No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-points-and-rewards 1.3.6 Subscriber+.Settings.Update MEDIUM" "youtube-speedload No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-gift-cards 4.13.0 Missing.Authorization.to.Unauthenticated.WooCommerce.Settings.Update MEDIUM" "yith-woocommerce-gift-cards 1.3.8 Subscriber+.Settings.Update MEDIUM" "yet-another-stars-rating 3.4.4 Missing.Authorization.via.init MEDIUM" "yet-another-stars-rating 3.4.2 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 3.1.3 Subscriber+.Stored.XSS HIGH" "yet-another-stars-rating 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yet-another-stars-rating 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 1.8.7 PHP.Object.Injection HIGH" "youtube-embed 5.2.2 Contributor+.Stored.XSS MEDIUM" "youtube-embed 3.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yith-woocommerce-pdf-invoice 1.2.13 Subscriber+.Settings.Update MEDIUM" "yacp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-brands-add-on 1.3.7 Subscriber+.Settings.Update MEDIUM" "yookassa 2.3.1 Subscriber+.Arbitrary.Settings.Update MEDIUM" "yookassa 2.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "yaysmtp 2.4.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "yaysmtp 2.2.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.1 Subscriber+.Logs.Disclosure MEDIUM" "yaysmtp 2.2.1 Subscriber+.SMTP.Credentials.Leak MEDIUM" "yith-woocommerce-questions-and-answers 1.2.0 Subscriber+.Settings.Update MEDIUM" "youtube-widget-responsive 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "yith-woocommerce-badges-management 1.3.21 Subscriber+.Settings.Update MEDIUM" "yith-desktop-notifications-for-woocommerce 1.2.8 Subscriber+.Settings.Update MEDIUM" "yoo-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 3.33.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 3.15.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-wishlist 2.2.14 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-cart-messages 1.4.5 Subscriber+.Settings.Update MEDIUM" "youforms-free-for-copecart No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yellow-yard 2.8.12 Contributor+.Stored.XSS MEDIUM" "yellow-yard 2.8.12 Reflected.Cross-Site.Scripting HIGH" "yesno 1.0.12 Authenticated.(contributor+).Blind.SQL.Injection HIGH" "yandex-money-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yandex-money-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yandex-money-button 2.4.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ymc-states-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 3.10.8 Reflected.XSS HIGH" "yikes-inc-easy-mailchimp-extender No.known.fix Missing.Authorization MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Sensitive.Information.Exposure.via.logfile HIGH" "yikes-inc-easy-mailchimp-extender 6.9.0 Admin+.Stored.Cross-Site.Scripting LOW" "yikes-inc-easy-mailchimp-extender 6.8.9 Reflected.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.8 Reflected.XSS HIGH" "yikes-inc-easy-mailchimp-extender 6.8.7 Contributor+.Stored.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.9 Admin+.Stored.XSS LOW" "yikes-inc-easy-mailchimp-extender 6.8.6 Reflected.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-mailchimp-extender 6.6.3 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "ymc-smart-filter 2.8.34 Cross-Site.Request.Forgery MEDIUM" "ymc-smart-filter 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ymc-smart-filter 2.8.33 Unauthenticated.LFI CRITICAL" "youzify-moderation No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "zip-codes-redirect 5.1.2 Reflected.Cross-Site.Scripting MEDIUM" "zip-codes-redirect 4.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "zooom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zajax-ajax-navigation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zm-gallery No.known.fix ZM.Gallery.1,0.–.Authenticated.Blind.SQL.Injection HIGH" "ziteboard-online-whiteboard 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ziteboard.Shortcode MEDIUM" "zendesk-help-center 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "zemanta No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Attachment.Upload.and.Set.Post.Featured.Image MEDIUM" "zij-kart No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "zoho-crm-forms 1.7.9.8 Contributor+.SQL.Injection MEDIUM" "zoho-crm-forms 1.7.8.9 Reflected.Cross-Site.Scripting MEDIUM" "zoho-crm-forms 1.7.6.2 Subscriber+.Arbitrary.Options.Update HIGH" "zoho-crm-forms 1.7.2.9 Admin+.Stored.Cross-Site.Scripting LOW" "zoho-crm-forms 1.6.9.2 Authenticated.Cross.Site.Scripting.(XSS) MEDIUM" "zx-csv-upload No.known.fix ZX_CSV.Upload.1.–.Authenticated.SQL.Injection HIGH" "zoho-forms 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-forms 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "zoho-forms 3.0.1 Contributor+.Stored.XSS MEDIUM" "zerobounce 1.0.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "zalomeni No.known.fix Admin+.Stored.XSS LOW" "zita-site-library 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "zita-site-library 1.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "zita-site-library 1.6.3 Missing.Authorization.to.Page.Creation.and.Options.Modification MEDIUM" "zoho-marketinghub 1.2.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zoho-campaigns 2.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_optin_save MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_integration_disconnect MEDIUM" "zoho-campaigns 2.0.7 Authenticated.(Contributor+).SQL.Injection CRITICAL" "z-downloads 1.11.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "z-downloads 1.11.6 Unauthenticated.Stored.XSS HIGH" "z-downloads 1.11.5 Admin+.Arbitrary.File.Upload MEDIUM" "z-downloads 1.11.7 Admin+.Stored.XSS.via.SVG.Upload LOW" "z-downloads 1.11.4 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "zen-mobile-app-native No.known.fix Remote.File.Upload HIGH" "zlick-paywall 2.2.2 CSRF.Bypasses LOW" "zephyr-modern-admin-theme 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zip-attachments 1.5 Arbitrary.File.Download HIGH" "zero-spam 5.5.7 Spam.Protection.Bypass MEDIUM" "zero-spam 5.4.5 Admin+.SQL.Injection MEDIUM" "zero-spam 5.2.11 Admin+.SQL.Injection MEDIUM" "z-inventory-manager 3.1.7 Unauthenticated.PHP.Object.Injection CRITICAL" "zip-recipes No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "zip-recipes 8.1.1 Authenticated(Contributor+).SQL.Injection HIGH" "zip-recipes 8.0.8 Cross-Site.Request.Forgery MEDIUM" "zip-recipes 8.0.8 Multiple.CSRF MEDIUM" "zip-recipes 8.0.7 Reflected.XSS HIGH" "z-url-preview 2.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "zionbuilder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zionbuilder 3.6.10 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "zero-bs-crm 5.5.1 CRM.Admin+.XSS LOW" "zero-bs-crm 5.5.1 Client+.XSS MEDIUM" "zero-bs-crm 5.4.0 PHAR.Deserialisation.via.CSRF HIGH" "zero-bs-crm 5.5.0 Admin+.Stored.XSS LOW" "zero-bs-crm 5.5 Contributor+.Stored.XSS MEDIUM" "zero-bs-crm 5.4.3 Admin+.Cross-Site.Scripting LOW" "zero-bs-crm 4.2.4 Unauthorized.Invoice.Disclosure LOW" "zoho-salesiq 1.0.9 XSS.&.CSRF HIGH" "zippy 1.6.10 Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "znajdz-prace-z-pracapl No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zeno-font-resizer 1.8.0 Admin+.Stored.XSS LOW" "zartis-job-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zd-youtube-flv-player No.known.fix Server-Side.Request.Forgery HIGH" "zephyr-project-manager 3.3.103 Missing.Authorization.to.Authenticated.(Subscriber+).Status.Updates MEDIUM" "zephyr-project-manager 3.3.103 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "zephyr-project-manager 3.3.102 Authenticated.(Subscriber+).Limited.Privilege.Escalation HIGH" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.filename.Parameter MEDIUM" "zephyr-project-manager 3.3.100 Unauthenticated.Information.Exposure MEDIUM" "zephyr-project-manager 3.3.99 Editor+.XSS LOW" "zephyr-project-manager 3.3.99 Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "zephyr-project-manager 3.3.94 Plugin.Data.Deletion.via.CSRF MEDIUM" "zephyr-project-manager 3.2.55 Unauthorised.AJAX.Calls.To.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.2.5 Multiple.Unauthenticated.SQLi CRITICAL" "zephyr-project-manager 3.2.5 Unauthorised.REST.Calls.to.Stored.XSS HIGH" "zephyr-project-manager 3.2.41 Reflected.Cross-Site.Scripting MEDIUM" "zm-ajax-login-register No.known.fix Unauthenticated.Authentication.Bypass CRITICAL" "zarinpal-paid-downloads No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "zarinpal-paid-downloads No.known.fix Reflected.XSS HIGH" "zarinpal-paid-downloads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Option.Deletion CRITICAL" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "zynith-seo No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "zoho-flow 2.8.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "zotpress 7.3.13 Missing.Authorization MEDIUM" "zotpress 7.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zotpress 7.3.10 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "zotpress 7.3.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zotpress 7.3.5 Reflected.XSS HIGH" "zotpress 7.3.4 Unauthenticated.Reflected.XSS HIGH" "zotpress 6.1.3 SQL.Injection CRITICAL")
+	releases_plugins=("360deg-javascript-viewer 1.7.31" "1-click-close-store 1.1.0" "3d-photo-gallery 1.3" "2j-slideshow 1.3.54" "4k-icon-fonts-for-visual-composer 1.0" "audio-player 2.0.4.6" "advanced-sermons 3.6" "advanced-testimonial-carousel-for-elementor 3.1.0" "auto-seo 2.6.6" "atarim-visual-collaboration 4.1.3" "alipay 3.7.2" "bread-butter 7.6.947" "basepress-migration-tools 1.0.0" "css-for-elementor 1.0.8.7" "contact-form-7-skins 2.6.5" "common-ninja 1.1.0" "duplicate-page 4.5.4" "devformatter 2015.0.2.1" "email-newsletter 20.15" "easy-digital-downloads 3.3.6.1" "freemind-wp-browser 1.2" "gift-up 2.26.2" "g-business-reviews-rating 5.10" "heat-trackr 1.01" "horoscope-and-tarot 1.3.2" "ipanorama-360-virtual-tour-builder-lite 1.9.0" "include-fussball-de-widgets 4.0.0" "jlayer-parallax-slider-wp 1.0" "kitestudio-core 2.9.1" "knight-lab-timelinejs 3.9.3.4" "list-category-posts 0.90.3" "live-chat-facebook-fanpage 3.1.1" "misiek-paypal v1.1.20090324" "masterbip-for-elementor 1.6.3" "new-order-notification-for-woocommerce 2.0.2" "option-tree 2.7.3" "popliup 1.1.1" "ptoffice-sign-ups 1.0.5" "qodeblock 2.0" "quick-adsense-reloaded 2.0.88" "responsive-filterable-portfolio 1.0.23" "random-sorting-order-for-woocommerce 1.0" "subscribe-to-comments-reloaded 240119" "site-offline 1.5.7" "simple-gallery-with-filter 2.1.1" "simply-schedule-appointments 1.6.8.9" "total-sales-for-woocommerce 1.1" "teachpress 9.0.9" "upfiv-complete-all-in-one-seo-wizard 1.0.6" "userplus 2.0" "video-metabox 1.2" "wp-opensearch 1.0" "webp-svg-support 1.4.0" "wp-experiments-free 9.0.4" "wp24-domain-check 1.11.0" "wp-table-pixie 1.3.1" "xen-carousel 0.12.2" "xtra-settings 2.1.8" "yawpp 1.2.2" "years-since 1.4.1" "zingiri-tickets 3.0.3")
+	vulns_plugins=("4k-icon-fonts-for-visual-composer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "3d-photo-gallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "12-step-meeting-list 3.16.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "12-step-meeting-list 3.16.6 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion MEDIUM" "12-step-meeting-list 3.14.34 Reflected.Cross-Site.Scripting MEDIUM" "12-step-meeting-list 3.14.29 Subscriber+.CSV.Download MEDIUM" "12-step-meeting-list 3.14.25 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting.via.'post' MEDIUM" "2j-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "2j-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "1-click-close-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3d-viewer 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "3d-viewer 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "3d-flipbook-dflip-lite 2.3.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.3.42 Reflected.Cross-Site.Scripting MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 2.2.27 Contributor+.Stored.XSS MEDIUM" "3d-flipbook-dflip-lite 1.7.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "404-redirection-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "404-redirection-manager No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "2mb-autocode 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "3dprint-lite 2.1 Settings.Update.via.CSRF MEDIUM" "3dprint-lite 1.9.1.6 Reflected.Cross-Site.Scripting HIGH" "3dprint-lite 1.9.1.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "404page 11.4.8 Reflected.Cross-Site.Scripting MEDIUM" "17track No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "3d-presentation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "3d-cover-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "2kb-amazon-affiliates-store No.known.fix Reflected.XSS MEDIUM" "2kb-amazon-affiliates-store 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "3com-asesor-de-cookies No.known.fix Admin+.Stored.XSS LOW" "123contactform-for-wordpress No.known.fix Validation.Bypass.via.Plugin.Verification MEDIUM" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "123contactform-for-wordpress No.known.fix Unauthenticated.Arbitrary.Post.Creation HIGH" "404-to-301 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "404-to-301 3.0.9 Logs.Deletion.via.CSRF MEDIUM" "404-to-301 3.0.8 Broken.Access.Control MEDIUM" "404-to-301 3.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "404-to-301 2.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "012-ps-multi-languages No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "360deg-javascript-viewer 1.7.30 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "360deg-javascript-viewer 1.7.13 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "360deg-javascript-viewer 1.7.12 Unauthenticated.Settings.Update MEDIUM" "360deg-javascript-viewer 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "404-solution 2.35.20 Reflected.Cross-Site.Scripting MEDIUM" "404-solution 2.35.18 Missing.Authentication.to.Sensitive.Information.Exposure MEDIUM" "404-solution 2.35.8 Admin+.SQL.Injection MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "404-solution 2.35.0 Admin+.SQLi MEDIUM" "404-solution 2.33.1 Sensitive.Information.Exposure MEDIUM" "5-anker-connect 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.3.02 Missing.Authorization MEDIUM" "5-stars-rating-funnel 1.2.63 Reflected.Cross-Site.Scripting MEDIUM" "5-stars-rating-funnel 1.2.53 Unauthenticated.SQLi HIGH" "5-stars-rating-funnel 1.2.54 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "8-degree-notification-bar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "360-product-rotation No.known.fix Reflected.XSS MEDIUM" "360-product-rotation 1.4.8 Reflected.XSS MEDIUM" "3xsocializer No.known.fix Subscriber+.SQLi MEDIUM" "3d-avatar-user-profile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "1003-mortgage-application No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "1003-mortgage-application No.known.fix Missing.Authorization MEDIUM" "3-word-address-validation-field 4.0.16 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "3-word-address-validation-field 4.0.0 Admin+.Sensitive.Information.Disclosure LOW" "5centscdn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "5280-bootstrap-modal-contact-form No.known.fix Cross-Site.Request.Forgery.to.Bulk.Delete.Messages MEDIUM" "99fy-core 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "99fy-core 1.2.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "3dvieweronline-wp 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "59sec-lite-contact-form-7-push-notifications-on-ios-and-android No.known.fix Unauthenticated.Settings.Update MEDIUM" "0mk-shortener No.known.fix Stored.XSS.via.CSRF HIGH" "0mk-shortener No.known.fix Admin+.Stored.XSS LOW" "123-chat-videochat No.known.fix Video.Chat.<=.1.3.1.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "123-chat-videochat 1.3.1 Admin+.Stored.XSS LOW" "1app-business-forms No.known.fix Author+.Stored.XSS MEDIUM" "4ecps-webforms No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "4ecps-webforms No.known.fix Admin+.Stored.XSS LOW" "2d-tag-cloud-widget-by-sujin No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "404-to-start No.known.fix Admin+.Stored.XSS LOW" "10centmail-subscription-management-and-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "4-author-cheer-up-donate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "404s 3.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "3dady-real-time-web-stats No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "404-error-monitor No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update.via.updatePluginSettings.Function MEDIUM" "3dprint 3.5.6.9 Arbitrary.File.and.Directory.Deletion.via.CSRF HIGH" "3dprint 3.5.6.9 CSRF.to.arbitrary.file.downlad HIGH" "1-click-migration No.known.fix Cross-Site.Request.Forgery.to.Backup.Process.Cancellation MEDIUM" "1-click-migration No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Database.Backup.in.class-ocm-backup.php MEDIUM" "10to8-online-booking 1.1.0 Contributor+.Stored.XSS MEDIUM" "99robots-header-footer-code-manager-pro 1.0.17 Reflected.Cross-Site.Scripting.via.message MEDIUM" "advanced-testimonial-carousel-for-elementor 3.0.1 Missing.Authorization MEDIUM" "ajax-rating-with-custom-login No.known.fix Unauthenticated.SQL.Injection HIGH" "admin-renamer-extended No.known.fix CSRF MEDIUM" "auto-seo 2.6.6 Stored.XSS.via.CSRF HIGH" "auto-featured-image-auto-generated 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "adsplacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-invite-codes 1.0.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ap-contact-form 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aqua-svg-sprite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "alloggio-membership 1.2 Authentication.Bypass CRITICAL" "anspress-question-answer 4.3.2 Editor+.Stored.XSS MEDIUM" "advanced-sermons 3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-sermons 3.2 Reflected.Cross-Site.Scripting.via.s MEDIUM" "advanced-sermons 3.3 Reflected.Cross-Site.Scripting MEDIUM" "add-rss No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "admin-page-framework 3.9.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "add-comments No.known.fix Admin+.Stored.XSS LOW" "all-in-one-wp-security-and-firewall 5.2.7 Cross-Site.Request.Forgery.to.IP.Blocking MEDIUM" "all-in-one-wp-security-and-firewall 5.2.6 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-wp-security-and-firewall 5.2.5 Protection.Bypass.of.Renamed.Login.Page.via.URL.Encoding MEDIUM" "all-in-one-wp-security-and-firewall 5.2.0 Insecure.Storage.of.Password MEDIUM" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Arbitrary.File/Folder.Access.via.Traversal MEDIUM" "all-in-one-wp-security-and-firewall 5.1.5 Admin+.Stored.XSS LOW" "all-in-one-wp-security-and-firewall 5.1.3 Configuration.Leak MEDIUM" "all-in-one-wp-security-and-firewall 5.1.1 Bulk.Actions.via.CSRF MEDIUM" "all-in-one-wp-security-and-firewall 5.0.8 IP.Spoofing MEDIUM" "all-in-one-wp-security-and-firewall 4.4.11 Authenticated.Arbitrary.Redirect./.Reflected.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-security-and-firewall 4.4.4 CSRF.&.XSS LOW" "all-in-one-wp-security-and-firewall 4.4.2 Open.Redirect.&.Hidden.Login.Page.Exposure MEDIUM" "all-in-one-wp-security-and-firewall 4.2.2 Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.2.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-security-and-firewall 4.1.3 Multiple.vulnerabilities.in.login.CAPTCHA MEDIUM" "all-in-one-wp-security-and-firewall 4.0.9 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.7 Multiple.SQL.Injections MEDIUM" "all-in-one-wp-security-and-firewall 4.0.6 XSS MEDIUM" "all-in-one-wp-security-and-firewall 4.0.5 XSS CRITICAL" "agency-toolkit 1.0.24 Unauthenticated.Arbitrary.Options.Update CRITICAL" "azurecurve-toggle-showhide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Cross-Site.Request.Forgery MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor No.known.fix Missing.Authorization MEDIUM" "all-contact-form-integration-for-elementor 2.9.9.8 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "all-contact-form-integration-for-elementor 2.9.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "arscode-ninja-popups No.known.fix Unauthenticated.Open.Redirect MEDIUM" "attributes-for-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.attributesForBlocks.Parameter MEDIUM" "advanced-coupons-for-woocommerce-free 4.5.0.1 Notice.Dismiss.via.CSRF MEDIUM" "anual-archive No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anual-archive 1.6.0 Contributor+.Stored.XSS MEDIUM" "advanced-online-ordering-and-delivery-platform No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "azw-woocommerce-file-uploads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "azw-woocommerce-file-uploads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-facebook-twitter-widget No.known.fix Admin+.Stored.XSS LOW" "asmember No.known.fix Admin+.Stored.XSS LOW" "add-instagram No.known.fix Admin+.Stored.XSS LOW" "awin-data-feed 1.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "awin-data-feed 1.8 Reflected.Cross-Site.Scripting MEDIUM" "adsmiddle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "apexchat 1.3.2 Admin+.Stored.XSS LOW" "adsensei-b30 3.1.3 Reflected.Cross-Site.Scripting HIGH" "accesspress-anonymous-post-pro 3.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ahmeti-wp-guzel-sozler No.known.fix Cross-Site.Request.Forgery MEDIUM" "about-rentals No.known.fix Unauthenticated.Actions HIGH" "advanced-product-labels-for-woocommerce 1.2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "armember-membership 4.0.52 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "armember-membership 4.0.38 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "armember-membership 4.0.31 Open.Redirect MEDIUM" "armember-membership 4.0.29 Missing.Authorization MEDIUM" "armember-membership 4.0.28 Directory.Traversal.via.X-FILENAME MEDIUM" "armember-membership 4.0.27 Authenticated.(Contributor+).PHP.Object.Injection CRITICAL" "armember-membership 4.0.27 Unauthenticated.PHP.Object.Injection CRITICAL" "armember-membership 4.0.24 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "armember-membership 4.0.25 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "armember-membership 4.0.23 Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.11 Subscriber+.Privilege.Escalation HIGH" "armember-membership 4.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "armember-membership 4.0.17 Membership.<.4.0.17.-.Admin+.Stored.XSS MEDIUM" "armember-membership 4.0.6 ARMember.Cross-Site.Request.Forgery MEDIUM" "armember-membership 4.0.3 Admin+.Stored.XSS LOW" "armember-membership 4.0.2 Reflected.XSS HIGH" "armember-membership 4.0 Unauthenticated.SQLi HIGH" "armember-membership 3.4.8 Unauthenticated.Admin.Account.Takeover CRITICAL" "admin-bar 1.0.23 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "audio-comparison-lite 3.5 Contributor+.Stored.XSS MEDIUM" "altima-lookbook-free-for-woocommerce No.known.fix Refletced.Cross-Site.Scripting MEDIUM" "add-infos-to-the-events-calendar 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ait-csv-import-export No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "atomchat 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atomchat.Shortcode MEDIUM" "atomchat 1.1.5 Unauthenticated.Credits.Update MEDIUM" "admin-menu-organizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-linked-images-to-gallery-v01 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "article-analytics No.known.fix Unauthenticated.SQL.injection HIGH" "awesome-responsive-photo-gallery 1.2 Missing.Authorization MEDIUM" "awesome-responsive-photo-gallery 2.1 Reflected.Cross-Site.Scripting MEDIUM" "amo-team-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.amoteam_skills.Shortcode MEDIUM" "appointment-booking-calendar 1.3.83 CSRF.appointment.scheduling MEDIUM" "appointment-booking-calendar 1.3.70 Feedback.Submission.via.CSRF MEDIUM" "appointment-booking-calendar 1.3.35 CSV.Injection MEDIUM" "appointment-booking-calendar 1.3.35 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "appointment-booking-calendar 1.3.19 Unauthenticated.Stored.XSS MEDIUM" "appointment-booking-calendar 1.1.25 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.24 Unauthenticated.SQL.Injection CRITICAL" "appointment-booking-calendar 1.1.8 Multiple.Reflected.Cross-Site.Scripting.(XSS).and.SQL.Injection HIGH" "all-404-pages-redirect-to-homepage 2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "axeptio-sdk-integration 2.5.5 Unauthenticated.Local.File.Inclusion CRITICAL" "apex-notification-bar-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "auyautochat-for-wp No.known.fix Unauthenticated.Stored.XSS HIGH" "awesome-hooks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "akismet-privacy-policies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accesspress-custom-css 2.0.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aesop-story-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "auto-prune-posts 3.0.0 Admin+.Stored.XSS LOW" "auto-prune-posts 2.0.0 Post.Deletion.Settings.Update.via.CSRF MEDIUM" "accessibility-widget 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ahime-image-printer No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "additional-product-fields-for-woocommerce 1.2.134 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "additional-product-fields-for-woocommerce 1.2.105 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "animategl No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "animategl 1.4.18 Reflected.Cross-Site.Scripting MEDIUM" "actionwear-products-sync 2.3.3 Unauthenticated.Full.Patch.Disclosure MEDIUM" "all-in-one-wp-migration-box-extension 1.54 Unauthenticated.Access.Token.Update MEDIUM" "aklamator-infeed No.known.fix Admin+.Stored.XSS LOW" "aklamator-infeed No.known.fix Reflected.XSS HIGH" "asgard No.known.fix Reflected.XSS HIGH" "ays-popup-box 4.9.8 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "ays-popup-box 4.7.8 Admin+.Stored.XSS LOW" "ays-popup-box 4.5.2 Missing.Authorization MEDIUM" "ays-popup-box 4.1.3 Cross-Site.Request.Forgery MEDIUM" "ays-popup-box 4.3.7 Missing.Authorization.to.Information.Exposure MEDIUM" "ays-popup-box 20.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 7.9.0 Admin+.Stored.XSS LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Popup.Settings LOW" "ays-popup-box 3.8.6 Admin+.Stored.XSS.in.Categories LOW" "ays-popup-box 3.7.9 Admin+.Stored.XSS LOW" "ays-popup-box 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "ays-popup-box 3.4.5 Reflected.XSS HIGH" "ays-popup-box 2.3.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-popup-box 2.3.4 Authenticated.Blind.SQL.Injections HIGH" "all-in-one-schemaorg-rich-snippets 1.6.6 All.In.One.Schema.Rich.Snippets.<.1.6.6.-.Multiple.CSRF MEDIUM" "all-in-one-schemaorg-rich-snippets 1.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ajax-filter-posts 3.4.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ajax-filter-posts No.known.fix Missing.Authorization.to.Unauthenticated.Local.PHP.File.Inclusion CRITICAL" "ajax-filter-posts 3.4.11 Reflected.Cross-Site.Scripting MEDIUM" "ajax-filter-posts 3.4.12 Contributor+.Stored.XSS MEDIUM" "ajax-filter-posts 3.4.8 Missing.Authorization MEDIUM" "agendapress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "agendapress 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "agendapress 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a-staff No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "a-staff No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a-staff No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "admin-menu No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "affiliate-tools-viet-nam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-translate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Custom.Font MEDIUM" "antispam-bee 2.11.4 IP.Address.Spoofing.via.get_client_ip MEDIUM" "advanced-post-block 1.13.5 Unauthenticated.Arbitrary.Post.Access MEDIUM" "attendance-manager 0.5.7 CSRF.&.XSS HIGH" "armember 6.7.1 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "armember 5.6 Unauthenticated.Privilege.Escalation CRITICAL" "all-bootstrap-blocks 1.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.20 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "all-bootstrap-blocks 1.3.20 Contributor+.Stored.XSS MEDIUM" "all-bootstrap-blocks 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-bootstrap-blocks 1.3.7 Cross-Site.Request.Forgery MEDIUM" "advanced-most-recent-posts-mod No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "abcbiz-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-tiktok-advertising-pixel 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "atlas-knowledge-base No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atlas-knowledge-base No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-b2b-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "all-in-one-b2b-for-woocommerce No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "alley-elementor-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-instagram-feed 4.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "awesome-progess-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "avartan-slider-lite No.known.fix Reflected.XSS HIGH" "artibot No.known.fix Authenticated.(Admin+).Cross-Site.Scripting MEDIUM" "artibot No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "ads-txt-admin No.known.fix Cross-Site.Request.Forgery MEDIUM" "ajax-extend No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "annasta-woocommerce-product-filters 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "annasta-woocommerce-product-filters 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "atarim-visual-collaboration 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 4.0.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 4.1.0 Missing.Authorization.to.Authenticated.(Subscriber+).Project.Page/File.Deletion MEDIUM" "atarim-visual-collaboration 4.0.2 Missing.Authorization.via.remove_feedbacktool_notice() MEDIUM" "atarim-visual-collaboration 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "atarim-visual-collaboration 4.0.1 Missing.Authorization MEDIUM" "atarim-visual-collaboration 3.32 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "atarim-visual-collaboration 3.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "atarim-visual-collaboration 3.30 Unauthenticated.Settings.Update,.Post.Deletion.etc HIGH" "atarim-visual-collaboration 3.13 Unauthenticated.Stored.XSS HIGH" "atarim-visual-collaboration 3.9.4 Admin+.Stored.XSS LOW" "accordions-wp 2.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.accordion.settings MEDIUM" "accordions-wp 2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "anycomment 0.0.99 Reflected.Cross-Site.Scripting MEDIUM" "anycomment 0.2.18 Arbitrary.HyperComments.Import/Revert.via.CSRF MEDIUM" "anycomment 0.2.18 Comment.Rating.Increase/Decrease.via.Race.Condition LOW" "anycomment 0.3.5 Open.Redirect MEDIUM" "anycomment 0.0.33 XSS MEDIUM" "ap-mega-menu 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-mega-menu 3.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "advanced-database-replacer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-replacer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "appmysite 3.11.1 Unauthenticated.Information.Disclsoure MEDIUM" "ap-custom-testimonial 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "ap-custom-testimonial 1.4.8 Admin+.SQL.Injection MEDIUM" "ap-custom-testimonial 1.4.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "animated-counters No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "animated-counters 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-free-flat-shipping-woocommerce 1.6.4.6 Cross-Site.Request.Forgery MEDIUM" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "advance-post-prefix No.known.fix Admin+.SQL.Injection MEDIUM" "advance-post-prefix No.known.fix Reflected.XSS HIGH" "automatic-youtube-gallery 2.3.5 Missing.Authorization.via.AJAX.actions MEDIUM" "automatic-youtube-gallery 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "automatic-youtube-gallery 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-domain-checker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-embed-addons-for-elementor 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amilia-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "acl-floating-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment-hour-booking 1.4.57 Captcha.Bypass MEDIUM" "appointment-hour-booking 1.3.73 CAPTCHA.Bypass MEDIUM" "appointment-hour-booking 1.3.73 Unauthenticated.iFrame.Injection HIGH" "appointment-hour-booking 1.3.73 CSV.Injection MEDIUM" "appointment-hour-booking 1.3.72 Feedback.Submission.via.CSRF MEDIUM" "appointment-hour-booking 1.3.56 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.3.17 Authenticated.Stored.XSS LOW" "appointment-hour-booking 1.3.16 Admin+.Stored.Cross-Site.Scripting LOW" "appointment-hour-booking 1.1.46 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "administrator-z 2024.10.21 Subscriber+.SQL.Injection HIGH" "affiliator-lite No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "appmaps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "add-to-calendar-button 1.5.1 Contributor+.Stored.XSS MEDIUM" "acymailing 9.11.1 Reflected.Cross-Site.Scripting MEDIUM" "acymailing 9.8.0 Authenticated.(Subscriber+).Arbitrary.File.Upload.via.acym_extractArchive.Function HIGH" "acymailing 8.6.3 Reflected.XSS HIGH" "acymailing 7.5.0 Open.Redirect MEDIUM" "auto-terms-of-service-and-privacy-policy 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "ai-image-alt-text-generator-for-wp 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "alkubot 3.0.0 Unauthorised.AJAX.call.via.CSRF MEDIUM" "amazonjs No.known.fix Contributor+.Stored.XSS MEDIUM" "alfred-click-collect No.known.fix Admin+.Stored.XSS LOW" "automated-editor No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "admin-menu-restriction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "author-discussion No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "agenteasy-properties No.known.fix Admin+.Stored.XSS LOW" "anti-plagiarism No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "admin-speedo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-any-extension-to-pages 1.5 Cross-Site.Request.Forgery.via.aaetp_options_page MEDIUM" "access-demo-importer 1.0.8 Data.Reset.via.CSRF HIGH" "access-demo-importer 1.0.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "access-demo-importer 1.0.7 Subscriber+.Arbitrary.File.Upload HIGH" "ask-me-anything-anonymously No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-wp-migration-gdrive-extension 2.80 Unauthenticated.Access.Token.Update MEDIUM" "arabic-webfonts No.known.fix Missing.Authorization MEDIUM" "advanced-popups 1.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "advanced-category-and-custom-taxonomy-image 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_tax_image.Shortcode MEDIUM" "apply-online 2.6.7.2 Missing.Authorization MEDIUM" "apply-online 2.6.3 Unauthenticated.Application.File.Access MEDIUM" "apply-online 2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "apply-online 2.5.4 Missing.Authorization LOW" "apply-online 2.5.3 Reflected.XSS HIGH" "apply-online 2.5.6 Admin+.Stored.XSS LOW" "acf-frontend-display No.known.fix Arbitrary.File.Upload CRITICAL" "achilles-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-site-builder No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation CRITICAL" "analytics-for-wp No.known.fix Admin+.Stored.XSS LOW" "awesome-event-booking 2.7.5 Missing.Authorization MEDIUM" "awesome-event-booking 2.8.0 Cross-Site.Request.Forgery MEDIUM" "awesome-event-booking 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "alter No.known.fix Cross-Site.Request.Forgery MEDIUM" "ajar-productions-in5-embed 3.1.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "apus-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update.in.import_page_options HIGH" "api-info-themes-plugins-wp-org 1.05 Reflected.Cross-Site.Scripting MEDIUM" "add-actions-and-filters No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-actions-and-filters 2.10 Reflected.XSS HIGH" "add-actions-and-filters 2.10 Settings.Update.via.CSRF MEDIUM" "add-actions-and-filters No.known.fix Admin+.Stored.XSS MEDIUM" "ad-blocking-detector No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "all-404-redirect-to-homepage 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "all-404-redirect-to-homepage 1.21 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "autocomplete-address-and-location-picker-for-woocommerce 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "autocomplete-address-and-location-picker-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-pdf-generator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "awesome-weather No.known.fix Contributor+.Stored.XSS MEDIUM" "awesome-weather No.known.fix Reflected.Cross-site.Scripting.(XSS) HIGH" "animated-svg 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "akismet 3.1.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "aforms-eats 1.3.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "azz-anonim-posting No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "admin-custom-login 3.2.8 CSRF.to.Stored.XSS HIGH" "all-in-one-wp-migration-dropbox-extension 3.76 Unauthenticated.Access.Token.Update MEDIUM" "addify-product-labels-and-stickers 1.1.0 Multiple.CSRF MEDIUM" "amp-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "addify-custom-registration-forms-builder 1.0.2 Multiple.CSRF MEDIUM" "awesome-support No.known.fix Missing.Authorization MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.7 Insufficient.Authorization.via.wpas_can_delete_attachments() MEDIUM" "awesome-support 6.1.8 Missing.Authorization.via.wpas_get_users() MEDIUM" "awesome-support 6.1.8 Authenticated.(Subscriber+).SQL.Injection HIGH" "awesome-support 6.1.8 Missing.Authorization.via.editor_html() MEDIUM" "awesome-support 6.1.6 Missing.Authorization.via.wpas_load_reply_history MEDIUM" "awesome-support 6.1.6 Cross-Site.Request.Forgery MEDIUM" "awesome-support 6.1.8 Missing.Authorization MEDIUM" "awesome-support 6.1.11 Missing.Authorization MEDIUM" "awesome-support 6.1.5 Missing.Authorization.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Cross-Site.Request.Forgery.via.wpas_edit_reply_ajax() MEDIUM" "awesome-support 6.1.5 Insufficient.permission.check.in.wpas_edit_reply MEDIUM" "awesome-support 6.1.5 Submitter+.Arbitrary.File.Deletion CRITICAL" "awesome-support 6.1.5 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.1.2 Subscriber+.Arbitrary.Exported.Tickets.Download MEDIUM" "awesome-support 6.0.8 Authenticated.Stored.XSS MEDIUM" "awesome-support 6.0.7 Reflected.Cross-Site.Scripting HIGH" "awesome-support 6.0.11 Reflected.Cross-Site.Scripting.(XSS) HIGH" "awesome-support 6.0.0 Stored.XSS.via.Ticket.Title MEDIUM" "awesome-support 3.1.7 XSS.&.Shortcodes.Allowed.in.Replies HIGH" "advanced-exchange-rates No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-exchange-rates No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-backgrounds 1.12.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.imageTag.Parameter MEDIUM" "annie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "annie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "app-builder 5.3.8 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "app-builder 4.3.4 Unauthenticated.Limited.SQL.Injection.via.app-builder-search MEDIUM" "app-builder 3.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode HIGH" "app-builder 3.8.8 Open.Redirection MEDIUM" "ai-seo-translator 1.6.3 Cross-Site.Request.Forgery.via.update_integration_option MEDIUM" "api-bing-map-2018 5.0 CSRF MEDIUM" "animated-typed-js-shortcode 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-admin-css No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "admin-post-navigation No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "accesspress-twitter-feed No.known.fix Delete.cache.via.CSRF MEDIUM" "accesspress-twitter-feed 1.6.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "alpine-photo-tile-for-instagram No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-facebook-like-widget 2.2.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "acf-quickedit-fields 3.2.3 Contributor+.User.Metadata.Leak.via.IDOR LOW" "add-to-feedly No.known.fix Admin+.Stored.XSS LOW" "amazing-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "authorizenet-payment-gateway-for-woocommerce No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Unauthenticated.Payment.Bypass MEDIUM" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Settings.Modifcation.and.Stored.Cross-Site.Scripting MEDIUM" "audio-merchant No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "ajax-bootmodal-login No.known.fix Captcha.Reuse MEDIUM" "advanced-nocaptcha-recaptcha 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advanced-nocaptcha-recaptcha 7.1.0 .Local.File.Inclusion.via.CSRF HIGH" "advanced-nocaptcha-recaptcha 7.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-wp-query-search-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "access-code-feeder No.known.fix CSRF MEDIUM" "amtythumb No.known.fix Subscriber+.SQLi HIGH" "aweber-web-form-widget 7.3.21 Admin+.Stored.XSS LOW" "aweber-web-form-widget 7.3.15 Authenticated.(Admin+).SQL.Injection HIGH" "aweber-web-form-widget 7.3.10 Missing.Authorization.via.AJAX.actions MEDIUM" "amp-img-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "academy 2.0.5 Missing.Authorization LOW" "academy 2.0.11 Open.Redirect MEDIUM" "academy 1.9.26 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.17 Missing.Authorization MEDIUM" "academy 1.9.20 .Authenticated.(Subscriber+).Privilege.Escalation HIGH" "addify-gift-registry-for-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "adminpad 2.2 Note.Update.via.CSRF MEDIUM" "aweber-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "alex-reservations 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-woo-labels 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-labels 1.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-library No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "authldap 2.5.9 Settings.Update.via.CSRF MEDIUM" "authldap 2.6.2 Admin+.Stored.XSS LOW" "accelerated-mobile-pages 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.99.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "accelerated-mobile-pages 1.0.97 Missing.Authorization MEDIUM" "accelerated-mobile-pages 1.0.97 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "accelerated-mobile-pages 1.0.93.2 Authenticated(Contributor+).Arbitrary.Post.Deletion.via.amppb_remove_saved_layout_data MEDIUM" "accelerated-mobile-pages 1.0.93 Unautenticated.Reflected.Cross-Site.Scripting MEDIUM" "accelerated-mobile-pages 1.0.92.1 Authenticated.(Contributor+).Cross-Site.Scripting.via.Shortcode MEDIUM" "accelerated-mobile-pages 1.0.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "accelerated-mobile-pages 1.0.77.33 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 1.0.77.32 Admin+.Stored.Cross-Site.Scripting LOW" "accelerated-mobile-pages 0.9.97.21 Stored.XSS MEDIUM" "affiliates-manager 2.9.35 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.31 Sensitive.Information.Exposure.via.Log.File MEDIUM" "affiliates-manager 2.9.32 Cross-Site.Request.Forgery.via.multiple.AJAX.actions MEDIUM" "affiliates-manager 2.9.21 Cross-Site.Request.Forgery MEDIUM" "affiliates-manager 2.9.14 Arbitrary.Affiliates.&.Creatives.Deletion.via.CSRF MEDIUM" "affiliates-manager 2.9.14 Affiliate.CSV.Injection MEDIUM" "affiliates-manager 2.9.14 Reflected.Cross-Site.Scripting MEDIUM" "affiliates-manager 2.9.14 Admin+.Stored.Cross-Site.Scripting LOW" "affiliates-manager 2.9.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "affiliates-manager 2.8.7 Admin+.SQL.injection MEDIUM" "affiliates-manager 2.7.8 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "affiliates-manager 2.6.6 CRSF.Issues MEDIUM" "athemes-starter-sites 1.0.54 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "assist24it No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-log No.known.fix CSRF MEDIUM" "admin-bar-dashboard-control 1.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "absolute-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "active-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adbuddy-adblocker-detection No.known.fix Admin+.Stored.XSS LOW" "accordions 2.2.100 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accordions 2.2.97 Missing.Authorization.to.Authenticated(Contributor+).Post.Duplication MEDIUM" "accordions 2.2.30 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "accordions 2.2.9 Unprotected.AJAX.Action.to.Stored/Reflected.XSS MEDIUM" "abcapp-creator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "autoptimize 3.1.7 Admin+.Stored.Cross-Site.Scripting.via.Settings.Import LOW" "autoptimize 3.1.0 Sensitive.Data.Disclosure MEDIUM" "autoptimize 3.1.1 Admin+.Stored.Cross.Site.Scripting LOW" "autoptimize 2.8.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "autoptimize 2.7.8 Authenticated.Stored.XSS.via.File.Upload MEDIUM" "autoptimize 2.7.8 Race.Condition.leading.to.RCE CRITICAL" "autoptimize 2.7.8 Arbitrary.File.Upload.via."Import.Settings" CRITICAL" "autoptimize 2.7.7 Authenticated.Arbitrary.File.Upload MEDIUM" "anymind-widget No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "add-custom-body-class No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ach-for-stripe-plaid No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adblock-notify-by-bweb No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adblock-notify-by-bweb No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ajax-load-more-anything 3.3.4 Subscriber+.Settings.Update MEDIUM" "autopilot 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "adminify 4.0.1.7 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "adminify 3.1.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.6 Admin+.Stored.XSS LOW" "adminify 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "adminify 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "as-create-pinterest-pinboard-pages No.known.fix Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "amministrazione-trasparente 8.0.5 Admin+.Stored.XSS LOW" "amministrazione-trasparente 7.1.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "amministrazione-trasparente 7.1.1 Cross-Site.Request.Forgery HIGH" "awesome-filterable-portfolio No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "awesome-filterable-portfolio No.known.fix Unauthenticated.Settings.Update MEDIUM" "awesome-filterable-portfolio 1.9 Authenticated.Blind.SQL.Injection HIGH" "accept-authorize-net-payments-using-contact-form-7 2.3 Unauthenticated.Information.Exposure MEDIUM" "agile-store-locator 1.4.15 Admin+.Arbitrary.File.Deletion MEDIUM" "agile-store-locator 1.4.13 Reflected.XSS HIGH" "agile-store-locator 1.4.10 Editor+.Stored.XSS LOW" "agile-store-locator 1.4.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "agile-store-locator 1.4.6 Stored.XSS.via.CSRF MEDIUM" "accurate-form-data-real-time-form-validation No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "add-from-server No.known.fix Authenticated.Path.Traversal.to.Arbitrary.File.Access HIGH" "add-from-server 3.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "analogwp-templates 1.8.1 CSRF.Nonce.Bypasses MEDIUM" "analogwp-templates 1.8.1 Cross-Site.Request.Forgery HIGH" "auxin-portfolio 2.3.5 Contributor+.Stored.XSS MEDIUM" "auxin-portfolio 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'.Grid.Portfolios' MEDIUM" "auxin-portfolio 2.3.2 Unauthenticated.Local.File.Inclusion CRITICAL" "aoi-tori No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ai-content-generation 1.2.6 Missing.Authorization MEDIUM" "add-tabs-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "adrotate 5.13.3 Admin+.Double.Extension.Arbitrary.File.Upload MEDIUM" "adrotate 5.9.1 Password.Change.via.CSRF MEDIUM" "adrotate 5.8.23 Admin+.XSS.via.Advert.Name LOW" "adrotate 5.8.23 Admin+.XSS.via.Group.Name LOW" "adrotate 5.8.22 Admin+.SQL.Injection MEDIUM" "adrotate 5.8.4 Authenticated.SQL.Injection MEDIUM" "adrotate 5.3 Authenticated.SQL.Injection HIGH" "aikit-wordpress-ai-writing-assistant-using-gpt3 No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "a1post-bg-shipping-for-woocommerce 1.5.1 Privilege.Escalation.via.CSRF HIGH" "all-in-one-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alemha-watermark No.known.fix Author+.Stored.XSS MEDIUM" "arconix-shortcodes 2.1.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arconix-shortcodes 2.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "arconix-shortcodes 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "arconix-shortcodes 2.1.12 Missing.Authorization MEDIUM" "arconix-shortcodes 2.1.11 Missing.Authorization.to.Notice.Dismissal MEDIUM" "arconix-shortcodes 2.1.8 Contributor+.Stored.XSS MEDIUM" "automatorwp 5.1.0 Reflected.Cross-Site.Scripting.via.a-0-o-search_field_value CRITICAL" "automatorwp 2.5.1 Object.Deletion.via.CSRF MEDIUM" "automatorwp 1.7.6 Missing.Authorization.and.Privilege.Escalation MEDIUM" "ajax-awesome-css No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-video-player-with-analytics No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-fitness-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-user-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automatewoo 5.7.6 Cross-Site.Request.Forgery MEDIUM" "automatewoo 5.7.6 Missing.Authorization MEDIUM" "automatewoo 5.7.2 ShopManager+.SQLi MEDIUM" "automatewoo 5.7.2 Cross-Site.Request.Forgery MEDIUM" "autocomplete-location-field-contact-form-7 3.0 Admin+.Store.Cross-Site.Scripting LOW" "accesspress-social-icons 1.8.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-social-icons 1.8.1 Authenticated.SQL.Injection HIGH" "accesspress-social-icons 1.6.8 Authenticated.SQL.Injections MEDIUM" "awesome-shortcodes 1.7.3 Reflected.XSS HIGH" "add2fav No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "azurecurve-floating-featured-image No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.4.7 Stored.XSS.via.CSRF HIGH" "ali2woo-lite 3.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.4.4 PHP.Object.Injection.via.CSRF HIGH" "ali2woo-lite 3.3.7 Reflected.Cross-Site.Scripting MEDIUM" "ali2woo-lite 3.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "ali2woo-lite 3.3.7 Missing.Authorization.via.Several.Functions MEDIUM" "album-and-image-gallery-plus-lightbox 2.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "admin-page-spider 3.32 Admin+.Stored.XSS LOW" "asf-allow-svg-files No.known.fix Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "asf-allow-svg-files 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "add-subtitle No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "artplacer-widget 2.21.2 Subscriber+.Arbitrary.Widget.Deletion MEDIUM" "artplacer-widget 2.21.2 Stored.XSS.via.CSRF HIGH" "artplacer-widget 2.20.7 Editor+.SQLi MEDIUM" "applicantpro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alphabetical-list No.known.fix Settings.Update.via.CSRF MEDIUM" "algori-pdf-viewer 1.0.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "advanced-menu-widget No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "auto-location-for-wp-job-manager 1.1 Admin+.Cross.Site.Scripting LOW" "advanced-uploader No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "ablocks 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ark-core No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "accordion-title-for-elementor 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "auto-ftp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ahmeti-wp-timeline No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "amty-thumb-recent-post No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "add-admin-javascript No.known.fix Unauthenticated.Full.Path.Dislcosure MEDIUM" "add-search-to-menu 5.5.7 Information.Exposure.via.AJAX.Search.Form MEDIUM" "add-search-to-menu 5.5.6 Subscriber+.Index.Creation MEDIUM" "add-search-to-menu 5.5.2 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.7 Reflected.Cross-Site.Scripting MEDIUM" "add-search-to-menu 5.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-search-to-menu 5.4.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "add-search-to-menu 4.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "add-search-to-menu 4.7 Reflected.Cross-Site.Scripting HIGH" "add-search-to-menu 4.6.1 Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "add-search-to-menu 4.5.11 .Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "az-content-finder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-city-selector 1.15.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "anywhere-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-search-lite 4.12.5 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.4 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.3 Admin+.Stored.XSS LOW" "ajax-search-lite 4.12.1 Admin+.Stored.XSS LOW" "ajax-search-lite 4.11.5 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Reflected.Cross-Site.Scripting HIGH" "ajax-search-lite 4.11.1 Subscriber+.Sensitive.Data.Disclosure MEDIUM" "autowp-ai-content-writer-rewriter 2.0.9 Cross-Site.Request.Forgery MEDIUM" "awesomepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-block-country No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "all-in-one-wp-migration-onedrive-extension 1.67 Unauthenticated.Access.Token.Update MEDIUM" "ad-injection No.known.fix Admin+.Stored.Cross-Site.Scripting.&.RCE HIGH" "advanced-youtube-channel-pagination No.known.fix Reflected.XSS HIGH" "altos-connect No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "acurax-social-media-widget 3.2.6 Stored.XSS.&.CSRF HIGH" "auto-refresh-single-page No.known.fix .Authenticated.(Contributor+).PHP.Object.Injection HIGH" "aawp 3.12.3 Unsafe.URL.Handling MEDIUM" "aawp 3.17.1 Reflected.Cross-Site.Scripting MEDIUM" "addify-product-dynamic-pricing-and-discounts No.known.fix Multiple.CSRF MEDIUM" "accordion-slider 1.9.13 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "accordion-slider 1.9.12 Authenticted.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Attribute MEDIUM" "auto-rename-media-on-upload 1.1.0 Admin+.Stored.XSS LOW" "ajax-search-pro 4.26.2 Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.26.2 Multiple.Reflected.Cross-Site.Scripting HIGH" "ajax-search-pro 4.19 Subscriber+.SQL.Injection HIGH" "ajax-search-pro 4.19 Stored.XSS.via.CSRF HIGH" "analyse-uploads No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "absolute-privacy No.known.fix User.Email/Password.Change.via.Cross-Site.Request.Forgery HIGH" "add-edit-delete-listing-for-member-module No.known.fix SQL.Injection HIGH" "autoship-cloud 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "autoship-cloud 2.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "authors-list 2.0.6.1 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "authors-list 2.0.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "authors-list 2.0.3 Reflected.Cross-Site.Scripting HIGH" "ari-fancy-lightbox 1.3.18 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ari-fancy-lightbox 1.3.9 Reflected.Cross-Site.Scripting MEDIUM" "admin-and-client-message-after-order-for-woocommerce 13.3 Authenticated.(Subscriber+).Limited.File.Upload.to.Cross-Site.Scripting MEDIUM" "admin-and-client-message-after-order-for-woocommerce 12.5 Missing.Authorization.to.Arbitrary.File.Upload CRITICAL" "admin-trim-interface No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "attribute-stock-for-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "acf-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "authors-autocomplete-meta-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-form No.known.fix Authenticated.(Admin+).PHP.Object.Injection HIGH" "admin-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "admin-form 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "admin-form 1.9.1 Cross-Site.Request.Forgery MEDIUM" "advanced-admin-search 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "art-picture-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "acf-blocks 2.6.10 Reflected.Cross-Site.Scripting MEDIUM" "acf-blocks 2.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "alipay No.known.fix Authenticated.SQL.Injection MEDIUM" "alert-box-block 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amp-extensions No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ai-twitter-feeds No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amazon-product-price No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "arconix-faq 1.9.5 Missing.Authorization MEDIUM" "arconix-faq 1.9.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "accesspress-social-counter 1.9.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "automatic-youtube-video-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "advanced-cf7-database No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "animate-everything No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animate-everything No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animate-everything No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "advanced-category-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "advanced-category-template No.known.fix Reflected.XSS HIGH" "admin-dashboard-rss-feed No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "audio-and-video-player 1.2.0 Player.Deletion.and.Duplication.via.CSRF MEDIUM" "auto-delete-posts No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Authenticated.(Admin+).SQL.Injection HIGH" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Bookmark.Status.Alteration MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Missing.Authorization.to.Unauthenticated.Read.Status.Update MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Cross-Site.Request.Forgery MEDIUM" "admin-side-data-storage-for-contact-form-7 No.known.fix Unauthenticated.Reflected.XSS HIGH" "animated-fullscreen-menu 2.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "abitgone-commentsafe No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "app-ads-txt 1.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "app-ads-txt 1.1.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-expires-headers 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "add-expires-headers 2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-add-to-cart-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-access-manager 6.9.21 Reflected.XSS HIGH" "advanced-access-manager 6.9.21 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-access-manager 6.9.19 Open.Redirect MEDIUM" "advanced-access-manager 6.9.19 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.9.16 Contributor+.Stored.XSS MEDIUM" "advanced-access-manager 6.8.0 Admin+.Stored.Cross-Site.Scripting LOW" "advanced-access-manager 6.6.2 Authenticated.Information.Disclosure MEDIUM" "advanced-access-manager 6.6.2 Authenticated.Authorization.Bypass.and.Privilege.Escalation HIGH" "advanced-access-manager 5.9.9 Unauthenticated.Local.File.Inclusion CRITICAL" "advanced-access-manager 3.2.2 Privilege.Escalation HIGH" "amazon-associate-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-live-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-forms 1.9.3.3 Missing.Authorization.to.Unauthenticated.Form.Settings.Export MEDIUM" "advanced-forms 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "auto-thickbox-plus No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-ajax-page-loader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "advanced-ajax-page-loader 2.7.7 Unauthenticated.Uploaded.File.Disclosure MEDIUM" "authentication-via-otp-using-firebase No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "amr-shortcode-any-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "aiify 0.1.0 Reflected.Cross-Site.Scripting MEDIUM" "any-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "any-popup No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "astra-pro-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-pro-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "affiliate-power 2.3.0 Reflected.Cross-Site.Scripting HIGH" "avenirsoft-directdownload No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "athemes-addons-for-elementor-lite 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "athemes-addons-for-elementor-lite 1.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "athemes-addons-for-elementor-lite 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-social-share 4.5.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ari-stream-quiz 1.3.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Cross-Site.Request.Forgery MEDIUM" "ari-stream-quiz 1.3.0 Contributor+.Stored.XSS MEDIUM" "ari-stream-quiz 1.3.3 Contributor+.Content.Injection LOW" "amcharts-charts-and-maps 1.4.5 Reflected.Cross-Site.Scripting.via.Cross-Site.Request.Forgery MEDIUM" "amcharts-charts-and-maps 1.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "auto-hyperlink-urls No.known.fix Tab.Nabbing MEDIUM" "addonify-quick-view 1.2.17 Unauthenticated.Full.Path.Dislcosure MEDIUM" "addify-order-approval-woocommerce 1.1.0 Multiple.CSRF MEDIUM" "ai-image-generator 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "aoa-downloadable No.known.fix Unauthenticated.SSRF HIGH" "aoa-downloadable No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "author-bio-box 3.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "auction-nudge 7.2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "allpost-contactform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "arkhe-blocks 2.27.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block.attributes MEDIUM" "arkhe-blocks 2.27.0 Contributor+.Stored.XSS MEDIUM" "arkhe-blocks 2.23.0 Contributor+.Stored.XSS MEDIUM" "amr-users 4.59.4 Admin+.Stored.Cross-Site.Scripting LOW" "awsom-news-announcement No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "advertising-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "add-local-avatar No.known.fix Cross-Site.Request.Forgery.via.manage_avatar_cache MEDIUM" "animated-text-block 1.0.8 Missing.Authorization MEDIUM" "akismet-htaccess-writer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "anant-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apperr 0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accessibility-checker 1.2.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "albo-pretorio-on-line No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "albo-pretorio-on-line No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "albo-pretorio-on-line 4.6.4 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.2 Reflected.XSS HIGH" "albo-pretorio-on-line 4.6.1 Reflected.XSS HIGH" "awesome-contact-form7-for-elementor 3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-contact-form7-for-elementor 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AEP.Contact.Form.7.Widget MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "abc-notation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aicomments 1.4.2 Cross-Site.Request.Forgery MEDIUM" "add-custom-css-and-js No.known.fix Stored.XSS.via.CSRF HIGH" "adwork-media-ez-content-locker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "arena-liveblog-and-chat-tool No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "arena-liveblog-and-chat-tool No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arena_embed_amp.Shortcode MEDIUM" "arena-liveblog-and-chat-tool 0.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "arforms-form-builder 1.7.2 HTML.Injection MEDIUM" "arforms-form-builder 1.7.1 Unauthenticated.Stored.XSS MEDIUM" "arforms-form-builder 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "arforms-form-builder 1.6.5 Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Option.Deletion HIGH" "arforms-form-builder 1.6.2 Missing.Authorization MEDIUM" "arforms-form-builder 1.6.2 Cross-Site.Request.Forgery MEDIUM" "arforms-form-builder 1.5.9 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5.7 Unauthenticated.Stored.XSS HIGH" "arforms-form-builder 1.5 Admin+.Stored.Cross.Site.Scripting LOW" "ark-wysiwyg-comment-editor No.known.fix Iframe.Injection.via.Comment LOW" "apply-with-linkedin-buttons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "apply-with-linkedin-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ads-for-wp 1.9.29 Cross-Site.Request.Forgery MEDIUM" "all-in-menu No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "age-gate 2.17.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.20.4 Reflected.Cross-Site.Scripting MEDIUM" "age-gate 2.17.1 Unauthenticated.Import.Settings CRITICAL" "age-gate 2.16.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "age-gate 2.13.5 Unauthenticated.Open.Redirect LOW" "ad-inserter-pro 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter-pro 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter-pro 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "adif-log-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-studio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-options-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alojapro-widget 1.1.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "acf-better-search 3.3.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "advanced-form-integration 1.100.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.100.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.97.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.92.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.89.6 Cross-Site.Request.Forgery MEDIUM" "advanced-form-integration 1.82.6 SQL.Injection.to.Reflected.Cross-Site.Scripting.via.integration_id MEDIUM" "advanced-form-integration 1.76.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "advanced-form-integration 1.69.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-form-integration 1.63.0 Admin+.Stored.XSS LOW" "advanced-form-integration 1.49.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "adl-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ai-assistant-by-10web 1.0.19 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "ai-contact-us No.known.fix Admin+.Stored.XSS LOW" "avcp No.known.fix Cross-Site.Request.Forgery.via.settings.php MEDIUM" "avcp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "avcp No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "adthrive-ads 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "adthrive-ads 3.7.1 Missing.Authorization.to.Unauthenticated.Data/Settings.Reset MEDIUM" "archivist-custom-archive-templates 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "archivist-custom-archive-templates No.known.fix Reflected.XSS HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Stored.XSS.via.CSRF HIGH" "archivist-custom-archive-templates 1.7.5 Custom.Archive.Templates.<.1.7.5.-.Admin+.Stored.XSS LOW" "advanced-floating-content 3.8.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "add-to-any 1.7.48 Admin+.Stored.Cross-Site.Scripting LOW" "add-to-any 1.7.46 Admin+.Stored.XSS MEDIUM" "auto-tag-links No.known.fix Cross-Site.Request.Forgery MEDIUM" "api2cart-bridge-connector 1.2.0 Unauthenticated.RCE CRITICAL" "api2cart-bridge-connector 1.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "auto-date-year-month 2.0.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "auto-date-year-month 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "amr-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-quick-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-quick-panel 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accordion-image-menu No.known.fix Stored.XSS.via.CSRF HIGH" "advanced-visual-elements 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "announcekit No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-anonymous-post No.known.fix Contributor+.Arbitrary.Redirect LOW" "accesspress-anonymous-post 2.8.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "automate-hub-free-by-sperse-io No.known.fix Cross-Site.Request.Forgery.to.Activation.Status.Update MEDIUM" "automate-hub-free-by-sperse-io No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-engine 2.6.5 Admin+.SQLi MEDIUM" "ai-engine 2.4.8 Admin+.SQLi MEDIUM" "ai-engine 2.5.1 Admin+.RCE MEDIUM" "ai-engine 2.4.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.70 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "ai-engine 2.1.5 Authenticated.(Editor+).Server-Side.Request.Forgery MEDIUM" "ai-engine 2.2.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ai-engine 2.1.5 Editor+.Arbitrary.File.Upload.via.add_image_from_url MEDIUM" "ai-engine 1.9.99 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ai-engine 1.6.83 Admin+.Stored.XSS LOW" "all-in-one-favicon 4.7 Multiple.Stored.Authenticated.XSS MEDIUM" "add-custom-content-after-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "amin-chat-button 1.4.2 Stored.XSS.via.CSRF HIGH" "all-in-one-wp-migration 7.90 Unauthenticated.PHP.Object.Injection HIGH" "all-in-one-wp-migration 7.87 Authenticated.(Administrator+).Arbitrary.PHP.Code.Injection HIGH" "all-in-one-wp-migration 7.87 Unauthenticated.Information.Disclosure.via.Error.Logs MEDIUM" "all-in-one-wp-migration 7.63 Unauthenticated.Reflected.XSS MEDIUM" "all-in-one-wp-migration 7.59 Admin+.File.Deletion.on.Windows.Hosts.via.Path.Traversal MEDIUM" "all-in-one-wp-migration 7.41 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "all-in-one-wp-migration 7.15 Arbitrary.Backup.Download HIGH" "all-in-one-wp-migration 7.0 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "all-in-one-wp-migration 6.46 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-wp-migration 2.0.5 Unauthenticated.Database.Export HIGH" "authenticator 1.3.1 Subscriber+.Denial.of.Service.via.Feed.Token.Disclosure MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Missing.Authorization MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.1 Cross-Site.Request.Forgery MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "add-fields-to-checkout-page-woocommerce 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "aparat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amazonify No.known.fix Cross-Site.Request.Forgery.to.Amazon.Tracking.ID.Update MEDIUM" "amazonify No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "addify-custom-fields-for-woocommerce 1.0.4 Multiple.CSRF MEDIUM" "admin-options-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-what-should-we-write-about-next No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "advanced-what-should-we-write-about-next No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ad-inserter 2.8.1 Ad.Manager.and.AdSense.Ads..<.2.8.1.-.Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.7.38 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.31 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ad-inserter 2.7.27 Admin+.PHP.Object.Injection LOW" "ad-inserter 2.7.12 Reflected.Cross-Site.Scripting LOW" "ad-inserter 2.7.11 Admin+.RCE./.Stored.XSS MEDIUM" "ad-inserter 2.7.10 Reflected.Cross-Site.Scripting MEDIUM" "ad-inserter 2.4.22 Authenticated.Remote.Code.Execution HIGH" "ad-inserter 2.4.20 Authenticated.Path.Traversal HIGH" "ad-inserter 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "accessibility-task-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "addify-order-tracking-for-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "advanced-cron-manager 2.5.10 Missing.Authorization MEDIUM" "advanced-cron-manager 2.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "advanced-cron-manager 2.5.7 Admin+.Stored.XSS LOW" "advanced-cron-manager 2.4.2 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "all-in-one-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-content-generator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "availability-calendar No.known.fix Cross-Site.Request.Forgery.via.add_availability_calendar_create_admin_page() MEDIUM" "availability-calendar 1.2.1 Authenticated.SQL.Injection HIGH" "availability-calendar 1.2.2 Authenticated.Stored.Cross-Site.Scripting LOW" "arca-payment-gateway 1.3.4 Stored.XSS.via.CSRF HIGH" "advanced-local-pickup-for-woocommerce 1.6.2 Missing.Authorization.to.Notice.Dismissal MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.3 Missing.Authorization MEDIUM" "advanced-local-pickup-for-woocommerce 1.6.0 Authenticated.(Administrator+).SQL.Injection HIGH" "aryo-activity-log 2.11.2 Unauthenticated.Stored.XSS.via.Event.Context HIGH" "aryo-activity-log 2.8.8 IP.Spoofing MEDIUM" "aryo-activity-log 2.8.4 CSV.Injection LOW" "aryo-activity-log 2.7.0 Authenticated.SQL.Injection MEDIUM" "aryo-activity-log 2.4.1 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS).in.'page' MEDIUM" "aryo-activity-log 2.3.3 Cross-Site.Scripting.(XSS) MEDIUM" "activitypub 1.0.6 Unauthenticated.REST.API.Access MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "activitypub 1.0.1 Contributor+.Stored.XSS MEDIUM" "activitypub 1.0.0 Subscriber+.Arbitrary.Post.Title.Disclosure MEDIUM" "activitypub 1.0.0 Contributor+.Stored.XSS MEDIUM" "addify-checkout-fields-manager 1.0.2 Multiple.CSRF MEDIUM" "age-verification-screen-for-woocommerce 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "age-verification-screen-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "acnoo-flutter-api No.known.fix Authentication.Bypass CRITICAL" "awesome-timeline No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "advanced-blog-post-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "article-directory No.known.fix Admin+.Stored.XSS LOW" "article2pdf No.known.fix Multiple.Vulnerabilities CRITICAL" "addon-elements-for-elementor-page-builder 1.14 Contributor+.Sensitive.Information.Disclosure LOW" "addon-elements-for-elementor-page-builder 1.13.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.table_saved_sections MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Missing.Authorization MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.eae_slider_animation.Parameters MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Twitter.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.13.4 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.13.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13.3 Contributor+.DOM-Based.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.12.11 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.to.LFI HIGH" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Modal.Popup.effet MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Content.Switcher.Widget MEDIUM" "addon-elements-for-elementor-page-builder 1.12.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Admin+.Stored.XSS LOW" "addon-elements-for-elementor-page-builder 1.12.8 Settings.Update.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Unauthenticated.Post.ID/Tile.Disclosure MEDIUM" "addon-elements-for-elementor-page-builder 1.12.8 Elementor.Addon.Element.Enabling/Disabling.via.CSRF MEDIUM" "addon-elements-for-elementor-page-builder 1.12 Reflected.Cross-Site.Scripting MEDIUM" "addon-elements-for-elementor-page-builder 1.11.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addon-elements-for-elementor-page-builder 1.11.8 CSRF.Bypass LOW" "addon-elements-for-elementor-page-builder 1.11.2 Contributor+.Stored.XSS MEDIUM" "addon-elements-for-elementor-page-builder 1.6.4 CSRF.&.XSS LOW" "addify-price-calculator-for-woocommerce No.known.fix Multiple.CSRF MEDIUM" "accommodation-system No.known.fix Subscriber+.Unauthorised.Actions MEDIUM" "advanced-cron-manager-pro 2.5.3 Subscriber+.Arbitrary.Events/Schedules.Creation/Deletion MEDIUM" "aviary-image-editor-add-on-for-gravity-forms No.known.fix Unauthenticated.File.Upload CRITICAL" "admin-cleanup No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "arprice 4.2 Reflected.Cross-Site.Scripting HIGH" "arprice 4.2 Unauthenticated.PHP.Object.Injection HIGH" "arprice 4.2 Subscriber+.PHP.Object.Injection HIGH" "arprice 4.2 Unauthenticated.SQL.Injection HIGH" "arprice 4.2 Subscriber+.SQLi HIGH" "altra-side-menu No.known.fix Admin+.SQL.Injection MEDIUM" "altra-side-menu No.known.fix Abitrary.Menu.Deletion.via.CSRF MEDIUM" "aajoda-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aajoda-testimonials 2.2.2 Admin+.Stored.XSS LOW" "affiliate-ads-builder-for-clickbank-products 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-custom-fields 6.3.6.3 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields 6.3.6.3 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields 5.8.12 Cross-Site.Scripting.in.Select2.dropdowns MEDIUM" "advanced-custom-fields 5.7.12 Unserialize.of.user.input MEDIUM" "addressbook No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "aphorismus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Paypal.Email.Update.via.IDOR MEDIUM" "affiliate-for-woocommerce 4.8.0 Subscriber+.Unauthorised.Actions MEDIUM" "acf-to-rest-api 3.3.0 Unauthenticated.Arbitrary.wp_options.Disclosure MEDIUM" "accordion-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "automatic-pages-for-privacy-policy-terms-about-and-contact 1.42 Reflected.Cross-Site.Scripting MEDIUM" "acf-extended 0.8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "acf-extended 0.8.8.7 Admin+.SQL.Injection MEDIUM" "affiliate-links-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Missing.Authorization.to.Unauthenticated.Ad.Status.Update MEDIUM" "adfoxly No.known.fix Cross-Site.Request.Forgery MEDIUM" "adfoxly No.known.fix Reflected.XSS HIGH" "adfoxly 1.7.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addfreestats No.known.fix Admin+.Stored.XSS LOW" "aa-calculator No.known.fix Reflected.Cross-Site.Scripting.via.invoice MEDIUM" "advanced-wp-columns No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "addify-custom-order-number 1.2.0 Multiple.CSRF MEDIUM" "alt-report No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "analytics-insights 6.3 Open.Redirect MEDIUM" "ays-facebook-popup-likebox 3.7.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "ays-facebook-popup-likebox 3.5.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "ays-facebook-popup-likebox 3.5.3 Page.Plugin.<.3.5.3.-.Authenticated.Blind.SQL.Injections HIGH" "accessibe 2.6 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-downloader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-downloader No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-woo-search 2.97 Reflected.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.78 Admin+.Stored.Cross-Site.Scripting MEDIUM" "advanced-woo-search 2.00 SQL.query.leak.in.ajax.search NONE" "awesome-social-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "abeta-punchout 1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "abeta-punchout 1.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-sms-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "adstxt No.known.fix Settings.Update.via.CSRF MEDIUM" "asgaros-forum 2.9.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.8.0 Unauthenticated.PHP.Object.Injection.in.prepare_unread_status CRITICAL" "asgaros-forum 2.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "asgaros-forum 2.2.0 Cross-Site.Request.Forgery MEDIUM" "asgaros-forum 2.0.0 Subscriber+.Blind.SQL.Injection HIGH" "asgaros-forum 1.15.15 Admin+.SQL.Injection.via.forum_id MEDIUM" "asgaros-forum 1.15.14 Admin+.Stored.Cross-Site.Scripting LOW" "asgaros-forum 1.15.13 Unauthenticated.SQL.Injection HIGH" "affiliate-advantage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "academist-membership 1.2 Authentication.Bypass CRITICAL" "allaccessible 1.3.5 Subscriber+.Privilege.Escalation HIGH" "allaccessible 1.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "addify-product-stock-manager 1.0.5 Subscriber+.Unauthorised.AJAX.Calls HIGH" "advanced-dynamic-pricing-for-woocommerce 4.9.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Rule.Type.Migration.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.6 Settings.Import.via.CSRF MEDIUM" "advanced-dynamic-pricing-for-woocommerce 4.1.4 Settings.Update.via.CSRF MEDIUM" "am-hili-affiliate-manager-for-publishers No.known.fix Admin+.Stored.XSS LOW" "advanced-ads 1.52.2 Authenticated.(Admin+).PHP.Object.Injection HIGH" "advanced-ads 1.52.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Ad.Widget MEDIUM" "advanced-ads 1.32.0 Admin+.Stored.XSS MEDIUM" "advanced-ads 1.17.4 Reflected.XSS.via.Admin.Dashboard MEDIUM" "angwp 1.5.6 Unauthenticated.Arbitrary.File.Upload/Deletion CRITICAL" "advanced-control-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-control-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-post-list No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ar-contactus 1.8.8 Authenticated.Stored.Cross-Site.Scripting CRITICAL" "amazon-einzeltitellinks No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "attire-blocks 1.9.7 Cross-Site.Request.Forgery MEDIUM" "attire-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "attire-blocks 1.9.3 Missing.Authorization MEDIUM" "advanced-forms-pro 1.6.9 Subscriber+.Arbitrary.User.Email.Address.Update.via.IDOR HIGH" "airpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "airpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-notices-manager 1.5.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "ajax-archive-calendar 2.6.8 Contributor+.Stored.XSS MEDIUM" "allow-rel-and-html-in-author-bios No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.3 Ajax.Load.More.<.7.1.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 7.1.2 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "ajax-load-more 7.0.2 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ajax-load-more 7.1.0 Authenticated.(Admin+).Directory.Traversal.to.Arbitrary.File.Read MEDIUM" "ajax-load-more 6.2 Ajax.Load.More.<.6.2.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.6.0.3 Ajax.Load.More.<.5.6.0.3.-.Contributor+.Stored.XSS MEDIUM" "ajax-load-more 5.5.4.1 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.5.4 PHAR.Deserialization.via.CSRF HIGH" "ajax-load-more 5.5.4 Admin+.Arbitrary.File.Read MEDIUM" "ajax-load-more 5.3.2 Authenticated.SQL.Injection CRITICAL" "abbs-bing-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "atarapay-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animated-al-list No.known.fix Reflected.XSS HIGH" "access-category-password No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automatic-post-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatic-post-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "anac-xml-viewer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "auxin-shop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "acf-options-importexport No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "a3-portfolio 3.1.1 Author+.Stored.XSS MEDIUM" "auto-login-when-resister No.known.fix Settings.Update.via.CSRF MEDIUM" "amazing-neo-icon-font-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "acf-on-the-go No.known.fix .Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "auto-tag-creator No.known.fix Missing.Authorization.via.tag_save_settings_callback MEDIUM" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "afterpay-gateway-for-woocommerce 3.2.1 Reflected.Cross-Site.Scripting HIGH" "auto-poster No.known.fix Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "addons-for-elementor 8.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.piechart_settings.Parameter MEDIUM" "addons-for-elementor 8.4.1 Authenticated.(Contributor+).Limited.Local.File.Inclusion.via.Widgets HIGH" "addons-for-elementor 8.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Marquee.Text.Widget,.Testimonials.Widget,.and.Testimonial.Slider.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Various.Widgets MEDIUM" "addons-for-elementor 8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Grid MEDIUM" "addons-for-elementor 8.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "addons-for-elementor 8.3.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget._id.attribute MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Slider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Multislider.Widget MEDIUM" "addons-for-elementor 8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Posts.Carousel.Widget MEDIUM" "addons-for-elementor 8.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.animated_text_class MEDIUM" "addons-for-elementor 8.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-elementor 8.3.2 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 7.9 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-elementor 7.2.4 Admin+.Stored.XSS LOW" "addons-for-elementor 7.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addons-for-elementor 6.8 Contributor+.Stored.XSS MEDIUM" "addons-for-elementor 2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "apk-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross.Site.Scripting MEDIUM" "advance-wc-analytics 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "advance-wc-analytics 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-fancybox No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "ab-press-optimizer-lite No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "all-in-one-seo-pack 4.6.1.1 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Contributor+.Stored.XSS MEDIUM" "all-in-one-seo-pack 4.3.0 Admin+.Stored.XSS LOW" "all-in-one-seo-pack 4.2.4 Multiple.CSRF MEDIUM" "all-in-one-seo-pack 4.1.5.3 Authenticated.Privilege.Escalation CRITICAL" "all-in-one-seo-pack 4.1.5.3 Authenticated.SQL.Injection HIGH" "all-in-one-seo-pack 4.1.0.2 Admin.RCE.via.unserialize MEDIUM" "all-in-one-seo-pack 3.6.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "all-in-one-seo-pack 3.2.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "all-in-one-seo-pack 2.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "appsero-helper 1.3.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "appsplate No.known.fix Unauthenticated.SQL.Injection HIGH" "attachment-file-icons No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "advanced-database-cleaner 3.1.4 Administrator+.PHP.Object.Injection MEDIUM" "advanced-database-cleaner 3.1.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "advanced-database-cleaner 3.1.2 Settings.Update.via.CSRF MEDIUM" "advanced-database-cleaner 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.4 Reflected.Cross-Site.Scripting MEDIUM" "advanced-database-cleaner 3.0.2 Authenticated.SQL.injection MEDIUM" "alley-business-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alley-business-toolkit 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "appointment-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment-calendar No.known.fix CSRF MEDIUM" "auto-featured-image No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "admin-columns-pro 5.5.1 Admin+.Stored.XSS.in.Label LOW" "admin-columns-pro 5.5.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "affiliatebooster-blocks 3.0.6 Blocks.Enabling/Disabling.via.CSRF MEDIUM" "awesome-tool-tip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ach-invoice-app No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "anchor-episodes-index 2.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.anchor_episodes.Shortcode MEDIUM" "anchor-episodes-index 2.1.8 Admin+.Stored.XSS LOW" "advance-menu-manager 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "advance-menu-manager 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "advance-menu-manager 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advance-menu-manager 3.0 Unauthorised.Menu.Edition.via.CSRF MEDIUM" "advance-menu-manager 3.0.7 Unauthorised.Menu.Creation/Deletion MEDIUM" "author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "auto-more-tag No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "anyvar No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "auto-post-woocommerce-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "amen No.known.fix Admin+.Stored.XSS LOW" "advanced-event-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "audio-text No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "api-key-for-google-maps 1.2.2 Arbitrary.API.Key.Update.via.CSRF MEDIUM" "auto-hide-admin-bar 1.6.2 Admin+.Stored.XSS LOW" "affiliate-disclosure-statement No.known.fix Cross-Site.Request.Forgery MEDIUM" "ai-content-writing-assistant 1.1.7 CSRF MEDIUM" "api-bearer-auth 20190908 Unauthenticated.Reflected.XSS MEDIUM" "amazon-link No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "adsanity 1.8.2 Contributor.Arbitrary.File.Upload CRITICAL" "a-gateway-for-pasargad-bank-on-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autocomplete-location-field-contact-form-7-pro 2.0 Admin+.Store.Cross-Site.Scripting LOW" "aa-audio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "avectra-netforum-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "avectra-netforum-single-sign-on 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ab-categories-search-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ai-content 1.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "add-social-share-buttons 1.1 CSRF.to.Settings.Change MEDIUM" "acf-images-search-and-insert No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "amp-plus No.known.fix Reflected.Cross.Site.Scripting HIGH" "all-in-one-performance-accelerator No.known.fix Missing.Authorization MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery MEDIUM" "astra-import-export 1.0.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "all-users-messenger No.known.fix Subscriber+.Message.Deletion.via.IDOR MEDIUM" "analytics-cat 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "analytics-cat 1.1.0 Settings.Update.via.CSRF MEDIUM" "abwp-simple-counter No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "add-facebook No.known.fix Author+.Stored.XSS MEDIUM" "add-facebook No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting] MEDIUM" "awesome-ssl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "awesome-ssl No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "automatically-hierarchic-categories-in-menu 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "automatically-hierarchic-categories-in-menu 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "assistant 1.5.1.1 Authenticated.(Editor+).PHP.Object.Injection HIGH" "assistant 1.4.9.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "assistant 1.4.4 Editor+.SSRF MEDIUM" "ajax-random-posts No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "aw-woocommerce-kode-pembayaran No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.25.18 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.25.2 Unauthenticated.SQL.Injection MEDIUM" "acf-frontend-form-element 3.25.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "acf-frontend-form-element 3.25.1 Unauthenticated.Privilege.Escalation HIGH" "acf-frontend-form-element 3.19.5 Improper.Missing.Encryption.Exception.Handling.to.Form.Manipulation CRITICAL" "acf-frontend-form-element 3.18.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "acf-frontend-form-element 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "acf-frontend-form-element 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "animated-headline No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "acme-fix-images 2.0.0 Subscriber+.Image.Resizing MEDIUM" "adirectory 2.3.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "adirectory 1.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "anonymize-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "an-gradebook No.known.fix Subscriber+.SQLi HIGH" "an-gradebook No.known.fix Admin+.XSS LOW" "advanced-notifications 1.2.8 Missing.Authorization MEDIUM" "affiliateimportereb No.known.fix Reflected.XSS HIGH" "affiliateimportereb No.known.fix Reflected.XSS.via.Search HIGH" "article-directory-redux No.known.fix Admin+.Stored.XSS LOW" "auto-excerpt-everywhere No.known.fix Cross-Site.Request.Forgery MEDIUM" "aio-contact No.known.fix Missing.Authorization MEDIUM" "aio-contact No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "aruba-hispeed-cache 2.0.13 Missing.Authorization MEDIUM" "aruba-hispeed-cache 2.0.7 Unauthenticated.Log.File.Access MEDIUM" "activecampaign-for-woocommerce 1.9.8 Subscriber+.Error.Log.Cleanup MEDIUM" "amministrazione-aperta 3.8 Admin+.LFI LOW" "accordion-slider-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "announce-from-the-dashboard 1.5.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "announce-from-the-dashboard 1.5.2 Admin+.Stored.XSS LOW" "ajax-content-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "activecampaign-subscription-forms 8.1.15 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "activecampaign-subscription-forms 8.1.12 Contributor+.Stored.XSS MEDIUM" "activecampaign-subscription-forms 8.0.2 Cross-Site.Request.Forgery.in.Settings HIGH" "allada-tshirt-designer-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "ag-custom-admin 7.2.4 Admin+.SSRF MEDIUM" "ag-custom-admin 7.2.2 Admin+.Stored.XSS.via.Image.URL LOW" "ag-custom-admin 7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ag-custom-admin 6.9.2 AGCA.<.6.9.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "ag-custom-admin 6.5.5 CSRF.&.XSS LOW" "affiliate-solution No.known.fix Admin+.Stored.XSS LOW" "admin-font-editor No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "advanced-text-widget No.known.fix Admin+.Stored.XSS LOW" "anywhere-elementor 1.2.12 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "anywhere-elementor 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "anywhere-elementor 1.2.8 Freemius.API.Key.Disclosure MEDIUM" "anywhere-elementor 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "avif-support 1.1.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "avif-support 1.1.1 Author+.Stored.XSS.via.SVG.Uplaod MEDIUM" "all-push-notification No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "amberlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "alphabetic-pagination 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "alphabetic-pagination 3.0.8 Unauthenticated.Arbitrary.Option.Update CRITICAL" "addons-for-divi 4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "addons-for-divi 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "addons-for-divi 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-divi 3.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "apa-register-newsletter-form No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "auto-limit-posts-reloaded No.known.fix Cross-Site.Request.Forgery MEDIUM" "alttext-ai 1.5.0 Authenticated.(Subscriber+).SQL.Injection HIGH" "alttext-ai 1.3.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "add-image-to-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "appexperts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appexperts 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ab-rankings-testing-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "augmented-reality No.known.fix Unauthenticated.PHP.File.Upload.leading.to.RCE CRITICAL" "ai-post-generator No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Post/Page.Deletion MEDIUM" "ai-post-generator 3.4 Subscriber+.Posts.Read/Creation/Deletion MEDIUM" "addons-for-beaver-builder 3.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-beaver-builder 2.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-google-recaptcha 1.28 Built-in.Math.CAPTCHA.Bypass MEDIUM" "advanced-google-recaptcha 1.26 Brute.Force.Protection.IP.Unblock LOW" "advanced-iframe 2024.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "advanced-iframe 2024.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-iframe 2024.0 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2023.9 Contributor+.Stored.XSS MEDIUM" "advanced-iframe 2022 Reflected.Cross-Site.Scripting MEDIUM" "autotitle-for-wordpress No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "auto-youtube-importer 1.0.4 Settings.Update.via.CSRF MEDIUM" "accesspress-twitter-auto-post 1.4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "animate-it 2.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "animate-it 2.3.6 XSS HIGH" "allow-php-in-posts-and-pages No.known.fix Authenticated.Remote.Code.Execution.(RCE) CRITICAL" "ai-postpix 1.1.8.1 Subscriber+.Arbitrary.File.Upload HIGH" "adicons No.known.fix Admin+.SQL.Injection MEDIUM" "advance-search No.known.fix Admin+.SQL.Injection MEDIUM" "advance-search No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "advance-search 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.AJAX.Calls MEDIUM" "ays-chatgpt-assistant 2.1.0 Unauthenticated.OpenAI.Key.Disclosure HIGH" "all-custom-fields-groups 1.05 Reflected.Cross-Site.Scripting MEDIUM" "admin-word-count-column No.known.fix Unauthenticated.Arbitrary.File.Read MEDIUM" "addons-for-elementor-builder 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "amr-personalise No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "awsm-team 1.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "affiliate-pro No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "amazonsimpleadmin 1.5.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "ars-affiliate-page 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "add-widget-after-content 2.5 Admin+.Stored.XSS LOW" "about-author-box 1.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "arcadeready No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ar-for-wordpress 7.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ar-for-wordpress 7.4 Missing.Authorization.to.Unauthenticated.Limited.File.Upload LOW" "ar-for-wordpress 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "amazon-product-in-a-post-plugin 3.5.3 Unauthenticated.SQL.Injection CRITICAL" "advanced-wp-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-wp-table 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addify-free-gifts-woocommerce 1.0.2 Multiple.CSRF MEDIUM" "apollo13-framework-extensions 1.9.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "apollo13-framework-extensions 1.9.2 Cross-Site.Request.Forgery MEDIUM" "apollo13-framework-extensions 1.9.1 Contributor+.Stored.XSS MEDIUM" "apollo13-framework-extensions 1.9.0 Missing.Authorization MEDIUM" "astra-addon 4.3.2 Authenticated(Contributor+).Remote.Code.Execution.via.Metabox HIGH" "astra-addon 3.5.2 Unauthenticated.SQL.Injection HIGH" "audio-player-with-playlist-ultimate 1.3 Contributor+.Stored.XSS MEDIUM" "additional-order-filters-for-woocommerce 1.22 Reflected.Cross-Site.Scripting MEDIUM" "additional-order-filters-for-woocommerce 1.12 Reflected.XSS HIGH" "auto-upload-images 3.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "auto-upload-images 3.3.1 CSRF MEDIUM" "apptivo-business-site No.known.fix Cross-Site.Request.Forgery.to.IP.Address.Block MEDIUM" "apptivo-business-site 3.0.14 Admin+.Stored.XSS LOW" "addthis 5.0.13 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "acf-front-end-editor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Update MEDIUM" "adaptive-images 0.6.69 Reflected.Cross-Site.Scripting MEDIUM" "adaptive-images 0.6.67 Local.File.Inclusion.&.Deletion HIGH" "affiliate-coupons 1.7.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "addendio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "addendio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "addons-for-visual-composer 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "addons-for-visual-composer 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "addons-for-visual-composer 3.6 Contributor+.Stored.XSS MEDIUM" "addons-for-visual-composer 3.3 Reflected.Cross-Site.Scripting MEDIUM" "addons-for-visual-composer 2.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-floating-content-lite 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-floating-content-lite 1.2.2 Contributor+.XSS MEDIUM" "alma-gateway-for-woocommerce 5.2.1 Contributor+.Stored.XSS MEDIUM" "add-ribbon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "affiliatex 1.2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "autolisticle-automatically-update-numbered-list-articles 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "activity-log-mainwp 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "activity-log-mainwp 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "analytics-tracker 1.1.1 XSS MEDIUM" "auto-listings 2.6.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "adsense-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "adsense-plugin 1.44 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "adsense-click-fraud-monitoring No.known.fix XSS MEDIUM" "avalex 3.0.9 Missing.Authorization MEDIUM" "avalex 3.0.4 Admin+.Stored.XSS LOW" "auto-post-thumbnail 4.1.3 Missing.Authorization MEDIUM" "auto-post-thumbnail No.known.fix Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "auto-post-thumbnail 4.1.4 Author+.SSRF MEDIUM" "auto-post-thumbnail 3.9.16 Author+.Arbitrary.File.Upload CRITICAL" "auto-post-thumbnail 3.9.3 Reflected.Cross-Site.Scripting HIGH" "accesspress-social-login-lite 3.4.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "add-widgets-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.25.0b3 Reflected.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.24.0 AJAX.Search.for.WooCommerce.<.1.24.0.-.Admin+.Stored.Cross-Site.Scripting MEDIUM" "ajax-search-for-woocommerce 1.18.0 Admin+.Stored.Cross-Site.Scripting LOW" "ajax-search-for-woocommerce 1.17.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-flamingo No.known.fix Cross-Site.Request.Forgery MEDIUM" "ad-invalid-click-protector 1.2.11 Injected.Backdoor CRITICAL" "ad-invalid-click-protector 1.2.7 Arbitrary.Ban.Deletion.via.CSRF MEDIUM" "ad-invalid-click-protector 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "ad-invalid-click-protector 1.2.6 Authenticated.SQL.Injection MEDIUM" "affieasy 1.1.7 Cross-Site.Request.Forgery.to.Various.Actions MEDIUM" "affieasy 1.1.6 Cross-Site.Request.Forgery MEDIUM" "affieasy 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "affieasy 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-responsive-gallery-album No.known.fix Missing.Authorization MEDIUM" "ai-responsive-gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-site-enhancements-pro 7.6.3 Subscriber+.Privilege.Escalation HIGH" "admin-site-enhancements-pro 7.6.3 Missing.Authorization MEDIUM" "add-to-cart-direct-checkout-for-woocommerce 2.1.49 Admin+.Stored.XSS LOW" "admire-extra 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "accesspress-facebook-auto-post 2.1.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aco-product-labels-for-woocommerce 1.5.11 Admin+.SQLi MEDIUM" "aco-product-labels-for-woocommerce 1.5.9 Admin+.SQLi MEDIUM" "aco-product-labels-for-woocommerce 1.5.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "aco-product-labels-for-woocommerce 1.5.4 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "advanced-wp-reset 1.6 Reflected.Cross-Site.Scripting MEDIUM" "auto-advance-for-gravity-forms 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "auto-advance-for-gravity-forms 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-usps-shipping-method 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "ai-for-seo 1.2.10 Missing.Authorization MEDIUM" "automatic-user-roles-switcher 1.1.2 Subscriber+.Privilege.Escalation HIGH" "accordions-or-faqs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accordions-or-faqs 2.3.1 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.1.0 Admin+.Stored.XSS LOW" "accordions-or-faqs 2.1.0 Authenticated.Arbitrary.Options.Update MEDIUM" "accordions-or-faqs 2.0.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "another-wordpress-classifieds-plugin 4.3.2 Cross-Site.Request.Forgery MEDIUM" "another-wordpress-classifieds-plugin 4.3.2 Missing.Authorization MEDIUM" "another-wordpress-classifieds-plugin 4.3.1 Categories.Mgt.via.CSRF MEDIUM" "another-wordpress-classifieds-plugin 4.3 Unauthenticated.SQLi MEDIUM" "azan No.known.fix Stored.XSS.via.CSRF HIGH" "automatic-domain-changer 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.2.17 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "ameliabooking 1.2.5 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "ameliabooking 1.2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "ameliabooking 1.1.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.96 Cross-Site.Request.Forgery MEDIUM" "ameliabooking 1.0.99 Reflected.Cross-Site.Scripting MEDIUM" "ameliabooking 1.0.94 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "ameliabooking 1.0.99 Missing.Authorization MEDIUM" "ameliabooking 1.0.86 Contributor+.Stored.XSS MEDIUM" "ameliabooking 1.0.76 Reflected.XSS HIGH" "ameliabooking 1.0.48 Customer+.SMS.Service.Abuse.and.Sensitive.Data.Disclosure MEDIUM" "ameliabooking 1.0.49 Customer+.Arbitrary.Appointments.Status.Update MEDIUM" "ameliabooking 1.0.47 Unauthenticated.Stored.XSS.via.lastName HIGH" "ameliabooking 1.0.47 Customer+.Arbitrary.Appointments.Update.and.Sensitive.Data.Disclosure HIGH" "ameliabooking 1.0.46 Arbitrary.Customer.Deletion.via.CSRF MEDIUM" "ameliabooking 1.0.46 Manager+.RCE MEDIUM" "ameliabooking 1.0.46 Reflected.Cross-Site.Scripting MEDIUM" "add-twitter-pixel 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-angular-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "armember-membership-premium No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "astra-widgets 1.2.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "astra-widgets 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-booking-calendar No.known.fix Unauthenticated.SQLi HIGH" "advanced-booking-calendar No.known.fix CSRF MEDIUM" "advanced-booking-calendar 1.7.1 Admin+.SQLi MEDIUM" "advanced-booking-calendar 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-booking-calendar 1.7.0 Unauthenticated.SQL.Injection HIGH" "advanced-booking-calendar 1.6.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.7 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-booking-calendar 1.6.2 Unauthenticated.SQL.Injection CRITICAL" "ajax-pagination No.known.fix wp-admin/admin-ajax.php.loop.Parameter.Local.File.Inclusion HIGH" "amadiscount No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "absolute-reviews 1.1.4 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Criteria.Name MEDIUM" "absolute-reviews 1.0.9 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "ad-swapper No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "awesome-shortcodes-for-genesis No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "alo-easymail 2.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ai-wp-writer 3.8.4.5 Cross-Site.Request.Forgery MEDIUM" "ai-wp-writer 3.6.5.6 Missing.Authorization MEDIUM" "automatic-translation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "avirato-calendar No.known.fix Subscriber+.SQLi HIGH" "acf-vc-integrator 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "ari-cf7-connector 1.2.3 Cross-Site.Request.Forgery MEDIUM" "ari-cf7-connector 1.2.3 Reflected.XSS HIGH" "art-direction No.known.fix Contributor+.Stored.XSS MEDIUM" "advanced-advertising-system No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "add-posts-to-pages No.known.fix Contributor+.Stored.XSS MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-redirection 2.2.0 Admin+.SQLi MEDIUM" "arforms No.known.fix Missing.Authorization.to.Plugin.Settings.Change MEDIUM" "arforms No.known.fix Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Read HIGH" "arforms 6.4.1 Reflected.XSS HIGH" "arforms 6.6 Unauthenticated.RCE CRITICAL" "arforms 6.6 Admin+.Stored.XSS LOW" "arforms 6.4.1 Reflected.Cross-Site.Scripting MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "arforms 6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "arforms 6.4.1 Missing.Authorization.to.Arbitrary.Option.Deletion MEDIUM" "arforms 4.0 Unauthenticated.Arbitrary.File.Deletion.via.Traversal HIGH" "arforms 3.5.2 Unauthenticated.Arbitrary.File.Deletion HIGH" "adamrob-parallax-scroll 2.1 Cross-Site.Scripting.(XSS) MEDIUM" "advanced-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "activedemand 0.2.44 Cross-Site.Request.Forgery MEDIUM" "activedemand 0.2.42 Unauthenticated.Arbitrary.File.Upload CRITICAL" "activedemand 0.2.28 Unauthenticated.Post.Creation/Update/Deletion HIGH" "amr-ical-events-list No.known.fix Admin+.Stored.XSS LOW" "addfunc-mobile-detect No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "anyguide No.known.fix Cross-Site.Request.Forgery MEDIUM" "amazon-auto-links 5.4.3 Reflected.Cross-Site.Scripting MEDIUM" "amazon-auto-links 5.1.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 5.3.2 Contributor+.Stored.XSS MEDIUM" "amazon-auto-links 4.6.20 Reflected.Cross-Site.Scripting HIGH" "about-me-3000 No.known.fix Administrator.Stored.Cross-Site.Scripting MEDIUM" "about-me-3000 No.known.fix CSRF MEDIUM" "allow-svg 1.2.0 Author+.Stored.XSS.via.SVG MEDIUM" "ancient-world-linked-data-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aprils-call-posts No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "accesspress-custom-post-type 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ak-menu-icons-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "apa-banner-slider No.known.fix Cross-Site.Request.Forgery.to.SLQ.Injection HIGH" "advanced-recent-posts No.known.fix Contributor+.Stored.XSS MEDIUM" "agile-video-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "archive-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ad-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "auto-install-free-ssl 3.6.0 Reflected.Cross-Site.Scripting MEDIUM" "ays-slider 2.5.0 Responsive.Slider.and.Carousel.<.2.5.0.-.Authenticated.Blind.SQL.Injection HIGH" "ays-slider 2.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "advanced-import 1.3.8 Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "appizy-app-embed 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "albumreviewer No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ajax-login-and-registration-modal-popup 2.25 Reflected.XSS MEDIUM" "ajax-login-and-registration-modal-popup 2.24 Author+.Stored.XSS MEDIUM" "agp-font-awesome-collection No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "agp-font-awesome-collection No.known.fix Reflected.XSS HIGH" "attesa-extra 1.4.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "attesa-extra 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "astra-sites 4.4.10 Cross-Site.Request.Forgery MEDIUM" "astra-sites 4.4.1 Author+.Stored.XSS MEDIUM" "astra-sites 4.2.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "astra-sites 4.1.7 Contributor+.Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.5 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "astra-sites 3.2.6 Incorrect.Authorization MEDIUM" "astra-sites 3.1.21 Settings.Update.via.CSRF MEDIUM" "astra-sites 2.7.1 Contributor+.Block.Import.to.Stored.XSS HIGH" "aggregator-advanced-settings No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "attach-gallery-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "auto-featured-image-from-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "advanced-cf7-db 2.0.3 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "advanced-cf7-db 2.0.3 Sensitive.Information.Exposure MEDIUM" "advanced-cf7-db 1.8.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-cf7-db 1.8.7 Subscriber+.Arbitrary.File.Deletion HIGH" "advanced-cf7-db 1.7.1 SQL.Injection CRITICAL" "azindex No.known.fix Index.Deletion.via.CSRF MEDIUM" "azindex No.known.fix Stored.XSS.via.CSRF HIGH" "about-me No.known.fix Subscriber+.Arbitrary.Network.Creation/Deletion MEDIUM" "artificial-intelligence-auto-content-generator 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "admin-notices-for-team No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-notices-for-team No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "admin-notices-for-team No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "activitytime 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "activitytime 1.1.0 Unauthenticated.SQL.Injection HIGH" "activitytime 1.0.9 Unauthenticated.SQL.injection HIGH" "activitytime 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accessibility 1.0.7 Cross-Site.Request.Forgery MEDIUM" "accessibility 1.0.4 Admin+.Stored.XSS LOW" "ai-image 1.5.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "auto-login-new-user-after-registration No.known.fix CSRF MEDIUM" "auto-login-new-user-after-registration No.known.fix Stored.XSS.via.CSRF HIGH" "accounting-for-woocommerce 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "accounting-for-woocommerce 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "admission-appmanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "advanced-classifieds-and-directory-pro 3.2.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-classifieds-and-directory-pro 3.1.2 Missing.Authorization.to.Arbitrary.Attachment.Deletion MEDIUM" "advanced-classifieds-and-directory-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "advanced-classifieds-and-directory-pro 1.8.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-classifieds-and-directory-pro 1.6.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "add-user-role No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "add-link-to-facebook No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "announcer 6.0.1 Missing.Authorization MEDIUM" "add-categories-post-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automizy-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automizy-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auxin-elements 2.17.5 Missing.Authorization MEDIUM" "auxin-elements 2.17.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Staff.Widget MEDIUM" "auxin-elements 2.17.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aux_contact_box.and.aux_gmaps.Shortcodes MEDIUM" "auxin-elements 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Modern.Heading.and.Icon.Picker.Widgets MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_gmaps.Shortcode MEDIUM" "auxin-elements 2.15.8 Contributor+.XSS.via.HTML.Element MEDIUM" "auxin-elements No.known.fix Subscriber+.PHP.Object.Injection HIGH" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.Custom.JS MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.title_tag MEDIUM" "auxin-elements 2.15.6 Contributor+.Stored.XSS.via.Accordion.Widget MEDIUM" "auxin-elements 2.15.8 Contributor+.Stored.XSS.via.aux_timeline.Shortcode MEDIUM" "auxin-elements 2.15.8 Subscriber+.Template.Import MEDIUM" "auxin-elements 2.15.5 Contributor+.Stored.XSS MEDIUM" "auxin-elements 2.15.0 Unauthenticated.Local.File.Inclusion CRITICAL" "auxin-elements 2.10.7 PHP.Objection.Injection MEDIUM" "auxin-elements 2.9.8 Reflected.Cross-Site-Scripting MEDIUM" "animated-typing-effect 1.3.7 Contributor+.Stored.XSS MEDIUM" "animation-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Slider.and.Tabs.Widget.Elementor.Template MEDIUM" "audio-video-download-buttons-for-youtube 1.04 Reflected.Cross-Site.Scripting MEDIUM" "ashe-extra 1.3 Missing.Authorization MEDIUM" "ashe-extra 1.2.92 Subscriber+.Companion.Plugin.Activation.&.Content.Import MEDIUM" "add-svg-support-for-media-uploader-inventivo No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "ayecode-connect 1.3.9 Missing.Authorization MEDIUM" "aparat-responsive No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-mojo 0.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "audiocase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-image-sitemap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-cufon No.known.fix Cross-Site.Request.Forgery MEDIUM" "addon-sweetalert-contact-form-7 1.0.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "autolinks No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "add-hierarchy-parent-to-post 3.13 Reflected.Cross-Site.Scripting MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "ai-scribe-the-chatgpt-powered-seo-content-creation-wizard No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "add-whatsapp-button 2.1.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "auth0 4.6.1 Reflected.Cross-Site.Scripting.via.wle MEDIUM" "auth0 4.0.0 Multiple.Vulnerabilities CRITICAL" "auth0 3.11.3 Unauthenticated.Reflected.XSS.via.wle.Parameter MEDIUM" "addify-image-watermark-for-woocommerce 1.0.1 Multiple.CSRF MEDIUM" "addify-abandoned-cart-recovery 1.2.5 Multiple.CSRF MEDIUM" "add-pinterest-conversion-tags 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "add-pinterest-conversion-tags 1.0.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "aio-shortcodes 1.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "appointment-buddy-online-appointment-booking-by-accrete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "animated-number-counters 2.2 Editor+.Local.File.Inclusion HIGH" "animated-number-counters 1.7 Editor+.Stored.XSS MEDIUM" "automation-web-platform 3.0.18 Unauthenticated.Privilege.Escalation CRITICAL" "aramex-shipping-woocommerce No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "ar-for-woocommerce 7.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ad-buttons 2.3.2 CSRF.&.XSS MEDIUM" "affiliate-links 3.1.0 Missing.Authorization.to.Unauthenticated.Import/Export.and.PHP.Object.Injection HIGH" "affiliate-links 2.7 Contributor+.Stored.XSS MEDIUM" "animation-addons-for-elementor-pro 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "allow-php-execute No.known.fix Authenticated.(Editor+).PHP.Code.Injection HIGH" "advanced-schedule-posts No.known.fix Reflected.XSS HIGH" "a2-optimized-wp 3.0.5 Data.Collection.Toggle.via.CSRF MEDIUM" "adifier-system 3.1.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "automail No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "automail 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anthologize 0.8.1 Admin+.Stored.XSS LOW" "accessally 3.5.7 $_SERVER.Superglobal.Leakage HIGH" "accessally 3.3.2 Unauthenticated.Arbitrary.PHP.Code.Execution CRITICAL" "add-customer-for-woocommerce 1.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Shortcode MEDIUM" "all-in-one-video-gallery 3.7.0 Authenticated.(Contributor+).Local.File.Inclusion.via.aiovg_search_form.Shortcode HIGH" "all-in-one-video-gallery 3.6.5 Contributor+.Arbitrary.File.Upload.via.featured.image HIGH" "all-in-one-video-gallery 3.6.0 Missing.Authorization MEDIUM" "all-in-one-video-gallery 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "all-in-one-video-gallery 2.6.1 2.6.0.-.Unauthenticated.Arbitrary.File.Download.&.SSRF HIGH" "all-in-one-video-gallery 2.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-in-one-video-gallery 2.5.0 Admin+.Local.File.Inclusion LOW" "alpine-photo-tile-for-pinterest No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ampedsense-adsense-split-tester 4.69 Reflected.XSS HIGH" "add-custom-google-tag-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "automatic-grid-image-listing No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "aio-time-clock-lite 1.3.321 Admin+.Stored.XSS LOW" "advanced-data-table-for-elementor 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "awesome-gallery-singsys No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "address-email-and-phone-validation No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "anti-spam 7.3.8 Missing.Authorization MEDIUM" "anti-spam 7.3.1 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "a4-barcode-generator 3.4.11 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.10 Missing.Authorization MEDIUM" "a4-barcode-generator 3.4.7 Subscriber+.Settings/Profiles.Update,.Templates/Barcodes.Access/Creation/Edition/Deletion MEDIUM" "a4-barcode-generator 3.4.7 Subscriber+.Stored.XSS HIGH" "art-decoration-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "auphonic-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "advanced-blocks-pro No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "author-avatars 2.1.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.22 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "author-avatars 2.1.19 Contributor+.Stored.XSS MEDIUM" "admin-management-xtended 2.4.7 Contributor+.Stored.XSS MEDIUM" "admin-management-xtended 2.4.5 Post.Visibility/Date/Comment.Status.Update.via.CSRF MEDIUM" "admin-management-xtended 2.4.5 Multiple.CSRF MEDIUM" "admin-management-xtended 2.4.0.1 Privilege.Escalation MEDIUM" "awesome-twitter-feeds No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "admin-menu-manager No.known.fix Cross-Site.Request.Forgery MEDIUM" "auto-iframe 2.0 Contributor+.XSS.via.Shortcode MEDIUM" "auto-iframe 1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.tag.Parameter MEDIUM" "advanced-easy-shipping-for-wc-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "astra-bulk-edit 1.2.8 Missing.Authorization MEDIUM" "autosave-net No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "autosave-net No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "anfrageformular No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ads-by-datafeedrcom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ads-by-datafeedrcom 1.2.0 Unauthenticated.Remote.Code.Execution CRITICAL" "appmaker-woocommerce-mobile-app-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aws-cdn-by-wpadmin 3.0.0 Cross-Site.Request.Forgery MEDIUM" "acf-for-woocommerce-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "acf-for-woocommerce-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "advanced-custom-fields-pro 6.3.9 Admin+.Remote.Code.Execution MEDIUM" "advanced-custom-fields-pro 6.3.9 Admin+.Stored.XSS LOW" "advanced-custom-fields-pro 6.3.6 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "advanced-custom-fields-pro 6.3 Contributor+.Custom.Field.Access LOW" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Code.Injection CRITICAL" "advanced-custom-fields-pro 6.2.10 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "advanced-custom-fields-pro 6.2.5 Contributor+.Stored.Cross-Site.Scripting.via.Custom.Field MEDIUM" "advanced-custom-fields-pro 6.1.6 Reflected.XSS HIGH" "advanced-custom-fields-pro 6.1.0 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 5.12.5 Contributor+.PHP.Object.Injection MEDIUM" "advanced-custom-fields-pro 5.12.3 Unauthenticated.File.Upload MEDIUM" "advanced-custom-fields-pro 5.12.1 Contributor+.Database.Information.Access MEDIUM" "advanced-custom-fields-pro 5.11 Subscriber+.Arbitrary.ACF.Data/Field.Groups.View.and.Fields.Move MEDIUM" "advanced-custom-fields-pro 5.9.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "async-javascript 2.21.06.29 Authenticated.(admin+).Stored.XSS MEDIUM" "anonymous-restricted-content 1.6.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "anonymous-restricted-content 1.6.3 .Protection.Mechanism.Bypass MEDIUM" "ai-auto-tool 2.1.3 Missing.Authorization MEDIUM" "ahathat No.known.fix Reflected.XSS.via.REQUEST_URI MEDIUM" "ahathat No.known.fix Admin+.SQL.Injection MEDIUM" "archives-calendar-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "all-in-one-seo-pack-pro 4.2.6 Admin+.SSRF LOW" "ads-invalid-click-protection No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "affiliate-toolkit-starter 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.atkp_product.Shortcode MEDIUM" "affiliate-toolkit-starter 3.6 Unauthenticated.Full.Path.Dislcosure MEDIUM" "affiliate-toolkit-starter 3.4.5 Unauthenticated.Sensitive.Information.Exposure.via.Logs MEDIUM" "affiliate-toolkit-starter 3.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.ratings MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_import_product MEDIUM" "affiliate-toolkit-starter 3.5.5 Missing.Authorization.via.atkp_create_list MEDIUM" "affiliate-toolkit-starter 3.4.3 Unauthenticated.SSRF HIGH" "affiliate-toolkit-starter 3.4.4 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "affiliate-toolkit-starter 3.4.0 Open.Redirect.via.atkpout.php LOW" "affiliate-toolkit-starter 3.3.4 Editor+.Stored.XSS LOW" "azonbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-addons-for-elementor No.known.fix Authenticated.(Contributor+).Private.Templates.Content.Disclosure MEDIUM" "alert-me No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aceide No.known.fix Authenticated.(admin+).Arbitrary.File.Access MEDIUM" "admin-site-enhancements 7.6.10 Limit.Login.Attempt.Bypass.via.IP.Spoofing MEDIUM" "admin-site-enhancements 7.6.3 Subscriber+.Privilege.Escalation HIGH" "admin-site-enhancements 7.6.3 Missing.Authorization LOW" "admin-site-enhancements 7.5.2 Authenticated.Stored.Cross-Site.Scripting.via.SVG MEDIUM" "admin-site-enhancements 5.8.0 Password.Protection.Mode.Security.Feature.Bypass HIGH" "advanced-quiz 1.0.3 Admin+.Stored.XSS LOW" "advanced-quiz No.known.fix Admin+.Stored.XSS.in.Quiz.Overview LOW" "alpha-price-table-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "advanced-page-visit-counter No.known.fix Admin+.Stored.XSS LOW" "advanced-page-visit-counter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 8.0.1 Contributor+.SQLi MEDIUM" "advanced-page-visit-counter 7.1.1 Reflected.Cross-Site.Scripting MEDIUM" "advanced-page-visit-counter 6.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "advanced-page-visit-counter 6.1.6 Subscriber+.Blind.SQL.injection HIGH" "advanced-page-visit-counter 6.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "auto-robot 3.3.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "arprice-responsive-pricing-table 3.6.1 Unauthenticated.SQLi HIGH" "arprice-responsive-pricing-table 2.3 Cross-Site.Request.Forgery MEDIUM" "accessibility-help-button 1.1 Admin+.Stored.Cross.Site.Scripting LOW" "accessibility-help-button 1.1 Admin+.Stored.XSS LOW" "accessibility-help-button 1.2 Admin+.Stored.XSS LOW" "any-hostname No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "accept-stripe-payments-using-contact-form-7 2.6 Unauthenticated.Information.Exposure MEDIUM" "automatic-internal-links-for-seo 1.2.2 Authenticated.(Administrator+).SQL.Injection.via.post_id.Parameter MEDIUM" "automatic-internal-links-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "all-images-ai 1.0.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "agecheckernet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ap-companion 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aiomatic-automatic-ai-content-writer 2.3.9 AI.Content.Writer,.Editor,.ChatBot.&.AI.Toolkit.<.2.3.9.-.Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "aiomatic-automatic-ai-content-writer 2.3.7 AI.Content.Writer,.Editor,.ChatBot.&.AI.Toolkit.<.2.3.7.-.Missing.Authorization.to.Authenticated.(Subscriber+).Multiple.Administrator.Actions MEDIUM" "aiomatic-automatic-ai-content-writer 2.0.6 Automatic.AI.Content.Writer.<.2.0.6.-.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "aiomatic-automatic-ai-content-writer 1.9.4 Missing.Authorization MEDIUM" "avchat-3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "autocompleter No.known.fix Cross-Site.Request.Forgery MEDIUM" "apppresser 4.4.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "apppresser 4.4.7 Unauthenticated.Privilege.Escalation.via.Password.Reset CRITICAL" "apppresser 4.4.5 Privilege.Escalation.and.Account.Takeover.via.Weak.OTP HIGH" "apppresser 4.4.0 Improper.Missing.Encryption.Exception.Handling.to.Authentication.Bypass HIGH" "apppresser 4.3.1 Missing.Authorization MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.force_logging_off() MEDIUM" "apppresser 4.3.1 Cross-Site.Request.Forgery.via.toggle_logging_callback() MEDIUM" "apppresser 4.3.0 Insecure.Password.Reset.Mechanism HIGH" "ap-pricing-tables-lite No.known.fix Admin+.SQLi MEDIUM" "ap-pricing-tables-lite 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "ap-pricing-tables-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "af-companion 1.2.0 1.1.2.-.Arbitrary.Plugin.Installation.&.Activation.via.CSRF HIGH" "adapta-rgpd 1.3.3 Unauthorised.Consent.via.CSRF MEDIUM" "aforms-form-builder-for-price-calculator-cost-estimation 2.2.7 Unauthenticated.Full.Path.Disclosure MEDIUM" "alt-manager 1.6.2 Missing.Authorization MEDIUM" "alt-manager 1.5.7 Reflected.Cross-Site.Scripting MEDIUM" "alt-manager 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ai-moderator-for-buddypress-and-buddyboss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ajax-random-post No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "appointmind 4.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "accesspress-pinterest 3.3.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "appten-image-rotator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "antihacker 4.52 Missing.Authorization.to.Unauthenticated.IP.Address.Whitelist MEDIUM" "antihacker 4.53 Missing.Authorization.to.Authenticated.(Subscriber+).Table.Truncation MEDIUM" "antihacker 4.35 Cross-Site.Request.Forgery.via.antihacker_ajax_scan MEDIUM" "antihacker 4.20 Subscriber+.Arbitrary.Plugin.Installation HIGH" "add-multiple-marker No.known.fix Settings.Update.via.CSRF MEDIUM" "add-multiple-marker No.known.fix Unauthenticated.Settings.Update MEDIUM" "adventure-bucket-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ai-quiz No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "ai-quiz No.known.fix Missing.Authorization MEDIUM" "accredible-certificates 1.4.9 Admin+.Stored.XSS LOW" "aspose-doc-exporter No.known.fix Missing.Authorization MEDIUM" "aspose-doc-exporter 2.0 Unauthenticated.Arbitrary.File.Download HIGH" "auto-keyword-backlink No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "boldgrid-backup 1.16.9 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "boldgrid-backup 1.16.7 Authenticated.(Administrator+).Remote.Code.Execution.via.Backup.Settings HIGH" "boldgrid-backup 1.15.9 Improper.Authorization.to.Unauthenticated.Arbitrary.File.Download HIGH" "boldgrid-backup 1.14.14 Subscriber+.Backup.Disclosure MEDIUM" "boldgrid-backup 1.14.10 Unauthenticated.Backup.Download HIGH" "boldgrid-backup 1.14.10 Sensitive.Data.Disclosure.(Server.IP.Address,.UID.etc) MEDIUM" "bg-biblie-references No.known.fix Reflected.XSS HIGH" "blockonomics-bitcoin-payments 3.5.8 Reflected.Cross-Site.Scripting HIGH" "blockonomics-bitcoin-payments 3.3 Blockonomics.<.3.3.-.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "bws-pinterest 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bwp-google-xml-sitemaps No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "batch-cat No.known.fix Subscriber+.Arbitrary.Categories.Add/Set/Delete.to.Posts MEDIUM" "buddyforms-ultimate-member 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "block-slider 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "block-slider 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bold-timeline-lite 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-timeline-lite 1.2.0 Missing.Authorization.to.Admin.Notice.Dismissal MEDIUM" "bold-timeline-lite 1.1.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bradmax-player 1.1.28 Contributor+.Stored.XSS MEDIUM" "basepress-migration-tools No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bulletproof-security 6.1 Admin+.Stored.Cross-Site.Scripting LOW" "bulletproof-security 5.8 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "bulletproof-security 5.2 Sensitive.Information.Disclosure MEDIUM" "bulletproof-security .53.4 Multiple.XSS.Vulnerabilities MEDIUM" "bread-butter 7.5.880 Contributor+.Stored.XSS MEDIUM" "ba-plus-before-after-image-slider-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyboss-platform 2.8.00 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.'link_title' MEDIUM" "buddyboss-platform 2.6.0 Insecure.Direct.Object.Reference.on.Like.Comment MEDIUM" "buddyboss-platform 2.7.60 Private.Comment.Exposure.via.IDOR MEDIUM" "buddyboss-platform 1.7.9 Subscriber+.SQL.Injection MEDIUM" "better-rss-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bizcalendar-web 1.1.0.26 Reflected.XSS HIGH" "bws-popular-posts 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "business-directory-plugin 6.4.15 Easy.Listing.Directories.for.WordPress.<.6.4.15.-.Insecure.Direct.Object.Reference.to.Listing.Arbitrary.Image.Addition MEDIUM" "business-directory-plugin 6.4.4 Authenticated.(Author+).CSV.Injection HIGH" "business-directory-plugin 6.4.3 Unauthenticated.SQL.Injection.via.listingfields.Parameter CRITICAL" "business-directory-plugin 6.3.10 Contributor+.Arbitrary.Listing.Deletion LOW" "business-directory-plugin 6.3.11 Cross-Site.Request.Forgery MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Listing.Export HIGH" "business-directory-plugin 5.11.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "business-directory-plugin 5.11.2 Arbitrary.Payment.History.Update MEDIUM" "business-directory-plugin 5.11 Arbitrary.File.Upload.to.RCE HIGH" "business-directory-plugin 5.11.1 Authenticated.PHP4.Upload.to.RCE MEDIUM" "business-directory-plugin 5.11.1 Arbitrary.Add/Edit/Delete.Form.Field.to.Stored.XSS HIGH" "bemax-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "best-bootstrap-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bws-linkedin 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "back-button-widget 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bebetter-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breadcrumb 1.5.33 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "banner-garden No.known.fix Reflected.XSS HIGH" "bp-social-connect 1.6.2 Authentication.Bypass CRITICAL" "bakkbone-florist-companion 7.3.0 Reflected.Cross-Site.Scripting MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "bakkbone-florist-companion 7.4.0 Missing.Authorization.to.Arbitrary.Content.Deletion MEDIUM" "buttons-x No.known.fix Buttons.X.<=.0.8.6.-.Contributor+.Stored.XSS MEDIUM" "backlink-monitoring-manager No.known.fix Reflected.XSS HIGH" "blur-text 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blaze-widget 2.5.4 Injected.Backdoor CRITICAL" "bamboo-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bet-wc-2018-russia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "beepress No.known.fix Cross-Site.Request.Forgery.via.beepress-pro.php MEDIUM" "booking 10.10.1 Unauthenticated.Post-Confirmation.Booking.Manipulation MEDIUM" "booking 10.9.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'booking'.Shortcode MEDIUM" "booking 10.6.5 Admin+.Stored.XSS LOW" "booking 10.6.3 Admin+.Stored.XSS LOW" "booking 10.6.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "booking 10.5.1 Reflected.Cross-Site.Scripting MEDIUM" "booking 10.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bookingform.Shortcode MEDIUM" "booking 9.9.1 Unauthenticated.SQL.Injection CRITICAL" "booking 9.7.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "booking 9.7.3.1 Unauthenticated.Stored.XSS HIGH" "booking 9.2.2 Arbitrary.Translation.Update.via.CSRF MEDIUM" "booking 9.1.1 PHP.Object.Injection HIGH" "booking 8.9.2 Reflected.Cross-Site.Scripting HIGH" "booking 8.4.5.15 SQL.Injection HIGH" "bnfw 1.7 Reflected.Cross-Site.Scripting MEDIUM" "bnfw 1.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bnfw 1.8.7 Email.Address.Disclosure MEDIUM" "buddypress-hashtags 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "biometric-login-for-woocommerce 1.0.4 Unauthenticated.Privilege.Escalation CRITICAL" "bizapp-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "breadcrumbs-by-menu 1.0.3 Multiple.Issues HIGH" "buddyforms-remote 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "book-a-room No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "b-banner-slider No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "base64-encoderdecoder No.known.fix Stored.XSS.via.CSRF HIGH" "base64-encoderdecoder No.known.fix Reflected.XSS HIGH" "base64-encoderdecoder No.known.fix Settings.Reset.via.CSRF MEDIUM" "blrt-wp-embed No.known.fix Reflected.Cross-Site.Scripting HIGH" "blrt-wp-embed No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "bulk-role-change No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "booking-calendar-and-notification No.known.fix Missing.Authorization.via.wpcb_all_bookings,.wpcb_update_booking_post,.and.wpcb_delete_posts.Functions MEDIUM" "blockart-blocks 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blogintroduction-wordpress-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "bridge-core 3.3.1 Missing.Authorization MEDIUM" "bridge-core 3.3.1 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "bridge-core 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bridge-core 3.1.0 Reflected.XSS HIGH" "bbspoiler 2.02 Contributor+.Stored.XSS MEDIUM" "beacon-for-helpscout No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingcom-product-helper 1.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "bbp-move-topics 1.1.6 Code.Injection.&.CSRF CRITICAL" "betterlinks 2.1.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "betterlinks 1.6.1 Improper.Authorization.to.Data.Import.and.Export MEDIUM" "betterlinks 1.2.6 Admin+.Stored.Cross-Site.Scripting LOW" "bigcontact No.known.fix Cross-Site.Request.Forgery MEDIUM" "bo-wc-customer-review-watson No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bulletin-announcements 3.12 Reflected.Cross-Site.Scripting HIGH" "bulletin-announcements 3.9.0 Authenticated.(Administrator+).SQL.Injection HIGH" "bulletin-announcements 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "bulletin-announcements 3.7.1 Cross-Site.Request.Forgery MEDIUM" "bulletin-announcements 3.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "bulletin-announcements 3.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bold-page-builder 5.1.6 Authenticated.(Editor+).Path.Traversal LOW" "bold-page-builder 5.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.4 Missing.Authorization MEDIUM" "bold-page-builder 5.1.1 -.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_button.Shortcode MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Separator.Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via."Price.List".Element MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.AI.Features MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.URL.Attribute MEDIUM" "bold-page-builder 4.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bt_bb_price_list.Shortcode MEDIUM" "bold-page-builder 4.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.URL MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Link MEDIUM" "bold-page-builder 4.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Raw.Content MEDIUM" "bold-page-builder 4.7.0 Contributor+.Stored.XSS MEDIUM" "bold-page-builder 4.3.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "bold-page-builder 3.1.6 PHP.Object.Injection MEDIUM" "bold-page-builder 2.3.2 Missing.Access.Controls HIGH" "bookshelf No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "blog-designer-for-post-and-widget 2.4.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bamazoo-button-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dgs.Shortcode MEDIUM" "bookit 2.4.1 Price.Bypass MEDIUM" "bookit 2.4.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "bookit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "bookit 2.3.8 Authentication.Bypass CRITICAL" "bookit 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookit 2.1.6 Authorised.AJAX.Calls MEDIUM" "buddypress-activity-plus 1.6.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "britetechs-companion 2.2.8 Injected.Backdoor CRITICAL" "board-election No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "blog-filter 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bulk-delete-users-by-email No.known.fix User.Deletion.via.CSRF HIGH" "bulk-delete-users-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-for-font-awesome 1.4.1 Block.for.Font.Awesome.<.1,4,1.-Settings.Update.via.CSRF MEDIUM" "billingo 3.4.0 ShopManager+.Stored.XSS MEDIUM" "bet-sport-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "bravo-search-and-replace No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "before-after-image-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bulk-resize-media No.known.fix CSRF MEDIUM" "bit-form 2.17.5 Authenticated.(Administrator+).Server-Side.Request.Forgery LOW" "bit-form 2.17.4 Missing.Authorization.to.Authenticated.(Subscriber+).Form.Submission.Disclosure MEDIUM" "bit-form 2.15.3 Admin+.Arbitrary.File.Read LOW" "bit-form 2.13.12 Authenticated.(Administrator+).SQL.Injection MEDIUM" "bit-form 2.13.11 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.13.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection.via.getLogHistory.Function HIGH" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.JavaScript.File.Uploads MEDIUM" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).Arbitrary.File.Read.And.Deletion CRITICAL" "bit-form 2.13.10 2.13.9.-.Authenticated.(Administrator+).SQL.Injection HIGH" "bit-form 2.13.5 2.13.4.-.Authenticater.(Administrator+).Arbitrary.File.Deletion HIGH" "bit-form 2.13.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bit-form 2.10.2 Unauthenticated.Insecure.Direct.Object.Reference.to.Form.Submission.Alteration MEDIUM" "bit-form 2.2.0 Admin+.Stored.XSS LOW" "bit-form 1.9 RCE.via.Unauthenticated.Arbitrary.File.Upload CRITICAL" "b-testimonial 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddypress-media 4.6.19 Subscriber+.SQL.Injection HIGH" "buddypress-media 4.6.19 Authenticated.(Contributor+).SQL.Injection.via.rtmedia_gallery.Shortcode HIGH" "buddypress-media 4.6.16 Subscriber+.RCE CRITICAL" "buddypress-media 4.6.16 Admin+.RCE MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.via.export_settings MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Settings.Update MEDIUM" "buddypress-media 4.6.15 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "blocked-in-china 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blocked-in-china 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-acf 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "browser-update-notify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "button-contact-vr 4.7.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "button-contact-vr 4.7.8 Admin+.Stored.XSS LOW" "button-contact-vr 4.7.7 Admin+.Stored.XSS LOW" "bulk-categories-assign No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bvd-easy-gallery-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blaze-online-eparcel-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "board-document-manager-from-chuhpl No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "backup-database No.known.fix Admin+.Stored.XSS LOW" "bws-testimonials 0.1.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bluetrait-event-viewer No.known.fix Settings.Update.via.CSRF MEDIUM" "bulk-woocommerce-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-woocommerce-category-creator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bb-bootstrap-cards 1.1.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "bb-bootstrap-cards 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Cards.Widget MEDIUM" "bb-bootstrap-cards 1.1.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.bootstrapcard.link MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Export MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Order.Deletion MEDIUM" "buy-one-click-woocommerce No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Import MEDIUM" "booking-package 1.6.73 Reflected.Cross-Site.Scripting.via.Locale.Parameter MEDIUM" "booking-package 1.6.29 Unauthenticated.Price.Manipulation MEDIUM" "booking-package 1.6.02 Reflected.XSS HIGH" "booking-package 1.5.29 Unauthenticated.Sensitive.Data.Disclosure HIGH" "booking-package 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.1.10 Reflected.Cross-Site.Scripting MEDIUM" "blockmeister 3.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bertha-ai-free 1.11.10.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "blighty-explorer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bulk-attachment-download 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "bulk-attachment-download 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "beek-widget-extention No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betteroptin No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "blocks-bakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blocks-bakery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booking-weir No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-weir 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bosa-elementor-for-woocommerce 1.0.13 Missing.Authorization MEDIUM" "bauernregeln No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "best-woocommerce-feed 7.3.16 Authenticated.(Admin+).Directory.Traversal LOW" "best-woocommerce-feed 3.0 Reflected.Cross-Site.Scripting MEDIUM" "best-woocommerce-feed 2.2.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "bulgarisation-for-woocommerce 3.0.15 Missing.Authorization HIGH" "bulgarisation-for-woocommerce 3.0.15 Cross-Site.Request.Forgery HIGH" "banner-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-bp-registration No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "better-elementor-addons 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.2 Authenticated(Contributor+).Local.File.Inclusion HIGH" "better-elementor-addons 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-elementor-addons 1.4.2 Contributor+.Stored.XSS MEDIUM" "better-elementor-addons 1.3.9 Subscriber+.Settings.Update./.Reset MEDIUM" "better-elementor-addons 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "beds24-online-booking 2.0.28 Contributor+.Stored.XSS.via.beds24-link.Shortcode MEDIUM" "beds24-online-booking 2.0.26 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.24 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "beds24-online-booking 2.0.25 Contributor+.Stored.XSS MEDIUM" "breeze 2.1.15 Missing.Authorization MEDIUM" "breeze 2.1.15 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "breeze 2.1.4 Admin+.Stored.XSS LOW" "breeze 2.0.3 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "beautiful-and-responsive-cookie-consent 2.10.2 Unauthenticated.Stored.XSS HIGH" "beautiful-and-responsive-cookie-consent 2.9.1 Admin+.Stored.XSS LOW" "blue-triad-ezanalytics No.known.fix Reflected.Cross-Site.Scripting.via.'bt_webid' MEDIUM" "bamboo-enquiries No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bonway-static-block-editor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bxslider-wp No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "breadcrumbs-shortcode 1.45 Reflected.Cross-Site.Scripting MEDIUM" "booking-calendar 3.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "booking-calendar 3.2.20 Authenticated.(Contributor+).SQL.Injection MEDIUM" "booking-calendar 3.2.16 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "booking-calendar 3.2.12 Admin+.SQLi MEDIUM" "booking-calendar 3.2.9 Multiple.Authenticated(Editor+).SQL.Injection HIGH" "booking-calendar 3.2.8 Admin+.SQLi MEDIUM" "booking-calendar 3.2.4 Editor+.Stored.XSS LOW" "booking-calendar 3.2.4 Form.Creation/Update/Deletion/Duplication.via.CSRF MEDIUM" "booking-calendar 3.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "booking-calendar 2.2.3 Parameters.Tampering.Allowing.Arbitrary.Prices.Change HIGH" "booking-calendar 2.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "browser-theme-color No.known.fix Cross-Site.Request.Forgery.via.btc_settings_page MEDIUM" "bpmnio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buymeacoffee 3.7 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "buymeacoffee 3.8 Subscriber+.Unauthorized.Data.Modification HIGH" "buymeacoffee 3.8 Cross-Site.Request.Forgery HIGH" "buymeacoffee 3.7 Admin+.Stored.XSS LOW" "backwpup 4.0.2 Admin+.Directory.Traversal MEDIUM" "backwpup 4.0.4 Unauthenticated.Backup.Download HIGH" "backwpup 4.0.2 Authenticated.(Administrator+).Directory.Traversal HIGH" "backwpup 3.4.2 Backup.File.Download HIGH" "buybox-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brid-video-easy-publish 3.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.brid_override_yt.Shortcode MEDIUM" "brid-video-easy-publish 3.8.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "blox-page-builder No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "bacola-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "baw-login-logout-menu No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "before-and-after No.known.fix Cross-Site.Request.Forgery MEDIUM" "bot-for-telegram-on-woocommerce No.known.fix Authenticated.(Subscriber+).Telegram.Bot.Token.Disclosure.to.Authentication.Bypass HIGH" "bounce-handler-mailpoet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-comments 1.5.6 Admin+.Stored.XSS LOW" "better-comments 1.5.6 Subscriber+.Stored.XSS HIGH" "better-comments 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "better-comments 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "blackhole-bad-bots 3.3.2 Arbitrary.IP.Address.Blocking.via.IP.Spoofing HIGH" "buddyforms-posts-to-posts-integration 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "bws-google-maps 1.3.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "beam-me-up-scotty 1.0.22 Reflected.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.22 Reflected.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.19 Unauthenticated.Full.Path.Disclosure MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "branda-white-labeling 3.4.18 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "branda-white-labeling 3.4.15 IP.Spoofing MEDIUM" "bj-lazy-load 1.0 Remote.File.Inclusion.(Timthumb) HIGH" "backup-wd No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "bulk-menu-edit 1.3.1 Missing.Authorization MEDIUM" "bandsintown 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-calendar-pro 11.2.20 Reflected.Cross-Site.Scripting.via.'calendar_id' MEDIUM" "brodos-net-onlineshop No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bbs-e-popup No.known.fix Reflected.XSS HIGH" "browser-shots 1.7.6 Contributor+.Stored.XSS MEDIUM" "boom-fest 2.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "bp-member-type-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-wp-security 9.3.2 IP.Address.Spoofing.to.Denial.of.Service MEDIUM" "better-wp-security 9.0.1 Unauthenticated.Login.Page.Disclosure MEDIUM" "better-wp-security 7.9.1 Hide.Backend.Bypass MEDIUM" "better-wp-security 7.0.3 Authenticated.SQL.Injection HIGH" "better-wp-security 6.9.1 Cross-Site.Scripting.(XSS) HIGH" "bookingpress-appointment-booking 1.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingpress-appointment-booking 1.1.23 Unauthenticated.Export.File.Download MEDIUM" "bookingpress-appointment-booking 1.1.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "bookingpress-appointment-booking 1.1.8 1.1.7.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "bookingpress-appointment-booking 1.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update.and.Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.1.6 Authenticated.(Subscriber+).Arbitrary.File.Read.to.Arbitrary.File.Creation HIGH" "bookingpress-appointment-booking 1.0.83 Missing.Authorization.to.Appointment.Time.Alteration MEDIUM" "bookingpress-appointment-booking 1.0.82 Authenticated.(Customer+).Insecure.Direct.Object.Reference MEDIUM" "bookingpress-appointment-booking 1.0.88 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.75 Unauthenticated.Booking.Price.Manipulation HIGH" "bookingpress-appointment-booking 1.0.73 Authenticated.(Contributor+).SQL.Injection HIGH" "bookingpress-appointment-booking 1.0.77 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bookingpress-appointment-booking 1.0.31 Unauthenticated.IDOR.in.appointment_id HIGH" "bookingpress-appointment-booking 1.0.11 Unauthenticated.SQL.Injection HIGH" "better-robots-txt 1.4.6 Cross-Site.Request.Forgery MEDIUM" "better-robots-txt 1.4.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "better-robots-txt 1.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "browser-and-operating-system-finder No.known.fix Unauthenticated.Settings.Reset MEDIUM" "browser-and-operating-system-finder No.known.fix Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "broken-link-manager No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "broken-link-manager 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-manager 0.5.0 Unauthenticated.SQL.Injection.&.XSS CRITICAL" "beaver-builder-lite-version 2.8.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.4.3 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Widget MEDIUM" "beaver-builder-lite-version 2.8.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3.7 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Button.Group.Module MEDIUM" "beaver-builder-lite-version 2.8.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.type.Parameter MEDIUM" "beaver-builder-lite-version 2.8.3.4 Reflected.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.1.3 Contributor+.Stored.Cross-Site.Scripting.via.photo.widget.crop.attribute MEDIUM" "beaver-builder-lite-version 2.8.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "beaver-builder-lite-version 2.8.0.7 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.5 Contributor+.Stored.Cross-Site.Scripting.via.heading.tag MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS.via.Icon.Widget MEDIUM" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.4.3 Reflected.XSS HIGH" "beaver-builder-lite-version 2.7.4.3 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.7.2.1 Contributor+.Stored.XSS MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption.On.Hover MEDIUM" "beaver-builder-lite-version 2.5.5.3 .Authenticated.Stored.XSS.via.Caption MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Text.Editor MEDIUM" "beaver-builder-lite-version 2.5.5.3 Authenticated.Stored.XSS.via.Image.URL MEDIUM" "beaver-builder-lite-version 2.5.4.4 Subscriber+.Arbitrary.Post.Builder.Layout.Disabling MEDIUM" "blogsafe-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blogsafe-scanner 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bwl-advanced-faq-manager 2.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "bsk-pdf-manager 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bsk-pdf-manager 3.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "bsk-pdf-manager 3.1.2 Admin+.SQL.Injection MEDIUM" "bsk-pdf-manager 2.9.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "bsk-pdf-manager 1.5 Multiple.Authenticated.SQL.Injections CRITICAL" "bne-testimonials 2.0.8 Contributor+.Stored.XSS MEDIUM" "burst-statistics 1.5.7 Contributor+.Stored.Cross-Site.Scripting.via.burst_total_pageviews_count MEDIUM" "burst-statistics 1.5.4 Editor+.SQL.Injection HIGH" "burst-statistics 1.5.0 Unauthenticated.SQL.Injection HIGH" "bws-latest-posts 0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "brands-for-woocommerce 3.8.2.3 Missing.Authorization.to.Unauthenticated.Order.Manipulation.and.Information.Retrieval MEDIUM" "brands-for-woocommerce 3.8.2.3 Cross-Site.Request.Forgery MEDIUM" "brands-for-woocommerce 3.8.2 Contributor+.Stored.XSS MEDIUM" "boot-modal 1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulkpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "best-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "booking-calendar-pro-payment 21.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "business-manager 1.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "bubble-menu 4.0.3 Cross-Site.Request.Forgery MEDIUM" "bubble-menu 3.0.5 Admin+.Stored.XSS LOW" "bubble-menu 3.0.4 Reflected.XSS MEDIUM" "bubble-menu 3.0.2 Circle.Floating.Menu.<.3.0.2.-.Form.Deletion.via.CSRF MEDIUM" "bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "builderall-cheetah-for-wp 2.0.2 Unauthenticated.Server-Side.Request.Forgery HIGH" "bbp-style-pack 5.6.8 Contributor+.Stored.XSS MEDIUM" "bbp-style-pack 5.5.6 Reflected.XSS HIGH" "bilingual-linker 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blogger-image-import No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bulk-editor 1.0.8.6 Authenticated.(Editor+).Path.Traversal LOW" "bulk-editor 1.0.8.4 Authenticated.(Editor+).CSV.Path.Traversal LOW" "bulk-editor 1.0.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bulk-editor 1.0.8.2 Cross-Site.Request.Forgery MEDIUM" "bulk-editor 1.0.8.2 Missing.Authorization MEDIUM" "bulk-editor 1.0.8.1 Unauthenticated.Stored.Cross-Site.Scripting.via.profile_title MEDIUM" "bulk-editor 1.0.7.2 Admin+.Stored.XSS LOW" "bulk-editor 1.0.7.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7.1 Profile.Creation.via.CSRF MEDIUM" "bulk-editor 1.0.7 Subscriber+.Stored.XSS HIGH" "brute-force-login-protection No.known.fix Arbitrary.IP.Removal/Add.via.CSRF MEDIUM" "botnet-attack-blocker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "bloglentor-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog-in-blog No.known.fix Editor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "blog-in-blog No.known.fix Editor+.Local.File.Inclusion.via.Shortcode HIGH" "badr-naver-syndication No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "book-press No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "book-press No.known.fix Missing.Authorization MEDIUM" "book-press 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "book-press 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bdthemes-element-pack 7.9.1 Addon.for.Elementor.Page.Builder.WordPress.Plugin.<.7.9.1.-.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Wrapper.Link.URL MEDIUM" "bdthemes-element-pack 7.19.3 Contributor+.Arbitrary.File.Read.and.PHAR.Deserialization CRITICAL" "bold-pagos-en-linea 3.1.5 Reflected.Cross-Site.Scripting HIGH" "bravo-translate No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "bunnycdn 2.0.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bws-featured-posts 1.0.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "button-block 1.1.6 Missing.Authorization MEDIUM" "button-block 1.2.0 Contributor+.Stored.XSS MEDIUM" "button-block 1.1.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "button-block 1.1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "brickscore No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bp-activity-social-share 3.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "buooy-sticky-header No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbpowerpack 2.37.4 Reflected.Cross-Site.Scripting MEDIUM" "bbpowerpack 2.33.1 Contributor+.Privilege.Escalation HIGH" "bp-activity-plus-reloaded 1.1.2 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "better-search-replace 1.4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "better-search-replace 1.4.1 Admin+.SQLi MEDIUM" "buddydrive 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-plus-for-woocommerce 7.1.2 Missing.Authorization.to.Arbitrary.Page/Post.Deletion MEDIUM" "booster-plus-for-woocommerce 7.1.3 Missing.Authorization.to.Arbitrary.Options.Disclosure MEDIUM" "booster-plus-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-plus-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-plus-for-woocommerce 5.6.6 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-plus-for-woocommerce 5.6.5 Checkout.Files.Deletion.via.CSRF LOW" "booster-plus-for-woocommerce 5.6.5 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-plus-for-woocommerce 5.6.1 Subscriber+.Order.Status.Update MEDIUM" "badgearoo No.known.fix Admin+.Stored.XSS LOW" "badgearoo No.known.fix Reflected.XSS HIGH" "better-captcha-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-captcha-gravity-forms 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-attach-posts-to-groups-extension 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "block-specific-plugin-updates 3.3.2 Arbitrary.Plugin.Update.Blocking.via.CSRF MEDIUM" "blobinator 2.3 Unauthorised.AJAX.call.via.CSRF MEDIUM" "bp-email-assign-templates No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bp-email-assign-templates 1.6 Reflected.XSS HIGH" "broken-link-checker 2.4.2 Admin+.SSRF MEDIUM" "broken-link-checker 2.4.1 Reflected.XSS HIGH" "broken-link-checker 2.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "broken-link-checker 1.11.20 Admin+.Cross-Site.Scripting LOW" "broken-link-checker 1.11.17 Admin+.PHAR.Deserialization MEDIUM" "broken-link-checker 1.11.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "broken-link-checker 1.10.9 Unauthenticated.Stored.XSS MEDIUM" "broadstreet 1.51.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.zone.Parameter MEDIUM" "bulk-datetime-change 1.12 Missing.Authorisation MEDIUM" "bwd-elementor-addons 4.3.19 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bin-stripe-donation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-controller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-greeting-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "borderless No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "borderless No.known.fix Authenticated.(Administrator+).Remote.Code.Execution HIGH" "borderless No.known.fix Missing.Authorization.to.Icon.Font.Deletion MEDIUM" "borderless 1.5.9 Editor+.Stored.XSS MEDIUM" "borderless 1.5.4 Widgets,.Elements,.Templates.and.Toolkit.for.Elementor.&.Gutenberg.<.1.5.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "borderless 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "borderless 1.4.9 Admin+.Stored.XSS LOW" "booking-calendar-contact-form 1.2.56 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "booking-calendar-contact-form 1.2.41 Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "booking-calendar-contact-form 1.0.24 XSS.&.SQL.Injection CRITICAL" "booking-calendar-contact-form 1.0.3 Multiple.Authenticated.Vulnerabilities MEDIUM" "bmi-bmr-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-user-shortcodes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booster-elite-for-woocommerce 7.1.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "booster-elite-for-woocommerce 7.1.2 .Missing.Authorization.to.Order.Information.Disclosure MEDIUM" "booster-elite-for-woocommerce 7.1.3 Subscriber+.Content.Injection MEDIUM" "booster-elite-for-woocommerce 6.0.1 Multiple.CSRF MEDIUM" "booster-elite-for-woocommerce 6.0.0 Reflected.Cross-Site.Scripting HIGH" "booster-elite-for-woocommerce 1.1.8 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "booster-elite-for-woocommerce 1.1.7 Checkout.Files.Deletion.via.CSRF LOW" "booster-elite-for-woocommerce 1.1.7 ShopManager+.Arbitrary.File.Download MEDIUM" "booster-elite-for-woocommerce 1.1.3 Subscriber+.Order.Status.Update MEDIUM" "baw-post-views-count No.known.fix Contributor+.Stored.XSS.in.Shortcode MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting.via.biteship_error.and.biteship_message MEDIUM" "biteship 2.2.28 Shop.manager+.Stored.XSS MEDIUM" "biteship 2.2.25 Reflected.Cross-Site.Scripting HIGH" "bard-extra 1.2.8 Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "ban-users No.known.fix Subscriber+.Settings.Update.&.Privilege.Escalation.via.Missing.Authorization HIGH" "bodi0s-easy-cache 0.9 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "buzzsprout-podcasting 1.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bs-shortcode-ultimate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "better-wp-login-page No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bulk-content-creator No.known.fix Cross-Site.Request.Forgery MEDIUM" "blockington No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-user-profile-reviews 2.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bukza 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddypress-global-search No.known.fix Admin+.Stored.XSS LOW" "bne-gallery-extended 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.gallery.Shortcode MEDIUM" "breadcrumb-simple No.known.fix Admin+.Stored.XSS LOW" "bannerman No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "buddyforms-hook-fields 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "blue-admin No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "buddyforms-hierarchical-posts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "block-editor-bootstrap-blocks 6.6.2 Reflected.Cross-Site.Scripting.via.tab MEDIUM" "bitly-linker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-appointment-online 1.39 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "buffer-my-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buffer-my-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booking-ultra-pro 1.1.20 Reflected.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Updates MEDIUM" "booking-ultra-pro 1.1.14 Unauthenticated.Local.File.Inclusion CRITICAL" "booking-ultra-pro 1.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-ultra-pro 1.1.13 Authenticated.(Contributor+).Privilege.Escalation HIGH" "booking-ultra-pro 1.1.7 Cross-Site.Request.Forgery MEDIUM" "booking-ultra-pro 1.1.7 Subscriber+.Settings.Update MEDIUM" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.9 Reflected.XSS HIGH" "booking-ultra-pro 1.1.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "booking-ultra-pro 1.1.7 Multiple.CSRF MEDIUM" "banner-cycler No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "bulk-add-to-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "buddyforms 2.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'buddyforms_nav'.Shortcode MEDIUM" "buddyforms 2.8.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.13 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.12 Authenticated.(Contributor+).Privilege.Escalation HIGH" "buddyforms 2.8.10 Email.Verification.Bypass.due.to.Insufficient.Randomness MEDIUM" "buddyforms 2.8.9 Unauthenticated.Arbitrary.File.Read.and.Server-Side.Request.Forgery CRITICAL" "buddyforms 2.8.6 Reflected.Cross-Site.Scripting.via.page MEDIUM" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Deletion HIGH" "buddyforms 2.8.8 Missing.Authorization MEDIUM" "buddyforms 2.8.8 Missing.Authorization.to.Unauthenticated.Media.Upload HIGH" "buddyforms 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "buddyforms 2.8.2 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.7.8 Unauthenticated.PHAR.Deserialization HIGH" "buddyforms 2.7.6 Contributor+.Stored.XSS MEDIUM" "buddyforms 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms 2.3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "buddyforms 2.2.8 SQL.Injection CRITICAL" "bible-embed No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "business-hours-indicator 2.3.5 Admin+.Stored.Cross-Site.Scripting LOW" "bulk-image-resizer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Options.Update MEDIUM" "bc-menu-cart-woo No.known.fix Cross-Site.Request.Forgery MEDIUM" "bulk-edit-events 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-events 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booking-manager 2.1.6 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "booking-manager 2.0.29 Subscriber+.SSRF MEDIUM" "baslider No.known.fix Multiple.CSRF MEDIUM" "baslider No.known.fix Arbitrary.Slide.Deletion.via.CSRF MEDIUM" "baslider No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "buddypress-giphy 1.5.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bsi-hotel-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "bulk-image-title-attribute 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-toolkit 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "bp-toolkit 3.3.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttonizer-multifunctional-button 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "buttonizer-multifunctional-button 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buttonizer-multifunctional-button 2.5.5 Smart.Floating.Action.Button.<.2.5.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "broken-link-checker-for-youtube No.known.fix Cross-Site.Request.Forgery.via.plugin_settings_page() MEDIUM" "bp-job-manager 2.6.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bulk-edit-user-profiles-in-spreadsheet 1.5.25 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-user-profiles-in-spreadsheet 1.5.14 Admin+.Stored.Cross-Site.Scripting LOW" "bulk-edit-user-profiles-in-spreadsheet 1.5.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bigcommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "becustom 1.0.5.3 Settings.Update.via.CSRF MEDIUM" "buttons-shortcode-and-widget No.known.fix Stored.XSS.via.shortcode MEDIUM" "buttons-shortcode-and-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.7.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Unauthenticated.Information.Exposure MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.5 Authenticated.(Subscriber+).SQL.Injection HIGH" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Unauthenticated.Privilege.Escalation CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Missing.Authorization MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.Arbitrary.File.Upload.via.uploadFile CRITICAL" "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.5.2 Unauthenticated.SQL.Injection.via.userToken CRITICAL" "builder-shortcode-extras No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "bloom 1.1.1 Privilege.Escalation HIGH" "buddypress-docs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddypress-docs 1.9.3 Authenticated.Lack.of.Authorisation MEDIUM" "broken-link-finder 2.5.1 Authenticated.(Author+).Blind.Server-Side.Request.Forgery MEDIUM" "broken-link-finder 2.5.0 Missing.Authorization.via.moblc_auth_save_settings MEDIUM" "bigbuy-wc-dropshipping-connector No.known.fix Unauthenticated.Full.Path.Disclosute MEDIUM" "block-referer-spam 1.1.9.5 Admin+.Stored.XSS LOW" "be-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booknetic 4.1.5 Staff.Creation.via.CSRF HIGH" "booknetic No.known.fix Cross-Site.Request.Forgery MEDIUM" "black-widgets 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "black-widgets 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bank-mellat 2.0.1 Reflected.Cross-Site.Scripting HIGH" "bcs-bertline-book-importer 1.5.8 Unauthenticated.Product.Import HIGH" "bizlibrary No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bizlibrary No.known.fix Admin+.Stored.XSS LOW" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "border-loading-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "buddypress-profile-pro 2.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bulk-block-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-easypin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyforms-easypin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "buddyforms-easypin No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "banner-management-for-woocommerce 2.4.3 Shop.Banner.Settings.Update.via.CSRF MEDIUM" "banner-management-for-woocommerce 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "banner-management-for-woocommerce 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "banner-management-for-woocommerce 1.1.1 Unauthenticated.Settings.Change MEDIUM" "bbp-toolkit No.known.fix Cross-Site.Request.Forgery MEDIUM" "bbp-toolkit No.known.fix Reflected.XSS HIGH" "birthdays-widget No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "buddyforms-woocommerce-form-elements 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "better-follow-button-for-jetpack No.known.fix Admin+.Stored.XSS LOW" "blog-designer-pack 3.4.2 Unauthenticated.Remote.Code.Execution.via.Local.File.Inclusion HIGH" "blog-designer-pack 3.4.1 Reflected.Cross-Site.Scripting MEDIUM" "blog-designer-pack 3.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "blog-designer-pack 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bellows-accordion-menu 1.4.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "brutebank 1.9 WP.Security.&.Firewall.<.1.9.-.Settings.Update.via.CSRF MEDIUM" "bit-assist 1.5.3 Subscriber+.Arbitrary.File.Read.via.fileID.Parameter MEDIUM" "bit-assist 1.5.3 Authenticated.(Subscriber+).SQL.Injection.via.id.Parameter MEDIUM" "bit-assist 1.5.3 Admin+.Arbitrary.File.Read MEDIUM" "bit-assist 1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bit-assist 1.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "backup 2.0.9.9 Directory.Listing.Exposing.Backups HIGH" "backup 1.6.9.1 Admin+.Stored.XSS LOW" "backup 1.6.0 Authenticated.Arbitrary.File.Upload CRITICAL" "backup 1.4.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "backup 1.4.1 Subscriber+.Arbitrary.Backup.Location.Update MEDIUM" "backup 1.4.0 Arbitrary.File.Upload.via.CSRF HIGH" "backup 1.1.47 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "backup 1.0.3 Authenticated.Arbitrary.File.Upload CRITICAL" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 3.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blockspare 2.6.5 Reflected.Cross-Site.Scripting MEDIUM" "blockspare 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bverse-convert No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "benchmark-email-lite 4.2 Cross-Site.Request.Forgery.via.page_settings() MEDIUM" "blog-sidebar-widget 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blog-sidebar-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "boldgrid-easy-seo 1.6.15 Information.Exposure MEDIUM" "boldgrid-easy-seo 1.6.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Meta.Description MEDIUM" "beaf-before-and-after-gallery 4.5.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "better-search-tmc No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "business-profile 2.1.7 Subscriber+.Page.Creation.&.Settings.Update.to.Stored.XSS MEDIUM" "backup-bolt 1.4.0 Sensitive.Data.Exposure MEDIUM" "backup-bolt 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "browsing-history No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-user-to-do-list 3.0.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "bulk-me-now No.known.fix Reflected.XSS HIGH" "bulk-me-now No.known.fix Message.Deletion.via.CSRF MEDIUM" "bulk-me-now No.known.fix Stored.XSS.via.Shortcode HIGH" "booking-system-trafft 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization.via.bulkUpdatePostTitles MEDIUM" "bulk-edit-post-titles No.known.fix Missing.Authorization MEDIUM" "blog-posts-and-category-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blog-posts-and-category-for-elementor 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.and.Category.Filter.Widget MEDIUM" "book-a-place No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "backup-scheduler No.known.fix Cross-Site.Request.Forgery MEDIUM" "bookster 1.2.0 Unauthenticated.Appointment.Status.Update MEDIUM" "back-link-tracker No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection HIGH" "bu-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "background-takeover 4.1.5 Directory.Traversal HIGH" "bstone-demo-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "block-options 1.40.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "block-options 1.40.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "block-options 1.17 Reflected.Cross-Site.Scripting MEDIUM" "block-options 1.31.6 Contributor+.Arbitrary.PHP.Code.Execution CRITICAL" "bb-ultimate-addon 1.35.14 Contributor+.Arbitrary.File.Download MEDIUM" "bb-ultimate-addon 1.35.15 Contributor+.Privilege.Escalation HIGH" "backup-by-supsystic No.known.fix Authenticated.Arbitrary.File.Download.and.Deletion CRITICAL" "bing-site-verification-using-meta-tag No.known.fix Admin+.Stored.XSS LOW" "biagiotti-membership 1.1 Authentication.Bypass.via.biagiotti_membership_check_facebook_user CRITICAL" "better-messages-wc-vendors-integration 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "builder-style-manager 0.7.7 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "bannerlid No.known.fix Reflected.XSS HIGH" "bbp-voting 2.1.11.1 Admin+.Stored.XSS LOW" "button-generation 3.1.2 Cross-Site.Request.Forgery MEDIUM" "button-generation 3.0 Button.Deletion.via.CSRF MEDIUM" "button-generation 2.3.9 Button.Counter.Reset.via.CSRF MEDIUM" "button-generation 2.3.9 Unauthenticated.Button.Counter.Reset MEDIUM" "button-generation 2.3.6 Cross-Site.Request.Forgery MEDIUM" "button-generation 2.3.5 Reflected.XSS MEDIUM" "button-generation 2.3.4 easily.Button.Builder.<.2.3.4.-.Admin+.Stored.XSS LOW" "button-generation 2.3.3 RFI.leading.to.RCE.via.CSRF HIGH" "badgeos No.known.fix Missing.Authorization MEDIUM" "badgeos No.known.fix Subscriber+.IDOR MEDIUM" "badgeos No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "badgeos No.known.fix Missing.Authorization.in.delete_badgeos_log_entries MEDIUM" "badgeos No.known.fix CSRF MEDIUM" "badgeos 3.7.1.3 Subscriber+.SQLi HIGH" "badgeos 3.7.1 Unauthenticated.SQLi HIGH" "booster-extension No.known.fix Basic.Information.Exposure.via.booster_extension_authorbox_shortcode_display MEDIUM" "buddyforms-members 1.4.12 Reflected.Cross-Site.Scripting MEDIUM" "bmlt-meeting-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bmlt-meeting-map 2.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "basic-interactive-world-map 2.7 Admin+.Stored.XSS LOW" "barclaycart No.known.fix Unauthenticated.Shell.Upload CRITICAL" "bulk-image-alt-text-with-yoast 1.4.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bitpay-checkout-for-woocommerce 5.0.0 Missing.Authorization MEDIUM" "banner-system No.known.fix Missing.Authorization MEDIUM" "banner-system No.known.fix Privilege.Escalation HIGH" "banner-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blossom-recipe-maker 1.0.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bitcoin-faucet No.known.fix Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "bdthemes-prime-slider-lite 3.16.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.15.19 Addons.For.Elementor.(Revolution.of.a.slider,.Hero.Slider,.Ecommerce.Slider.<.3.15.19.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Blog.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pacific.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.2 Contributor+.Stored.XSS.via.Pagepiling.Widget MEDIUM" "bdthemes-prime-slider-lite 3.14.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.14.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Rubix.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.3 Contributor+.Stored.Cross-Site.Scripting.via.Mercury.Widget MEDIUM" "bdthemes-prime-slider-lite 3.13.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fiestar.Widget MEDIUM" "bdthemes-prime-slider-lite 3.11.11 Incorrect.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-prime-slider-lite 3.8.3 Reflected.Cross-Site.Scripting MEDIUM" "bdthemes-prime-slider-lite 2.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "backuply 1.3.5 Authenticated.(Admin+).SQL.Injection CRITICAL" "backuply 1.2.8 Admin+.Directory.Traversal MEDIUM" "backuply 1.2.6 Backup,.Restore,.Migrate.and.Clone.<.1.2.6.-..Unauthenticated.Denial.of.Service HIGH" "backuply 1.2.4 Admin+.Directory.Traversal MEDIUM" "buk-appointments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 4.0 SQLi.via.CSRF MEDIUM" "bsk-gravityforms-blacklist 3.9 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "bsk-gravityforms-blacklist 3.7 Admin+.Stored.Cross-Site.Scripting LOW" "best-css-compiler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bmi-adultkid-calculator 1.2.2 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "block-styler-for-gravity-forms 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "block-styler-for-gravity-forms 6.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-check-in 1.9.4 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "background-animation-blocks No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "blocksy-companion 2.0.43 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blocksy-companion 2.0.46 Contributor+.Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "blocksy-companion 2.0.29 Cross-Site.Request.Forgery MEDIUM" "blocksy-companion 2.0.32 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.47 Reflected.Cross-Site.Scripting MEDIUM" "blocksy-companion 1.8.82 Subscriber+.Draft.Post.Access MEDIUM" "blocksy-companion 1.8.68 Contributor+.Stored.XSS MEDIUM" "blocksy-companion 1.8.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "background-control No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "bootstrap-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "b-slider 1.1.24 Gutenberg.Slider.Block.for.WP.<.1.1.24.-.Authenticated.(Contributor+).Private.Post.Disclosure.via.bsb-slider.Shortcode MEDIUM" "b-slider 1.1.13 Slider.for.your.block.editor.<.1.1.13.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "booking-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "bsuite No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "bus-booking-manager 4.2.3 Administrator+.Stored.XSS LOW" "backend-designer 1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "bulk-edit-posts-on-frontend 2.4.27 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-posts-on-frontend 2.4.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ba-book-everything 1.6.21 Reflected.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.21 Cross-Site.Request.Forgery.to.Email.Address.Update/Account.Takeover HIGH" "ba-book-everything 1.6.21 Unauthenticated.Arbitrary.User.Password.Reset MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ba-book-everything 1.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ba-book-everything 1.6.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "ba-book-everything 1.3.25 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "blue-wrench-videos-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blossomthemes-email-newsletter 2.2.7 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "blossomthemes-email-newsletter 2.2.5 Missing.Authorization MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "before-and-after-product-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "build-private-store-for-woocommerce 1.1 Missing.Authorization MEDIUM" "build-private-store-for-woocommerce 1.1 Cross-Site.Request.Forgery MEDIUM" "bricksable 1.6.60 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "backup-and-restore-for-wp No.known.fix Admin+.Arbitrary.File.Deletion MEDIUM" "buddyboss-media No.known.fix Stored.XSS MEDIUM" "buddyforms-anonymous-author 1.1 Reflected.Cross-Site.Scripting MEDIUM" "better-author-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "buying-buddy-idx-crm No.known.fix PHP.Object.Injection.via.CSRF HIGH" "backup-backup 1.4.6.1 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialize_replace' HIGH" "backup-backup 1.4.4 Information.Exposure.via.Log.Files MEDIUM" "backup-backup 1.4.0 1.3.9.-.Remote.File.Inclusion.via.content-dir HIGH" "backup-backup 1.4.0 Unauthenticated.Path.Traversal.to.Arbitrary.File.Deletion HIGH" "backup-backup 1.4.0 Authenticated.(Admin+).OS.Command.Injection.via.url MEDIUM" "backup-backup 1.3.8 Unauthenticated.RCE CRITICAL" "backup-backup 1.3.6 Sensitive.Data.Exposure HIGH" "backup-backup 1.3.7 Unauthenticated.Arbitrary.File.Download.to.Sensitive.Information.Exposure HIGH" "backup-backup 1.3.0 Cross-Site.Request.Forgery MEDIUM" "backup-backup 1.2.8 Subscriber+.Plugin.Installation MEDIUM" "backup-backup 1.2.8 Plugin.Installation.via.CSRF MEDIUM" "backup-backup 1.1.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "better-search 3.3.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "better-search 2.5.3 Cross-Site.Request.Forgery MEDIUM" "better-search 2.5.3 CSRF.Nonce.Bypass.in.Import/Export MEDIUM" "better-search 2.2.3 Unauthenticated.SQL.Injection CRITICAL" "better-search 1.3.5 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "better-search 1.3 admin.inc.php.Setting.Manipulation.CSRF MEDIUM" "better-font-awesome 2.0.4 Contributor+.Stored.XSS MEDIUM" "better-font-awesome 2.0.2 Settings.Update.via.CSRF MEDIUM" "booking-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-for-woocommerce 4.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbp-core 1.2.6 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "blogmentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagination_style.Parameter MEDIUM" "better-protected-pages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "better-wlm-api 1.1.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "bible-text No.known.fix Contributor+.Stored.XSS MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Deletion MEDIUM" "bricksforge 2.1.1 Missing.Authorization.to.Unauthenticated.WordPress.Settings.Update MEDIUM" "bzscore-live-score 1.6.0 Contributor+.Stored.XSS MEDIUM" "bpcustomerio No.known.fix Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "buddypress-sticky-post 1.9.9 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "boat-rental-system No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-profile-shortcodes-extra No.known.fix Authenticated.(Contributor+).SQL.Injection.via.tab.Parameter MEDIUM" "bp-profile-shortcodes-extra 2.5.3 Contributor+.Stored.XSS MEDIUM" "b2bking 4.6.20 Subscriber+.Arbitrary.Products.Price.Update MEDIUM" "blogpost-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bestbooks No.known.fix Unauthenticated.SQLi HIGH" "button 1.1.28 Contributor+.PHP.Object.Injection.in.button_shortcode MEDIUM" "button 1.1.24 Admin+.Stored.XSS LOW" "book-buyback-prices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "book-buyback-prices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "business No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "backupwordpress 3.14 Admin+.Directory.Traversal LOW" "backupwordpress 3.13 Subscriber+.Backup.Disclosure MEDIUM" "beaver-themer 1.4.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "beaver-themer 1.4.9.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.shortcode MEDIUM" "buddypress-check-ins-pro 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "blu-logistics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "booking-activities 1.15.20 Reflected.Cross-Site.Scripting MEDIUM" "blocks No.known.fix Admin+.Stored.XSS LOW" "brizy-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bulk-change No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "back-to-the-top-button 2.1.7 Admin+.Stored.XSS LOW" "bp-create-group-type No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "best-restaurant-menu-by-pricelisto 1.4.3 Missing.Authorization MEDIUM" "best-restaurant-menu-by-pricelisto 1.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "best-restaurant-menu-by-pricelisto 1.4.0 Settings.Update.via.CSRF MEDIUM" "beautiful-taxonomy-filters No.known.fix Unauthenticated.SQL.Injection HIGH" "bc-woo-custom-thank-you-pages 1.4.14 Missing.Authorization MEDIUM" "boombox-theme-extensions 1.8.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "basticom-framework 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "brozzme-scroll-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bonus-for-woo 5.8.3 Reflected.Cross-Site.Scripting HIGH" "blockypage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blockypage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "booking-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "booking-system No.known.fix Missing.Authorization MEDIUM" "booking-system 2.9.9.5.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "booking-system No.known.fix Stored.XSS.via.CSRF HIGH" "booking-system 2.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "booking-system 2.9.9.4.8 Admin+.Stored.XSS LOW" "booking-system 2.9.9.4.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "booking-system 2.9.9.2.9 Admin+.Stored.XSS LOW" "booking-system 2.9.9.2.9 Subscriber+.SQLi HIGH" "booking-system 2.1 Authenticated.Blind.SQL.Injection HIGH" "bulk-page-creator 1.1.4 Arbitrary.Page.Creation.via.CSRF MEDIUM" "better-click-to-tweet 5.10.4 Settings.Update.via.CSRF MEDIUM" "bookingcom-banner-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookingcom-banner-creator 1.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "bdthemes-element-pack-lite 5.10.15 Addons.for.Elementor.<.5.10.15.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.13 Missing.Authorization MEDIUM" "bdthemes-element-pack-lite 5.10.6 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Lightbox.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+.Stored.Cross-Site.Scripting.via.Open.Map.Widget MEDIUM" "bdthemes-element-pack-lite 5.10.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "bdthemes-element-pack-lite 5.10.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Gallery.and.Countdown.Widgets MEDIUM" "bdthemes-element-pack-lite 5.7.7 Contributor+.Stored.XSS.via.title_tag MEDIUM" "bdthemes-element-pack-lite 5.7.3 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bdthemes-element-pack-lite 5.6.12 Contributor+.Stored.XSS.via.onclick.events MEDIUM" "bdthemes-element-pack-lite 5.6.4 Form.Submission.Admin.Email.Bypass MEDIUM" "bdthemes-element-pack-lite 5.6.2 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Panel.Slider.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.1 Contributor+.Stored.XSS.via.Price.List.Widget MEDIUM" "bdthemes-element-pack-lite 5.6.0 Sensitive.Information.Exposure.via..element_pack_ajax_search MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS.via.Trailer.Box.Widget MEDIUM" "bdthemes-element-pack-lite 5.3.3 Contributor+.Stored.XSS.via.Custom.Gallery.Widget MEDIUM" "bdthemes-element-pack-lite 5.5.4 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bdthemes-element-pack-lite 5.5.4 Contributor+.Stored.XSS MEDIUM" "bdthemes-element-pack-lite 5.4.12 Missing.Authorization.via.bdt_duplicate_as_draft MEDIUM" "bdthemes-element-pack-lite 5.2.1 Reflected.Cross-Site.Scripting MEDIUM" "business-card-by-esterox-100 No.known.fix Admin+.File.Upload MEDIUM" "business-card-by-esterox-100 No.known.fix Card.Edit.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Arbitrary.Card.Deletion.via.CSRF MEDIUM" "business-card-by-esterox-100 No.known.fix Category.Edit.via.CSRF MEDIUM" "basepress 2.16.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Database.Update MEDIUM" "basepress 2.16.2.1 Missing.Authorization MEDIUM" "basepress 2.16.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "basepress 2.15.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "build-app-online No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "build-app-online No.known.fix Cross-Site.Request.Forgery MEDIUM" "build-app-online 1.0.21 Subscriber+.Privilege.Escalation HIGH" "build-app-online 1.0.22 Unauthenticated.Account.Takeover.via.Weak.Password.Reset.Mechanism CRITICAL" "build-app-online 1.0.19 Unauthenticated.SQL.Injection HIGH" "bus-ticket-booking-with-seat-reservation 5.4.4 Cross-Site.Request.Forgery MEDIUM" "bus-ticket-booking-with-seat-reservation 5.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bus-ticket-booking-with-seat-reservation 5.2.6 Unauthenticated.Cross-Site.Scripting HIGH" "bus-ticket-booking-with-seat-reservation 5.2.4 Reflected.XSS HIGH" "buddyvendor 1.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "brizy 2.6.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "brizy 2.6.5 Authenticated.(Contributor+).Arbitrary.File.Upload.via.storeUploads CRITICAL" "brizy 2.5.2 Cross-Site.Request.Forgery MEDIUM" "brizy 2.4.45 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.45 Missing.Authorization.to.Authenticated.(Contributor+).Post.Modification HIGH" "brizy 2.4.44 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Form.Functionality MEDIUM" "brizy 2.4.44 Unauthenticated.Stored.Cross-Site.Scripting.via.Form HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.Widget.Link.To.URL HIGH" "brizy 2.4.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "brizy 2.4.44 Missing.Authorization MEDIUM" "brizy 2.4.42 Authenticated(Contributor+).Stored.Cross-Site.Scripting HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "brizy 2.4.41 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "brizy 2.4.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brizy 2.4.30 Contributor+.Stored.XSS MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.Content MEDIUM" "brizy 2.4.2 Contributor+.Stored.Cross-Site.Scripting.via.Element.URL MEDIUM" "brizy 2.3.12 Authenticated.File.Upload.and.Path.Traversal HIGH" "brizy 2.3.12 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "brizy 2.3.12 2.3.11.-.Incorrect.Authorization.to.Post.Modification HIGH" "brizy 1.0.126 Page.Builder.<.1.0.126.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "bp-cover No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "bp-better-messages 2.7.0 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "bp-better-messages 2.7.5 Unauthenticated.Limited.Server-Side.Request.Forgery.in.nice_links MEDIUM" "bp-better-messages 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "bp-better-messages 2.4.33 Missing.Authorization MEDIUM" "bp-better-messages 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "bp-better-messages 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "bp-better-messages 1.9.10.71 Subscriber+.Messaging.Block.Bypass MEDIUM" "bp-better-messages 1.9.10.69 Subscriber+.SSRF MEDIUM" "bp-better-messages 1.9.10.58 Subscriber+.Denial.Of.Service MEDIUM" "bp-better-messages 1.9.9.170 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bp-better-messages 1.9.9.149 File.Upload.via.CSRF LOW" "bp-better-messages 1.9.9.149 Cross-Site.Request.Forgery MEDIUM" "bp-better-messages 1.9.9.41 Multiple.CSRF MEDIUM" "bp-better-messages 1.9.9.41 Reflected.Cross-Site.Scripting HIGH" "bsd-woo-stripe-connect-split-pay 3.2.10 Reflected.Cross-Site.Scripting MEDIUM" "bsd-woo-stripe-connect-split-pay 3.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bg-patriarchia-bu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "betterdocs 3.5.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "betterdocs 3.3.4 Unauthenticated.PHP.Object.Injection CRITICAL" "betterdocs 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betterdocs 2.5.3 Missing.Authorization.via.AJAX.actions MEDIUM" "betterdocs 1.9.0 Reflected.Cross-Site.Scripting HIGH" "betterdocs 1.9.2 Reflected.Cross-Site.Scripting HIGH" "buddybadges No.known.fix Admin+.SQLi MEDIUM" "bbpress 2.6.12 Cross-Site.Request.Forgery.to.Limited.Privilege.Escalation MEDIUM" "bbpress 2.6.5 Unauthenticated.Privilege.Escalation.when.New.User.Registration.enabled CRITICAL" "bbpress 2.6.5 Authenticated.Stored.Cross-Site.Scripting.via.the.forums.list.table MEDIUM" "bbpress 2.6.5 Authenticated.Privilege.Escalation.via.the.Super.Moderator.feature HIGH" "bbpress 2.6.0 Subscriber+.Stored.Cross-Site.Scripting.via.Post.Slug MEDIUM" "babelz No.known.fix CSRF.to.Stored.XSS HIGH" "biltorvet-dealer-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookalet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brave-popup-builder 0.7.1 Cross-Site.Request.Forgery MEDIUM" "brave-popup-builder 0.7.0 Admin+.Stored.XSS LOW" "brave-popup-builder 0.6.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "brave-popup-builder 0.6.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "baidu-tongji-generator No.known.fix Admin+.Stored.XSS LOW" "blog-summary No.known.fix Contributor+.Stored.XSS MEDIUM" "bmlt-tabbed-map 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bp-activity-filter 2.8.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "blockons 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "booqable-rental-reservations 2.4.16 Admin+.Stored.XSS LOW" "buddypress 14.2.1 Authenticated.(Subscriber+).Directory.Traversal HIGH" "buddypress 12.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 12.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "buddypress 11.3.2 Contributor+.Stored.XSS MEDIUM" "buddypress 9.1.1 Activation.Key.Disclosure MEDIUM" "buddypress 9.1.1 SQL.Injections HIGH" "buddypress 7.3.0 Multiple.Authenticated.REST.API.Vulnerabilities MEDIUM" "buddypress 7.2.1 .Force.a.Friendship MEDIUM" "buddypress 7.2.1 Manage.BuddyPress.Member.Types MEDIUM" "buddypress 7.2.1 REST.API.Privilege.Escalation HIGH" "buddypress 7.2.1 Read.Private.Messages MEDIUM" "buddypress 7.2.1 Invite.Member.to.Join.Group MEDIUM" "buddypress 6.4.0 Lack.of.Capability.Check.on.Profile.Page MEDIUM" "buddypress 5.1.2 Private.Data.Exposure.via.REST.API HIGH" "buddypress 5.1.1 Denial.of.Service MEDIUM" "bbresolutions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bbresolutions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bft-autoresponder 2.7.2.4 Cross-Site.Request.Forgery MEDIUM" "bft-autoresponder 2.7.2.3 CSRF MEDIUM" "bft-autoresponder 2.7.1.1 Unauthenticated.Stored.XSS HIGH" "bft-autoresponder 2.7.1.1 Admin+.Stored.XSS LOW" "bft-autoresponder 2.1.7.2 Contributor+.Stored.XSS MEDIUM" "bft-autoresponder 2.1.7.2 Admin+.Stored.XSS LOW" "bft-autoresponder 2.5.2 Authenticated.Blind.SQL.Injection.&.Multiple.XSS HIGH" "bitcoin-lightning-publisher 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "back-in-stock-notifier-for-woocommerce 5.3.2 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "bigmart-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brand-my-footer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocks-product-editor-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "bricksbuilder 1.9.9 Insecure.Direct.Object.Reference MEDIUM" "bws-smtp 1.2.0 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "bws-smtp 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "bp-profile-search 5.8 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "bp-profile-search 5.6 Reflected.Cross-Site.Scripting.via.BPS_FORM MEDIUM" "bigbluebutton No.known.fix Reflected.XSS HIGH" "bigbluebutton 2.2.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "bp-wc-vendors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bp-wc-vendors No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bbpress-notify-nospam 2.18.4 Reflected.Cross-Site.Scripting MEDIUM" "better-sharing 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "better-sharing 1.7.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "burst-pro 1.5.1 Unauthenticated.SQL.Injection HIGH" "boombox-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "business-profile-reviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "better-messages-wcfm-integration 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bookmarkify No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "buddymeet 2.3.0 Contributor+.Stored.XSS MEDIUM" "bitformpro No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update HIGH" "bitformpro No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "bitformpro No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "bitformpro No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "blocks-post-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bookly-responsive-appointment-booking-tool 23.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Color.Profile.Parameter MEDIUM" "bookly-responsive-appointment-booking-tool 22.5 Admin+.Stored.XSS LOW" "bookly-responsive-appointment-booking-tool 22.4 Admin+.SQLi MEDIUM" "bookly-responsive-appointment-booking-tool 21.8 Admin+.Stored.Cross-Site.Scripting.via.service.titles MEDIUM" "bookly-responsive-appointment-booking-tool 21.6 Unauthenticated.Stored.XSS HIGH" "bookly-responsive-appointment-booking-tool 20.3.1 Staff.Member.Stored.Cross-Site.Scripting MEDIUM" "bookly-responsive-appointment-booking-tool 14.5 Bookly.#1.WordPress.Booking.Plugin.(Lite).<.14,5.–.Unauthenticated.Blind.Stored.XSS MEDIUM" "blog2social 7.5.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "blog2social 7.4.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "blog2social 7.5.0 Information.Exposure MEDIUM" "blog2social 7.2.1 Reflected.XSS HIGH" "blog2social 6.9.12 Subscriber+.Settings.Update MEDIUM" "blog2social 6.9.10 Subscriber+.SQLi HIGH" "blog2social 6.9.10 Subscriber+.SSRF MEDIUM" "blog2social 6.8.7 Reflected.Cross-Site.Scripting HIGH" "blog2social 6.3.1 Authenticated.SQL.Injection CRITICAL" "blog2social 5.9.0 Cross-Site.Scripting.Issue MEDIUM" "blog2social 5.6.0 SQL.Injection CRITICAL" "blog2social 5.0.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "blog-manager-light No.known.fix Settings.Update.via.CSRF MEDIUM" "business-card-block 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bng-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bng-gateway-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bng-gateway-for-woocommerce No.known.fix CSRF.Bypass MEDIUM" "bulk-edit-categories-tags 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "bulk-edit-categories-tags 1.5.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bu-section-editing No.known.fix Reflected.XSS HIGH" "bu-section-editing No.known.fix Reflected.Cross-Site.Scripting.via.[placeholder] MEDIUM" "bcorp-shortcodes No.known.fix .Unauthenticated.PHP.Object.Injection CRITICAL" "boostify-header-footer-builder 1.3.7 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "boostify-header-footer-builder 1.3.6 Missing.Authorization.to.Page/Post.Creation MEDIUM" "boostify-header-footer-builder 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.size.Parameter MEDIUM" "buddyforms-review 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "bulk-comment-remove No.known.fix Cross-Site.Request.Forgery.via.brc_admin() MEDIUM" "byconsole-woo-order-delivery-time 2.5.2 Unauthenticated.Full.Path.Dsiclosure MEDIUM" "byconsole-woo-order-delivery-time 2.4.7 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "byconsole-woo-order-delivery-time 2.4.8 Reflected.XSS HIGH" "bootstrap-collapse No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "books-papers No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "breakdance 2.0.0 Missing.Authorization MEDIUM" "breakdance 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "breakdance 1.7.2 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "breakdance 1.7.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.custom.postmeta MEDIUM" "better-anchor-links No.known.fix Cross-Site.Request.Forgery.via.admin/options.php MEDIUM" "buddypress-members-only 3.4.9 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "bsk-contact-form-7-blacklist No.known.fix Reflected.Cross-Site.Scripting HIGH" "be-popia-compliant 1.1.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "bitcoin-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bulk-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blizzard-quotes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "bonjour-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "bws-google-analytics 1.7.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "branding No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "blogger-301-redirect No.known.fix Unauthenticated.SQL.Injection.via.br HIGH" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.16 Reflected.Cross-Site.Scripting MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 2.10 Reflected.Cross-Site.Scripting.via.tab,.order,.and.orderby MEDIUM" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.5 Reflected.XSS HIGH" "bulk-noindex-nofollow-toolkit-by-mad-fish 1.51 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.2 Missing.Authorization MEDIUM" "booking-and-rental-manager-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "booking-and-rental-manager-for-woocommerce 1.2.2 Admin+.Stored.XSS LOW" "bmi-calculator-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bug-library 2.1.5 Authenticated.(Contributor+).SQL.Injection MEDIUM" "bug-library 2.1.2 Admin+.Stored.XSS LOW" "bug-library 2.1.1 Unauthenticated.RCE CRITICAL" "bug-library 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "backupbuddy 8.8.3 Multiple.Reflected.Cross-Site.Scripting HIGH" "backupbuddy 8.7.5 Unauthenticated.Arbitrary.File.Access HIGH" "breaking-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comment-license 1.4.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "customify-sites No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "cookie-notice 2.4.18 Admin+.Stored.XSS LOW" "cookie-notice 2.4.7 Contributor+.Stored.XSS MEDIUM" "cookie-notice 2.4.7 Contributor+.XSS MEDIUM" "cookie-notice 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "cyan-backup 2.5.4 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "cyan-backup 2.5.3 Admin+.Stored.XSS.via.Remote.Storage.Settings LOW" "cyan-backup 2.5.3 Admin+.Stored.XSS.via.General.Settings LOW" "connatix-video-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customizer-export-import 0.9.7.1 Authenticated.(Admin+).Arbitrary.File.Upload.via.Customization.Settings.Import MEDIUM" "customizer-export-import 0.9.6 Admin+.PHP.Object.Injection LOW" "customizer-export-import 0.9.5 Admin+.PHP.Objection.Injection MEDIUM" "customizer-export-import 0.9.5 Admin+.PHP.Object.Injection MEDIUM" "cf7-telegram 0.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Subscription.Approve/Pause/Refuse MEDIUM" "contact-form-7-simple-recaptcha 0.1.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-simple-recaptcha 0.0.9 CSRF.to.Stored.XSS HIGH" "coupon-referral-program No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "coupon-referral-program No.known.fix Sensitive.Information.Disclosure MEDIUM" "cab-fare-calculator 1.1.7 Admin+.Stored.XSS LOW" "cab-fare-calculator 1.0.4 Unauthenticated.LFI MEDIUM" "coins-marketcap 5.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "captcha-code-authentication 3.0 Captcha.Bypass MEDIUM" "captcha-code-authentication 2.8 Settings.Update.via.CSRF MEDIUM" "code-explorer No.known.fix Authenticated.(Admin+).External.File.Reading MEDIUM" "custom-product-type-for-woocommerce 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "custom-product-type-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contentoptin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpa-offerwall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-antispam 0.6.1 Reflected.Cross-Site.Scripting MEDIUM" "chp-ads-block-detector 3.9.8 Plugin.Settings.Update.via.CSRF MEDIUM" "chp-ads-block-detector 3.9.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "chp-ads-block-detector 3.9.8 Subscriber+.Plugin.Settings.Update MEDIUM" "cashtomer No.known.fix Authenticated.SQL.Injection MEDIUM" "clipart No.known.fix Reflected.XSS HIGH" "ct-ultimate-gdpr 2.5 Unauthenticated.Plugin.Settings.Export.and.Import CRITICAL" "collect-and-deliver-interface-for-woocommerce 5.5.6 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "collect-and-deliver-interface-for-woocommerce 5.1.9 Reflected.Cross-Site-Scripting MEDIUM" "convert-classic-editor-to-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "convert-classic-editor-to-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "css-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-staging No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "cartpops 1.4.28 Reflected.Cross-Site.Scripting MEDIUM" "cartpops 1.4.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chat-viber 1.7.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-skins-contact-form-7 No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Update.and.Skin.Creation MEDIUM" "change-wc-price-title 2.4 Reflected.Cross-Site.Scripting MEDIUM" "change-wc-price-title 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "civicrm 5.28.1 CSRF.to.Stored.XSS MEDIUM" "civicrm 5.24.3 Authenticated.Phar.Deserialization MEDIUM" "cart-rest-api-for-woocommerce 3.12.0 Missing.Authorization MEDIUM" "coolclock 4.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cm-download-manager 2.9.0 Download.Deletion.via.CSRF MEDIUM" "cm-download-manager 2.9.1 Download.Edit.via.CSRF MEDIUM" "cm-download-manager 2.9.0 Download.Unpublish.via.CSRF MEDIUM" "cm-download-manager 2.8.6 Admin+.Arbitrary.File.Upload MEDIUM" "cm-download-manager 2.8.0 Authenticated.Arbitrary.File.Deletion MEDIUM" "cm-download-manager 2.8.0 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cm-download-manager 2.8.0 Authenticated.Cross-Site.Scripting MEDIUM" "cm-download-manager 2.0.7 CSRF.to.Cross-Site.Scripting HIGH" "cm-download-manager 2.0.4 Unauthenticated.Code.Injection CRITICAL" "colour-smooth-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-live-preview No.known.fix Missing.Authorization.via.update_option MEDIUM" "cosmosfarm-share-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clickfunnels No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clickfunnels No.known.fix Settings.Update.via.CSRF MEDIUM" "custom-header-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "carousels-slider-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contractor-contact-form-website-to-workflow-tool 4.1.0 Reflected.XSS HIGH" "cookie-notice-and-consent-banner 1.7.2 Admin+.Stored.XSS LOW" "commenttweets No.known.fix Settings.Update.via.CSRF MEDIUM" "custom-post-type-templates-for-elementor 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-us-by-lord-linus No.known.fix Admin+.Stored.XSS.via.CSRF HIGH" "contact-us-by-lord-linus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cm-video-lesson-manager-pro 3.5.9 Admin+.Stored.Cross-Site.Scripting LOW" "content-protector 4.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.6.5 Contributor+.Stored.XSS.via.content_protector.Shortcode MEDIUM" "content-protector 4.2.6.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-protector 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.9 Protection.Bypass.&.Arbitrary.Post.Access HIGH" "content-protector 3.5.5.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "content-protector 3.5.5.5.2 Insecure.Storage.of.Password MEDIUM" "content-protector 3.5.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chative-live-chat-and-chatbot 1.2 Channel/Org.ID.Update.via.CSRF MEDIUM" "cresta-addons-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "categorycustomfields No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cssable-countdown No.known.fix Admin+.Stored.XSS LOW" "call-now-icon-animate No.known.fix Admin+.Stored.XSS LOW" "contact-form-to-email 1.3.53 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-to-email 1.3.45 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-to-email 1.3.42 Captcha.Bypass MEDIUM" "contact-form-to-email 1.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.3.38 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-to-email 1.3.25 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-to-email 1.2.66 Multiple.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "classic-editor-addon 2.6.4 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "classic-editor-addon 2.6.4 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "country-state-city-auto-dropdown 2.7.3 Unauthenticated.SQL.Injection CRITICAL" "country-state-city-auto-dropdown 2.7.2 Missing.Authorization MEDIUM" "cf7-summary-and-print 1.2.6 Settings.Update.via.CSRF MEDIUM" "calendar No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "calendar 1.3.11 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "collectchat 2.4.4 Admin+.XSS LOW" "collectchat 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "collectchat 2.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "credit-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-infusionsoft 1.1.4 Reflected.Cross-Site.Scripting HIGH" "cits-support-svg-webp-media-upload 3.0 Author+.Stored.XSS.via.SVG MEDIUM" "csv-import-export No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "conversion-de-moneda No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-post-type-gui No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "category-ajax-filter 2.8.3 Unauthenticated.Local.File.Inclusion CRITICAL" "conditional-payments 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "cubewp-forms No.known.fix Missing.Authorization MEDIUM" "cubewp-forms 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "carrrot No.known.fix Admin+.Stored.XSS LOW" "custom-list-table-example No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "captchelfie-captcha-by-selfie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "code-snippets-cpt No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "cf7-repeatable-fields 2.0.2 Repeatable.Fields.<.2.0.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.field_group.Shortcode MEDIUM" "custom-post-type-date-archives No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "classyfrieds No.known.fix Authenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "csv2wpec-coupon No.known.fix Unauthenticated.Remote.File.Upload HIGH" "companion-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cookie-law-bar No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "counter-box 2.0.7 Authenticated.(Administrator+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "counter-box 2.0.6 Cross-Site.Request.Forgery MEDIUM" "counter-box 1.2.4 Counter.Deletion.via.CSRF MEDIUM" "counter-box 1.2.2 Reflected.XSS MEDIUM" "counter-box 1.2.1 Arbitrary.Counter.Activation/Deactivation.via.CSRF MEDIUM" "counter-box 1.2 Admin+.LFI MEDIUM" "car No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "coupon-lite 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coupon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conditional-payment-methods-for-woocommerce No.known.fix Admin+.SQLi MEDIUM" "cm-business-directory 1.4.2 Reflected.XSS HIGH" "crisp 0.45 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "crisp 0.32 CSRF.to.Stored.Cross-Site.Scripting HIGH" "check-pincode-for-woocommerce 1.2 Reflected.Cross-Site.Scripting MEDIUM" "content-mask 1.8.4.1 Subscriber+.Arbitrary.Options.Update HIGH" "classima-core 1.10 Reflected.Cross-Site.Scripting MEDIUM" "colorful-categories 2.0.15 Arbitrary.Colors.Update.via.CSRF MEDIUM" "chatter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "chatter No.known.fix Missing.Authorization MEDIUM" "corona-virus-covid-19-banner No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "corona-virus-covid-19-banner 1.8.0 CSRF MEDIUM" "conversational-forms 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "conversational-forms 1.2.0 Unauthenticated.Arbitrary.File.Download HIGH" "conversational-forms 1.17 Admin+.Stored.XSS LOW" "catch-web-tools 2.7.1 Subscriber+.Arbitrary.Catch.IDs.Activation/Deactivation MEDIUM" "catch-web-tools 2.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "caldera-smtp-mailer No.known.fix Missing.Authorization MEDIUM" "contact-form-db-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-permalinks 2.7.0 Authenticated(Editor+).Stored.Cross-Site.Scripting MEDIUM" "custom-more-link-complete No.known.fix Admin+.Stored.XSS LOW" "custom-url-shorter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.288 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.colibri_video_player.Shortcode MEDIUM" "colibri-page-builder 1.0.277 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting.via.the.plugin's.'colibri_breadcrumb_element'.shortcode MEDIUM" "colibri-page-builder 1.0.264 Author+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.274 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "colibri-page-builder 1.0.270 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.249 Missing.Authorization MEDIUM" "colibri-page-builder 1.0.260 Import.Images,.Delete.Post,.Save.Theme.Data.via.CSRF MEDIUM" "colibri-page-builder 1.0.260 Arbitrary.Shortcode.Call.via.CSRF MEDIUM" "colibri-page-builder 1.0.240 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.248 Contributor+.Stored.XSS MEDIUM" "colibri-page-builder 1.0.229 Admin+.SQL.Injection MEDIUM" "cf7-file-download No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "contact-page-with-google-map No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "custom-layouts 1.4.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-scroll-bar-designer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cooked 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cooked 1.8.0 Cooked.–.Recipe.Management.<=.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked 1.7.15.1 Contributor+.Stored.XSS MEDIUM" "cooked 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "cooked 1.7.9.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cooked 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-style No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "contact-form-7-style No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "cp-blocks 1.0.21 CSRF MEDIUM" "cp-blocks 1.0.15 Admin+.Stored.Cross-Site.Scripting LOW" "convertbox-auto-embed 1.0.20 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "code-snippets-extended No.known.fix Arbitrary.Snippet.Deletion/Disabling.via.CSRF MEDIUM" "code-snippets-extended No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "code-snippets-extended No.known.fix RCE.via.CSRF HIGH" "college-publisher-import No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "cf7-active-campaign 1.0.4 Reflected.Cross-Site.Scripting HIGH" "custom-font-uploader 2.4.0 Custom.Font.Uploader.<.2.4.0.-.Missing.Authorization.to.Font.Deletion MEDIUM" "custom-font-uploader 2.2.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "comment-form 1.2.1 Admin+.Authenticated.Stored.XSS LOW" "custom-shortcode-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "catch-infinite-scroll 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "contact-form-7-star-rating-with-font-awersome No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "content-snippet-manager 1.1.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-codes 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-mailchimp-extension No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-mailchimp-extension No.known.fix Subscriber+.Server-Side.Request.Forgery MEDIUM" "custom-css 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "custom-post-type-generator No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "content-views-query-and-display-post-page 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pagingType.Parameter MEDIUM" "content-views-query-and-display-post-page 3.7.1 Contributor+.Stored.Cross-Site.Scripting.via.Widget.Post.Overlay MEDIUM" "content-views-query-and-display-post-page 3.6.3 Admin+.Stored.XSS MEDIUM" "chilexpress-oficial No.known.fix Reflected.XSS HIGH" "clicksend-lead-capture-form No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Message.Deletion MEDIUM" "course-booking-system 6.0.7 Unauthenticated.SQL.Injection HIGH" "clever-fox 25.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clever-fox 25.2.1 Missing.Authorization.to.arbitrary.theme.activation.via.clever-fox-activate-theme MEDIUM" "contact-form-lite 1.1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-lite 1.1.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "camera-slideshow No.known.fix Reflected.Cross-Site.Scripting HIGH" "customize-wpadmin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-forms 1.9.5 Missing.Authorization.to.Unauthenticated.Form.Submission.Download MEDIUM" "contact-forms 1.9.3 Cross-Site.Request.Forgery.via.process_bulk_action.Function MEDIUM" "contact-forms 1.9.1 Admin+.Stored.XSS LOW" "contact-forms 1.8.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-forms 1.6.1 CSRF MEDIUM" "contact-forms 1.5.8 Cross-Site.Request.Forgery MEDIUM" "contact-forms 1.5.5 Unauthenticated.Stored.XSS HIGH" "contact-forms 1.5.5 Reflected.XSS HIGH" "contact-forms 1.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "change-table-prefix No.known.fix Cross-Site.Request.Forgery.via.change_prefix_form HIGH" "configure-smtp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "crazy-bone No.known.fix Unauthenticated.Stored.XSS HIGH" "crazy-bone 0.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "customily-v2 No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cm-on-demand-search-and-replace 1.4.3 Reflected.XSS HIGH" "cm-on-demand-search-and-replace 1.3.9 Plugin.Reset.via.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Multiple.CSRF MEDIUM" "cm-on-demand-search-and-replace 1.3.1 Admin+.Stored.XSS LOW" "change-memory-limit No.known.fix Missing.Authorization.via.admin_logic() MEDIUM" "cricket-score 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-theme-content 2.6.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "ct-commerce No.known.fix Admin+.Stored.XSS LOW" "comic-easel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "commons-booking No.known.fix Code/Timeframe/Booking.Deletion.via.CSRF MEDIUM" "commons-booking No.known.fix Admin+.Stored.XSS LOW" "copy-delete-posts 1.4.0 Subscriber+.Plugin.Installation MEDIUM" "copy-delete-posts 1.4.0 Plugin.Installation.via.CSRF MEDIUM" "copy-delete-posts 1.2.0 Authenticated.SQL.Injection MEDIUM" "circle-image-slider-with-lightbox 1.0.1 Image.Data.Update.via.CSRF MEDIUM" "circle-image-slider-with-lightbox 1.0.18 Reflected.Cross-Site.Scripting MEDIUM" "circle-image-slider-with-lightbox 1.0.16 Reflected.Cross-Site.Scripting MEDIUM" "comment-link-remove 2.1.6 Arbitrary.Comment.Deletion.via.CSRF MEDIUM" "custom-post-limits No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "custom-user-css No.known.fix Settings.Update.via.CSRF MEDIUM" "custom-sidebars 3.1.0 CSRF HIGH" "custom-sidebars 3.0.8.1 CSRF HIGH" "comment-highlighter No.known.fix Authenticated.SQL.Injection MEDIUM" "cars-seller-auto-classifieds-script No.known.fix Auto.Classifieds.Script.<=.2.1.0.-.Unauthenticated.SQL.Injection CRITICAL" "custom-post-widget 3.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "custom-post-widget 3.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.content_block.Shortcode MEDIUM" "custom-post-widget 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-ui 1.13.5 Debug.Info.Sending.via.CSRF LOW" "captcha-for-contact-form-7 1.11.4 Captcha.Bypass MEDIUM" "caching-compatible-cookie-optin-and-javascript 0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "court-reservation 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "court-reservation 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cloud-manager No.known.fix Reflected.XSS CRITICAL" "cloud No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "correosoficial No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "curatorio 1.9.2 Contributor+.Stored.XSS MEDIUM" "clover-online-orders 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.moo_receipt_link.Shortcode MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Data.Update MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization.to.Plugin.Deactivation.and.Data.Deletion MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.7 Missing.Authorization MEDIUM" "clover-online-orders 1.5.5 Cross-Site.Request.Forgery MEDIUM" "clover-online-orders 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clover-online-orders 1.5.5 Reflected.XSS HIGH" "cpt-bootstrap-carousel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cpt-bootstrap-carousel No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "crafty-social-buttons 1.5.8 XSS MEDIUM" "canalplan-ac No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-css-pro 1.0.4 CSRF.&.XSS HIGH" "currency-converter-widget-pro 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpt-shortcode No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cpt-shortcode No.known.fix Admin+.Stored.XSS LOW" "cats-job-listings No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "case-study No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "captcha-bws 5.2.1 Captcha.Bypass MEDIUM" "coneblog-widgets 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "coneblog-widgets 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "calculatorpro-calculators No.known.fix Reflected.Cross-Site.Scripting.via.CP_preview_calc MEDIUM" "christmasify 1.5.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cf7-hubspot 1.3.2 Cross-Site.Request.Forgery MEDIUM" "cf7-hubspot 1.2.0 Reflected.Cross-Site.Scripting HIGH" "cleanup-light 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "cm-pop-up-banners 1.7.6 Reflected.XSS HIGH" "cm-pop-up-banners 1.7.3 Contributor+.Stored.XSS MEDIUM" "cm-pop-up-banners 1.6.6 Contributor+.Stored.XSS MEDIUM" "custom-404-pro 3.11.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-404-pro 3.10.1 Unauthenticated.Stored.Cross-Site.Scripting.via.logging HIGH" "custom-404-pro 3.8.1 Multiple.SQL.Injection HIGH" "custom-404-pro 3.8.2 Reflected.XSS HIGH" "custom-404-pro 3.7.3 Reflected.Cross-Site.Scripting HIGH" "custom-404-pro 3.7.2 Logs.Deletion.via.CSRF MEDIUM" "custom-404-pro 3.7.1 Admin+.SQLi MEDIUM" "custom-404-pro 3.2.9 Authenticated.Reflected.XSS MEDIUM" "custom-404-pro 3.2.8 XSS MEDIUM" "custom-fonts 2.1.5 Author+.Stored.XSS MEDIUM" "category-post-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cssjockey-add-ons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "crudlab-google-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-database-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-login 4.1.1 Subscriber+.Unauthorised.Action MEDIUM" "cookiehub 1.1.1 Missing.Authorization MEDIUM" "cardgate 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "cardgate 3.1.16 Unauthorised.Payments.Hijacking.and.Order.Status.Spoofing HIGH" "checkout-for-paypal 1.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-for-paypal 1.0.14 Contributor+.Stored.XSS MEDIUM" "charity-addon-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "charity-addon-for-elementor 1.3.3 Contributor+.Stored.XSS MEDIUM" "charity-addon-for-elementor 1.3.2 .Contributor+.Stored.XSS MEDIUM" "custom-wp-rest-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "checkout-plugins-stripe-woo 1.9.2 Cross-Site.Request.Forgery MEDIUM" "checkout-plugins-stripe-woo 1.4.11 Settings.Update.via.CSRF MEDIUM" "custom-facebook-feed 4.2.2 Facebook.Token.Reset/Update.via.CSRF MEDIUM" "custom-facebook-feed 4.1.6 Contributor+.Stored.XSS MEDIUM" "custom-facebook-feed 4.1.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "custom-facebook-feed 4.0.1 Subscriber+.Arbitrary.Plugin.Settings.Update.to.Stored.XSS HIGH" "custom-facebook-feed 2.19.2 Unauthenticated.Stored.XSS CRITICAL" "custom-facebook-feed 2.19.2 Reflected.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.75 Reflected.Cross-Site.Scripting MEDIUM" "cp-polls 1.0.77 Admin+.Stored.Cross-Site.Scripting LOW" "cp-polls 1.0.77 Admin+.Stored.XSS.via.Custom.Styles LOW" "cp-polls 1.0.72 Unauthenticated.Poll.Limit.Bypass MEDIUM" "cp-polls 1.0.72 Unauthenticated.Content.Injection MEDIUM" "cp-polls 1.0.9 Multiple.CSRF.Vulnerabilities MEDIUM" "cp-polls 1.0.9 Multiple.XSS.Vulnerabilities MEDIUM" "chatroll-live-chat 2.6.0 Contributor+.Stored.XSS MEDIUM" "clockwork-two-factor-authentication 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "content-sidebars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-sidebars 1.6.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "connections No.known.fix Authenticated.(Admin+).Arbitrary.Directory.Deletion MEDIUM" "connections 10.4.37 Contributor+.Stored.XSS MEDIUM" "connections 10.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "connections 9.7 Admin+.CSV.Injection MEDIUM" "connections 8.5.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cj-change-howdy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "child-theme-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "catablog No.known.fix Authenticated.(Editor+).Arbitrary.File.Deletion MEDIUM" "curtain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "curtain 1.0.2 Unauthenticated.Maintenance.Mode.Switch HIGH" "cms-press No.known.fix Admin+.Stored.XSS LOW" "country-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "country-blocker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cf7-field-validation No.known.fix Unauthenticated.SQLi HIGH" "cb-logo-slider 4.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cb-logo-slider 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clotya-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "crudlab-facebook-like-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-restrictor-for-divi 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "content-restrictor-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cbxpetition No.known.fix Unauthenticated.SQLi HIGH" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Editor+).Local.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons 3.1 Authenticated.(Contributor+).Limited.Local.PHP.File.Inclusion HIGH" "classic-addons-wpbakery-page-builder-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "cyklodev-wp-notify 1.3.0 Admin+.Stored.XSS LOW" "countdown-for-the-events-calendar 1.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "customer-reviews-woocommerce 5.62.0 Missing.Authorization.to.Authenticated.(Subscriber+).Import.Cancellation MEDIUM" "customer-reviews-woocommerce 5.48.0 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "customer-reviews-woocommerce 5.47.0 Missing.Authorization.to.Authenticated.(Subscriber+).Coupon.Search MEDIUM" "customer-reviews-woocommerce 5.39.0 Improper.Authorization.via.submit_review MEDIUM" "customer-reviews-woocommerce 5.38.10 Author+.Arbitrary.File.Upload HIGH" "customer-reviews-woocommerce 5.38.2 Cross-Site.Request.Forgery.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.38.2 Missing.Authorization.via.manual.review.reminders MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization.in.Reviews.Exporter MEDIUM" "customer-reviews-woocommerce 5.36.1 Missing.Authorization MEDIUM" "customer-reviews-woocommerce 5.17.0 Contributor+.Stored.XSS MEDIUM" "customer-reviews-woocommerce 5.16.0 Contributor+.LFI CRITICAL" "customer-reviews-woocommerce 5.3.6 Cross-Site.Request.Forgery MEDIUM" "customer-reviews-woocommerce 5.3.6 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "customer-reviews-woocommerce 5.3.6 Broken.Access.Control MEDIUM" "copy-me No.known.fix Copy.Posts.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "caldera-forms 1.7.5.1 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "caldera-forms 1.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "caldera-forms 1.6.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "coming-soon-wp 2.1.3 Maintenance.Mode.Bypass MEDIUM" "coming-soon-wp 1.6.7 Admin+.Stored.Cross-Site.Scripting MEDIUM" "catch-duplicate-switcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "catch-duplicate-switcher 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-registration-and-login-forms-with-new-recaptcha No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cf7-salesforce 1.4.0 Cross-Site.Request.Forgery MEDIUM" "cf7-salesforce 1.2.6 Reflected.Cross-Site.Scripting HIGH" "c9-admin-dashboard No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "codecolorer 0.10.1 CodeColorer.<.0,10,1.–.Admin+.Stored.Cross-Site.Scripting LOW" "cookie-consent-box 1.1.7 Admin+.Stored.XSS LOW" "convert-docx2post No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "custom-post-type-relations No.known.fix Reflected.Cross-Site.Scripting HIGH" "catch-under-construction 1.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "cliengo No.known.fix Cross-Site.Request.Forgery MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Unauthenticated.Chatbot.Settings.Update MEDIUM" "cliengo 3.0.3 Chatbot.<.3.0.3.-.Missing.Authorization.to.Authorized.(Subscriber+).Chatbot.Settings.Update MEDIUM" "creative-image-slider 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "customer-chat-facebook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customer-chat-facebook No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "customer-chat-facebook No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cookiebot 4.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Survey.Submission MEDIUM" "cookiebot 3.6.1 CSRF.&.XSS LOW" "cardoza-wordpress-poll No.known.fix Authenticated.SQL.Injection HIGH" "cardoza-wordpress-poll 34.06 Multiple.External.Function.Remote.Poll.Manipulation CRITICAL" "cardoza-wordpress-poll 33.6 Multiple.SQL.Injection.Vulnerabilities CRITICAL" "cheetaho-image-optimizer 1.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "custom-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cookie-notice-consent 1.6.1 Admin+.Stored.XSS LOW" "custom-order-statuses-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "custom-order-statuses-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "cubewp-framework 1.1.16 Missing.Authorization MEDIUM" "cubewp-framework 1.1.13 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "captchinoo-captcha-for-login-form-protection 2.4 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "captchinoo-captcha-for-login-form-protection 2.5 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "complianz-gdpr-premium 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr-premium 6.3.6 Translator.SQLi MEDIUM" "catch-instagram-feed-gallery-widget 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "cryptocurrency-widgets-for-elementor 1.6.5 Unauthenticated.Local.File.Inclusion HIGH" "cryptocurrency-widgets-for-elementor 1.3 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "csv-importer 0.3.9 Cross-Site.Request.Forgery MEDIUM" "chatpressai 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "currency-switcher-woocommerce 2.16.3 Reflected.Cross-Site.Scripting MEDIUM" "currency-switcher-woocommerce 2.11.2 Security.Restrictions.Bypass MEDIUM" "chatlive No.known.fix Unauthenticated.SQL.Injection HIGH" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "cp-easy-form-builder 1.2.32 Admin+.Stored.Cross-Site.Scripting LOW" "clickervolt No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "countdown-timer-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "countdown-timer-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "chalet-montagne-com-tools No.known.fix Reflected.XSS HIGH" "clevernode-related-content 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "clean-login 1.14.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "clean-login 1.13.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "clean-login 1.12.6.4 Reflected.Cross-Site.Scripting MEDIUM" "clean-login 1.8 Change.Redirect.URL.CSRF MEDIUM" "clean-login 1.5.1 Reflected.XSS MEDIUM" "classic-editor-and-classic-widgets 1.4.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "classic-editor-and-classic-widgets 1.2.6 Settings.Update.via.CSRF MEDIUM" "client-dash No.known.fix Missing.Authorization MEDIUM" "client-dash No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "commentluv No.known.fix Unauthenticated.SSRF MEDIUM" "contact-form-to-any-api 1.2.5 Unauthenticated.Stored.Cross-Site.Scripting.via.Contact.Form HIGH" "contact-form-to-any-api 1.1.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "contact-form-to-any-api 1.1.7 Subscriber+.API.Entry.Record.Deletion MEDIUM" "contact-form-to-any-api 1.1.3 Admin+.SQLi MEDIUM" "custom-related-posts 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Private.Post.Search.and.Relation.Updates MEDIUM" "codoc 0.9.52 Reflected.Cross-Site.Scripting MEDIUM" "comment-images-reloaded No.known.fix Authenticated.(Subscriber+).Arbitrary.Media.Deletion MEDIUM" "cyr3lat 3.7 Editor+.SQL.Injection MEDIUM" "cc-bmi-calculator 2.1.0 Contributor+.Stored.XSS MEDIUM" "card-oracle 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "card-oracle 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "codepen-embedded-pen-shortcode 1.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "codepen-embedded-pen-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "circles-gallery No.known.fix Admin+.Stored.XSS LOW" "capitalize-my-title No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "confetti-fall-animation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.confetti-fall-animation.Shortcode MEDIUM" "cost-of-goods-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "cafe-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "cafe-lite 2.2.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cafe-lite 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.CAFE.Widgets MEDIUM" "cafe-lite 2.1.0 Contributor+.Stored.XSS MEDIUM" "convertplug 3.5.31 ConvertPlus.<.3.5.31.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update HIGH" "convertplug 3.5.26.1 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.5.26 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "convertplug 3.5.26 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "convertplug 3.4.5 Multiple.Issues HIGH" "callrail-phone-call-tracking 0.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "callrail-phone-call-tracking 0.4.10 Stored.XSS.via.CSRF MEDIUM" "coditor No.known.fix Arbitrary.File.Edition,.Deletion.and.Internal.Directory.Listing.in.wp-content CRITICAL" "contact-form-entries 1.3.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contact-form-entries 1.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "contact-form-entries 1.3.3 Admin+.Arbitrary.File.Upload MEDIUM" "contact-form-entries 1.3.1 SQL.Injection MEDIUM" "contact-form-entries 1.3.1 Contributor+.Stored.XSS MEDIUM" "contact-form-entries 1.3.0 CSV.Injection MEDIUM" "contact-form-entries 1.2.4 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.2 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.2.1 Reflected.Cross-Site.Scripting HIGH" "contact-form-entries 1.1.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "car-rental No.known.fix Admin+.Stored.XSS LOW" "car-rental 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "calendarista-basic-edition 3.0.3 Cross-Site.Request.Forgery MEDIUM" "calendarista-basic-edition 3.0.6 Missing.Authorization MEDIUM" "calendarista-basic-edition 3.0.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "callback-request No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "catch-themes-demo-import 2.1.1 Admin+.Remote.Code.Execution MEDIUM" "catch-themes-demo-import 1.8 Admin+.Arbitrary.File.Upload CRITICAL" "catch-themes-demo-import 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "catch-ids 2.4 Unauthorised.Plugin's.Setting.Change MEDIUM" "custom-admin-login-styler-wpzest No.known.fix Admin+.Stored.XSS LOW" "chameleon-css No.known.fix Subscriber+.SQL.Injection CRITICAL" "conditional-extra-fees-for-woocommerce 1.0.97 Admin+.Stored.XSS MEDIUM" "coming-soon-master 1.1 Reflected.Cross-Site.Scripting MEDIUM" "comicbookmanagementsystemweeklypicks 2.2.0 Admin+.SQLi MEDIUM" "calendi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cardinity-free-payment-gateway-for-woocommerce 3.0.7 Reflected.Cross-Site.Scripting HIGH" "contact-form-7-datepicker No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery-pro 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery-pro 19.1.5 Unauthenticated.SQL.Injection HIGH" "cf-geoplugin 8.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Menu.Creation/Deletion MEDIUM" "cf-geoplugin 8.7.0 Missing.Authorization.to.Unauthenticated.Shortcode.Execution MEDIUM" "cf-geoplugin 8.6.5 PHP.Object.Injection CRITICAL" "cf-geoplugin 8.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 8.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cf-geoplugin 7.13.12 Reflected.Cross-Site.Scripting HIGH" "customer-reviews-collector-for-woocommerce 4.0 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "carousel-ck No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "call-now-button 1.4.14 Cross-Site.Request.Forgery MEDIUM" "call-now-button 1.4.7 Admin+.Stored.XSS LOW" "call-now-button 1.1.2 Reflected.Cross-Site.Scripting LOW" "cliptakes 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clock-in-portal No.known.fix Holidays.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Staff.Deletion.via.CSRF MEDIUM" "clock-in-portal No.known.fix Designation.Deletion.via.CSRF MEDIUM" "canecto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cultbooking-booking-engine No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cpt-speakers No.known.fix Speakers.<=.1.1.-.Admin+.Stored.XSS LOW" "contact-form-7 5.9.5 Unauthenticated.Open.Redirect MEDIUM" "contact-form-7 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7 5.8.4 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "contact-form-7 5.3.2 Unrestricted.File.Upload HIGH" "contact-form-7 5.0.4 register_post_type().Privilege.Escalation CRITICAL" "contact-form-maker No.known.fix Admin+.SQLi MEDIUM" "contact-form-maker 1.13.5 Cross-Site.Request.Forgery.to.LFI HIGH" "coinbase-commerce-for-contact-form-7 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "child-themes-helper No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "catchers-helpdesk No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "custom-widget-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-search-plugin 1.36 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "coschedule-by-todaymade 3.3.9 CSRF MEDIUM" "chat-bubble No.known.fix Admin+.Stored.XSS LOW" "chat-bubble No.known.fix Settings.Update.via.CSRF MEDIUM" "chat-bubble 2.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "constant-contact-forms-by-mailmunch 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "constant-contact-forms-by-mailmunch 2.1.0 Contributor+.Stored.XSS MEDIUM" "constant-contact-forms-by-mailmunch 2.0.11 Arbitrary.Settings.Update.via.CSRF MEDIUM" "chameleon 1.4.4 Admin+.Stored.XSS LOW" "companion-auto-update 3.3.6 Authenticated.SQL.Injection CRITICAL" "comments-ratings No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "comments-ratings No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "comments-ratings 1.1.7 Cross-Site.Request.Forgery MEDIUM" "complete-open-graph No.known.fix Admin+.Stored.XSS LOW" "comment-emailer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "caldera-forms-pro 1.8.2 Unauthenticated.Arbitrary.File.Read HIGH" "chamber-dashboard-business-directory 3.3.11 Missing.Authorization MEDIUM" "chamber-dashboard-business-directory 3.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "chamber-dashboard-business-directory 3.3.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "co-marquage-service-public 0.5.77 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "co-marquage-service-public 0.5.73 Reflected.Cross-Site.Scripting.via.search_term MEDIUM" "co-marquage-service-public 0.5.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "crony No.known.fix Cross-Site.Request.Forgery MEDIUM" "crony 0.4.7 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "configurable-tag-cloud-widget 5.3 Cross-Site.Request.Forgery MEDIUM" "creative-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calderawp-license-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "comment-blacklist-updater 1.2.0 Cross-Site.Request.Forgery.via.update_blacklist_manual MEDIUM" "cf7-invisible-recaptcha 1.3.4 CSRF MEDIUM" "cf7-invisible-recaptcha 1.3.2 XSS MEDIUM" "cardealer 4.48 Missing.Authorization MEDIUM" "cardealer 4.16 Admin+.Content.Injection LOW" "cardealer 3.05 Subscriber+.Arbitrary.Plugin.Installation HIGH" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Update MEDIUM" "chatbot-chatgpt 2.1.9 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Assistant.Modification MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Addition MEDIUM" "chatbot-chatgpt 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.1.8 Missing.Authorization.to.Authenticated.(Subscriber+).Assistant.Deletion MEDIUM" "chatbot-chatgpt 1.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chatbot-chatgpt 2.0.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chatbot-chatgpt 2.0.0 Unauthenticated.Arbitrary.File.Upload.via.chatbot_chatgpt_upload_file_to_assistant.Function CRITICAL" "comments-like-dislike 1.2.0 Subscriber+.Settings.Reset MEDIUM" "comments-like-dislike 1.1.4 Add.Like/Dislike.Bypass MEDIUM" "cryptocurrency No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cryptocurrency No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "coub No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 5.0.9 Missing.Authorization MEDIUM" "church-admin 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "church-admin 4.4.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.4.5 Missing.Authorization MEDIUM" "church-admin 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "church-admin 4.4.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "church-admin 4.2.0 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.0.28 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.1.7 Missing.Authorization MEDIUM" "church-admin 4.1.6 .Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "church-admin 4.1.19 Missing.Authorization MEDIUM" "church-admin 4.1.8 Cross-Site.Request.Forgery MEDIUM" "church-admin 4.0.28 Authenticated.(Contributor+).SQL.Injection HIGH" "church-admin 4.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.meta-text MEDIUM" "church-admin 4.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "church-admin 3.8.0 Server-Side.Request.Forgery.(SSRF) MEDIUM" "church-admin 3.7.6 Reflected.XSS HIGH" "church-admin 3.7.30 Reflected.XSS HIGH" "church-admin 3.4.135 Unauthenticated.Plugin's.Backup.Disclosure HIGH" "church-admin 1.2550 CSRF HIGH" "contact-form-7-campaign-monitor-extension No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "cforms No.known.fix Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms No.known.fix Multiple.XSS MEDIUM" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix SQL.Injection CRITICAL" "cforms No.known.fix Remote.Code.Execution.via.Unauthorised.File.Upload MEDIUM" "cforms 13.2 XSS MEDIUM" "cforms 10.2 XSS MEDIUM" "contact-form-submissions 1.7.3 Unauthenticated.Stored.XSS HIGH" "contact-form-submissions 1.7.1 Authenticated.Double.Query.SQL.injection MEDIUM" "contact-form-submissions 1.7.1 Authenticated.SQL.Injection MEDIUM" "coronavirus-data-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "creative-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cc-custom-taxonmy No.known.fix Admin+.Stored.XSS LOW" "cooked-pro 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cooked-pro 1.8.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cooked-pro 1.8.0 Cross-Site.Request.Forgery MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Reset MEDIUM" "cooked-pro 1.8.0 Authenticated.(Contributor+).HTML.Injection MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.via.cooked_get_recipe_ids MEDIUM" "cooked-pro 1.8.0 Cross-Site.Request.Forgery.to.Template.Apply MEDIUM" "cooked-pro 1.7.5.7 Unauthenticated.PHP.Object.Injection HIGH" "cooked-pro 1.7.5.6 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "cf7-grid-and-styler-for-divi 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-grid-and-styler-for-divi 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "canvasio3d-light No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "canvasio3d-light No.known.fix Subscriber+.Entries.Update/Deletion MEDIUM" "canvasio3d-light No.known.fix Reflected.XSS HIGH" "custom-sub-menus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-comment-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cardoza-3d-tag-cloud No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cardoza-3d-tag-cloud No.known.fix Stored.XSS.via.CSRF MEDIUM" "cf7-insightly 1.0.9 Reflected.Cross-Site.Scripting HIGH" "cf7-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "consensu-io 1.0.4 Unauthenticated.Settings.Update MEDIUM" "choice-payment-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "choice-payment-gateway-for-woocommerce 2.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "checkout-mestres-wp 8.6.1 Authenticated.(Admin+).Local.File.Inclusion HIGH" "checkout-mestres-wp 7.1.9.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "checkout-mestres-wp 7.1.9.8 Authentication.Bypass.via.Password.Reset CRITICAL" "checkout-mestres-wp 7.1.9.8 Unauthenticated.SQL.Injection CRITICAL" "colorlib-coming-soon-maintenance No.known.fix Information.Exposure MEDIUM" "colorlib-coming-soon-maintenance 1.0.99 Admin+.Stored.Cross.Site.Scripting LOW" "custom-admin-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "current-book No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "custom-landing-pages-leadmagic No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "code-manager 1.0.26 Reflected.Cross-Site.Scripting MEDIUM" "code-manager 1.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "css-javascript-toolbox 11.9 Contributor+.Stored.XSS MEDIUM" "cf7-mailchimp 1.1.1 Reflected.Cross-Site.Scripting HIGH" "connect-contact-form-7-to-constant-contact-v3 1.5 Reflected.Cross-Site.Scripting MEDIUM" "crm2go No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-text-selection-colors No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "custom-field-bulk-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "conversion-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clictracker No.known.fix Admin+.Stored.XSS LOW" "charitydonation-thermometer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "customize-login-image 3.5.3 Admin+.Stored.Cross-Site.Scripting LOW" "content-audit-exporter No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "custom-page-templates-by-vegacorp 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "custom-page-templates-by-vegacorp 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cookie-scanner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "csv-to-html 3.15 Reflected.Cross-Site.Scripting HIGH" "csv-to-html 3.27 Subscriber+.Arbitrary.File.Upload CRITICAL" "causes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contentstudio 1.2.6 Authorisation.Bypass HIGH" "contentstudio 1.2.6 Nonce.Disclosure HIGH" "contentstudio 1.2.6 Unauthorised.Function.Calls HIGH" "cms-tree-page-view 1.6.8 Reflected.XSS HIGH" "cryptocurrency-price-widget 1.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "category-d3-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-fees-for-woocommerce 2.12.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "consulting-elementor-widgets 1.3.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "consulting-elementor-widgets 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "captivatesync-trade 2.0.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "cf7-zoho 1.2.4 Admin+.SQLi MEDIUM" "cf7-zoho 1.2.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cf7-zoho 1.1.9 Reflected.Cross-Site.Scripting HIGH" "cf7-zoho 1.1.8 Reflected.Cross-Site.Scripting HIGH" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "chartjs No.known.fix Editor+.Stored.Cross-Site.Scripting.in.New.Chart LOW" "counters-block 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpt-onomies No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-my-account-for-woocommerce No.known.fix Stored.XSS.via.CSRF HIGH" "cryptocurrency-widgets-pack 2.0 Unauthenticated.SQLi HIGH" "c9-blocks No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "custom-product-list-table No.known.fix Cross-Site.Request.Forgery MEDIUM" "ckeditor-for-wordpress 4.5.3.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-multi 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "conference-scheduler 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "curated-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "client-documentation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "captcha-them-all 1.4 Admin+.Stored.XSS LOW" "combo-wp-rewrite-slugs No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "contact-form-7-skins 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-skins 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "catch-import-export 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "cww-companion 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-with-shortcode 4.2.6 Reflected.Cross-Site.Scripting MEDIUM" "convoworks-wp 0.22.15 Reflected.Cross-Site.Scripting MEDIUM" "convoworks-wp 0.22.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "complianz-gdpr 7.0.0 Cross-Site.Request.Forgery.to.Data.Request.Deletion MEDIUM" "complianz-gdpr 6.5.6 Admin+.Stored.XSS LOW" "complianz-gdpr 6.4.2 GDPR/CCPA.Cookie.Consent.<.6.4.2.-.Contributor+.Stored.XSS MEDIUM" "complianz-gdpr 6.3.4 Translator.SQLi MEDIUM" "complianz-gdpr 6.0.0 GDPR/CCPA.Cookie.Consent.<.6.0.0.-.Reflected.Cross-Site.Scripting MEDIUM" "cwicly 1.4.0.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "custom-order-statuses-woocommerce 2.4.0 Cross-Site.Request.Forgery MEDIUM" "countdown-time 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "countdown-time 1.2.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "chopslider No.known.fix Unauthenticated.Blind.SQL.Injection CRITICAL" "child-support-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "child-support-calculator 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clients No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "canva No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-css-js-php No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "custom-css-js-php No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "clicksold-wordpress-plugin No.known.fix Admin+.XSS LOW" "click-to-call-or-chat-buttons 1.5.0 Admin+.Stored.XSS LOW" "contact-form-7-anti-spambot No.known.fix Missing.Authorization MEDIUM" "change-prices-with-time-for-woocommerce 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "change-prices-with-time-for-woocommerce 1.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-searchable-data-entry-system No.known.fix Unauthenticated.Data.Modification.and.Deletion CRITICAL" "content-mirror No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-add-user No.known.fix Reflected.Cross-Site.Scripting HIGH" "codepile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codepile 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "custom-email-options No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "code-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "campaign-monitor-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "campaign-monitor-wp 2.5.6 Subscriber+.Arbitrary.Options.Update MEDIUM" "controlled-admin-access 1.5.6 Improper.Access.Control.to.Privilege.Escalation HIGH" "controlled-admin-access 1.5.2 Improper.Access.Control.&.Privilege.Escalation HIGH" "common-tools-for-site No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "course-migration-for-learndash No.known.fix Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "convertcalculator 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.and.type.Parameter MEDIUM" "css-hero 4.07 Authenticated.Reflected.XSS MEDIUM" "compute-links No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "cancel-order-request-woocommerce 1.3.3 Admin+.Stored.XSS LOW" "clicface-trombi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.nom.Parameter MEDIUM" "codeflavors-vimeo-video-post-lite 2.2.2 Reflected.XSS HIGH" "cz-loan-management No.known.fix Unauthenticated.SQLi HIGH" "cloudflare 4.12.3 Missing.Authorization.via.initProxy MEDIUM" "cloudflare 1.1.12 Unauthenticated.RCE.via.PHPUnit CRITICAL" "cloud-sso-single-sign-on 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "contact-us-page-contact-people 3.7.1 Contact.people.LITE.<.3.7.1.-.Contact.Update/Deletion/Creation.via.CSRF MEDIUM" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "client-portal-suitedash-login 1.8.0 Admin+.Stored.XSS LOW" "custom-field-for-wp-job-manager 1.4 Reflected.Cross-Site.Scripting MEDIUM" "custom-field-for-wp-job-manager 1.3 .Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.Shortcode MEDIUM" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "custom-field-for-wp-job-manager 1.2 Admin+.Stored.XSS LOW" "coming-soon-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "crypto-converter-widget 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "crypto-converter-widget 1.8.4 Contributor+.Stored.XSS MEDIUM" "cf7-recaptcha-mine 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "coupons 1.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "copy-the-code 4.0.4 Contributor+.Stored.XSS MEDIUM" "copy-the-code 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "copy-the-code 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "culqi-checkout 3.0.15 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "continuous-image-carousel-with-lightbox 1.0.16 Reflected.XSS HIGH" "carts-guru 1.4.6 Unauthenticated.Object.Injection CRITICAL" "cool-timeline 2.4 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "cool-timeline 2.0.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "cool-timeline 2.0.3 Cross-Site.Request.Forgery MEDIUM" "column-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "cp-image-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-image-gallery No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "coupon-reveal-button 1.2.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "capability-manager-enhanced 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capability-manager-enhanced 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "capability-manager-enhanced 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "coreactivity 2.1 Unauthenticated.IP.Spoofing MEDIUM" "coreactivity 1.8.1 Unauthenticated.Stored.XSS HIGH" "cf7-google-sheets-connector-pro 2.3.7 Reflected.XSS HIGH" "commerce-coinbase-for-woocommerce 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "commerce-coinbase-for-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "checkfront-wp-booking 3.7 Settings.Update.via.CSRF MEDIUM" "create-flipbook-from-pdf No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "cds-simple-seo 2.0.26 Arbitrary.Settings.Update.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Sitemap.Creation/Deletion.via.CSRF MEDIUM" "cds-simple-seo 1.8.13 Subscriber+.Sitemap.Creation/Deletion MEDIUM" "cds-simple-seo 1.7.92 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "cookie-monster No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "cf7-constant-contact No.known.fix Cross-Site.Request.Forgery MEDIUM" "cf7-constant-contact 1.1.5 Open.Redirect MEDIUM" "cf7-constant-contact 1.1.0 Reflected.Cross-Site.Scripting HIGH" "clerkio 4.0.0 Authentication.Bypass.and.API.Keys.Disclosure LOW" "custom-fields-search 1.3.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "classified-listing-pro 2.0.20 Reflected.Cross-Site.Scripting MEDIUM" "clickdesigns 2.0.0 Missing.Authorization.to.API.Key.Modification.or.Removal MEDIUM" "comments-not-replied-to 1.5.8 Reflected.Cross-Site.Scripting MEDIUM" "comments-not-replied-to 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "categories-gallery No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cimy-header-image-rotator No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "cf7-google-sheets-connector 5.0.18 Missing.Authorization MEDIUM" "cf7-google-sheets-connector 5.0.10 Missing.Authorization.to.Limited.Site.Configuration.Update MEDIUM" "cf7-google-sheets-connector 5.0.6 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log HIGH" "cf7-google-sheets-connector 5.0.2 Reflected.XSS HIGH" "conditional-menus 1.2.1 Reflected.XSS HIGH" "coupon-creator 3.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "coupon-creator 3.1.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "custom-admin-page 0.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "css-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "collapsing-categories 3.0.9 Unauthenticated.SQL.Injection HIGH" "collage-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "collage-for-divi 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7save-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customer-area 8.2.5 Bulk.Delete.via.CSRF MEDIUM" "customer-area 8.2.5 Event.Log.Deletion.via.CSRF MEDIUM" "customer-area 8.2.3 .Reflected.Cross-Site.Scripting MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Leak MEDIUM" "customer-area 8.2.1 Subscriber+.Account.Address.Update MEDIUM" "customer-area 8.1.4 Unauthorised.Actions.via.CSRF MEDIUM" "customer-area 7.4.3 XSS MEDIUM" "cwd-stealth-links No.known.fix Unauthenticated.SQL.Injection HIGH" "captcha 4.4.5 Backdoored MEDIUM" "cf7-conditional-fields 2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-conditional-fields 2.4.14 Cross-Site.Request.Forgery.to.Plugin.Setting.Reset MEDIUM" "cf7-conditional-fields 2.4.2 Missing.Authorization MEDIUM" "club-management-software No.known.fix Authenticated.SQL.Injection MEDIUM" "custom-coming-soon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "calendarista 15.5.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "cm-email-blacklist 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "cm-email-blacklist 1.5.4 Reflected.XSS HIGH" "cm-email-blacklist 1.4.9 Add/Delete.Emails.via.CSRF.Add.and.delete.any.item.from.blacklist/whitelist MEDIUM" "contact-form-cfdb7 1.2.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "contact-form-cfdb7 1.2.6.5 CSV.Injection LOW" "contact-form-cfdb7 1.2.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contact-form-cfdb7 1.2.6.1 Arbitrary.Form.Deletion..via.CSRF MEDIUM" "contact-form-cfdb7 1.2.5.6 CSV.Injection MEDIUM" "contact-form-cfdb7 1.2.5.4 Authenticated.SQL.Injections CRITICAL" "chauffeur-booking-system 7.0 Authentication.Bypass CRITICAL" "chauffeur-booking-system 7.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "codebard-help-desk No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "codebard-help-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "codebard-help-desk 1.1.2 Cross-Site.Request.Forgery MEDIUM" "conversation-watson 0.8.21 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "cf7-email-add-on No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "cryout-serious-slider 1.2.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cryout-serious-slider 1.2.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "cryout-serious-slider 1.2.5 Cross-Site.Request.Forgery MEDIUM" "custom-store-locator 1.4.8 Reflected.Cross-Site.SCripting MEDIUM" "content-collector No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-collector No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "comparison-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "comparison-slider No.known.fix Missing.Authorization MEDIUM" "comparison-slider No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "camptix 1.5.1 CSV.Injection.Bypasses.and.XSS HIGH" "contexto No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-field-template 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Information.Exposure MEDIUM" "custom-field-template 2.6.2 Authenticated(Constibutor+).Stored.Cross-Site.Scripting.via.Custom.Field.Name MEDIUM" "custom-field-template 2.6.2 Authenticated.(Admin+).Stored.Cross-Site.Scritping MEDIUM" "custom-field-template 2.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "custom-field-template 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$search_label MEDIUM" "custom-field-template 2.6 Reflected.Cross-Site.Scripting HIGH" "custom-field-template 2.5.9 Cross-Site.Request.Forgery MEDIUM" "custom-field-template 2.5.8 Admin+.PHP.Object.Injection LOW" "custom-field-template 2.5.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-field-template 2.5.2 Cross-Site.Request.Forgery MEDIUM" "custom-base-terms 1.0.3 Admin+.Stored.XSS LOW" "cryptocurrency-price-ticker-widget 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-price-ticker-widget 2.6.9 Missing.Authorization MEDIUM" "cryptocurrency-price-ticker-widget 2.6.6 2.6.5.-.Unauthenticated.SQL.Injection CRITICAL" "cryptocurrency-price-ticker-widget 2.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "click-datos-lopd No.known.fix Reflected.XSS HIGH" "comments-import-export-woocommerce 2.3.9 Authenticated.(Author+).Arbitrary.File.Read.via.Directory.Traversal MEDIUM" "comments-import-export-woocommerce 2.3.6 Cross-Site.Request.Forgery MEDIUM" "comments-import-export-woocommerce 2.1.11 Cross-Site.Request.Forgery.(CSRF).Issue HIGH" "cloak-front-end-email 1.9.2 Contributor+.Stored.XSS MEDIUM" "comment-engine-pro No.known.fix Editor+.Stored.Cross-Site.Scripting LOW" "current-template-name 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "continuous-announcement-scroller No.known.fix Admin+.Stored.XSS LOW" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS MEDIUM" "cbxgooglemap 1.1.12 Contributor+.Stored.XSS.via.shortcode MEDIUM" "cysteme-finder 1.4 Unauthenticated.LFI.and.Unauthenticated.File.Upload CRITICAL" "clearfy 2.2.5 Missing.Authorization MEDIUM" "clearfy No.known.fix Cross-Site.Request.Forgery MEDIUM" "clearfy 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-by-supsystic 1.7.29 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-by-supsystic 1.7.29 Authenticated.(Admin+).Remote.Code.Execution HIGH" "contact-form-by-supsystic 1.7.28 CSRF MEDIUM" "contact-form-by-supsystic 1.7.25 CSRF MEDIUM" "contact-form-by-supsystic 1.7.20 Admin+.Stored.Cross-Site.Scripting LOW" "contact-form-by-supsystic 1.7.15 Reflected.Cross-Site.scripting.(XSS) HIGH" "contact-form-by-supsystic 1.7.11 Authenticated.SQL.Injections CRITICAL" "contact-form-by-supsystic 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "custom-field-manager No.known.fix Reflected.XSS.Vulnerability HIGH" "contact-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "contact-form-builder 1.0.69 CSRF.to.LFI HIGH" "cf7-database 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.43 Settings.update.via.CSRF MEDIUM" "cost-calculator-builder 3.2.29 Admin+.SQL.Injection MEDIUM" "cost-calculator-builder 3.2.16 Unauthenticated.SQL.Injection CRITICAL" "cost-calculator-builder 3.2.13 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "cost-calculator-builder 3.2.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Creation MEDIUM" "cost-calculator-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "calendar-booking No.known.fix Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "calendar-booking No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "critical-site-intel-stats No.known.fix Unauthenticated.SQL.Injection CRITICAL" "cf7-multi-step 2.7.8 Unauthenticated.SQL.Injection HIGH" "copyrightpro No.known.fix Settings.Update.via.CSRF MEDIUM" "cleantalk-spam-protect 6.45 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.44 Unauthenticated.Arbitrary.Plugin.Installation HIGH" "cleantalk-spam-protect 6.21 Counters.Reset/Creation.via.CSRF MEDIUM" "cleantalk-spam-protect 6.21 Email.Update.via.CSRF MEDIUM" "cleantalk-spam-protect 5.185.1 Admin+.SQLi MEDIUM" "cleantalk-spam-protect 5.174.1 Reflected.Cross-Site.Scripting MEDIUM" "cleantalk-spam-protect 5.153.4 Unauthenticated.Blind.SQL.Injection HIGH" "cleantalk-spam-protect 5.149 Multiple.Authenticated.SQL.Injections MEDIUM" "cleantalk-spam-protect 5.127.4 Cross-Site.Scripting.Issue MEDIUM" "cleantalk-spam-protect 5.22 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "content-blocks-builder 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-blocks-builder 2.3.17 Reflected.Cross-Site.Scripting MEDIUM" "contact-forms-builder No.known.fix Authentication.Request.Bypass MEDIUM" "contact-forms-builder No.known.fix Reflected.XSS HIGH" "comment-reply-email 1.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "comment-reply-email 1.0.4 Admin+.Stored.XSS LOW" "comments-with-hypercommentscom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "catch-scroll-progress-bar 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "chatbot 6.3.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "chatbot 6.2.4 Admin+.Stored.XSS LOW" "chatbot 5.5.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_list_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_delete_callback MEDIUM" "chatbot 5.3.6 Missing.Authorization.via.openai_file_upload_callback MEDIUM" "chatbot 5.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "chatbot 4.7.9 Authenticated.(Administrator+).SQL.Injection HIGH" "chatbot 4.9.7 4.9.6.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.in.FAQ.Builder MEDIUM" "chatbot 4.9.3 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.9.1 Authenticated.(Subscriber+).Directory.Traversal.to.Arbitrary.File.Write.via.qcld_openai_upload_pagetraining_file CRITICAL" "chatbot 4.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "chatbot 4.9.3 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Subscriber+.Arbitrary.File.Deletion CRITICAL" "chatbot 4.9.1 Missing.authorization.in.AJAX.calls MEDIUM" "chatbot 4.9.1 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "chatbot 4.9.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "chatbot 4.7.9 CSRF MEDIUM" "chatbot 4.7.8 Admin+.Stored.XSS.in.Language.Settings LOW" "chatbot 4.7.8 Admin+.Stored.XSS.in.FAQ.Builder LOW" "chatbot 4.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot 4.4.9 Subscriber+.OpenAI.Settings.Update.to.Stored.XSS HIGH" "chatbot 4.4.7 Unauthenticated.PHP.Object.Injection HIGH" "chatbot 4.5.1 Admin+.Stored.XSS LOW" "chatbot 4.4.9 Unauthenticated.Stored.XSS HIGH" "chatbot 4.4.5 Stored.XSS.via.CSRF HIGH" "chatbot 4.3.0 Settings.Reset.via.CSRF MEDIUM" "chatbot 4.3.1 Admin+.Stored.XSS LOW" "chatbot 4.2.9 Unauthenticated.Settings.Reset MEDIUM" "cc-bcc-for-woocommerce-order-emails No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "custom-author-base No.known.fix Settings.Update.via.CSRF MEDIUM" "callbook-mobile-bar No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "cc-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cms-commander-client 2.288 Unauthenticated.Authorisation.Bypass HIGH" "conveythis-translate 235 Missing.Authorization.to.Limited.Option.Update MEDIUM" "conveythis-translate 224 Unauthenticated.Stored.Cross-Site.Scripting.via.api_key HIGH" "co-authors-plus 3.5.2 Guest.Authors.Email.Address.Disclosure MEDIUM" "custom-page-extensions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.3 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "chained-quiz 1.3.2.9 Missing.Authorization MEDIUM" "chained-quiz 1.3.2.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.6 Admin+.Stored.XSS LOW" "chained-quiz 1.3.2.5 Arbitrary.Quiz.Deletion.&.Copying.via.CSRF MEDIUM" "chained-quiz 1.3.2.5 Arbitrary.Question.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.1 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.5 Submitted.Quiz.Response.Deletion.via.CSRF MEDIUM" "chained-quiz 1.3.2.4 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "chained-quiz 1.3.2.3 Admin+.Stored.XSS LOW" "chained-quiz 1.2.7.2 Authenticated.Stored.Cross.Site.Scripting LOW" "chained-quiz 1.1.9.1 Authenticated.Stored.XSS MEDIUM" "chained-quiz 1.1.8.2 Unauthenticated.Reflected.XSS CRITICAL" "chained-quiz 1.0.9 Unauthenticated.SQL.Injection MEDIUM" "call-me-now No.known.fix Cross-Site.Request.Forgery MEDIUM" "clickbank-storefront No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "copy-or-move-comments No.known.fix Reflected.XSS HIGH" "copy-or-move-comments No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "card-games No.known.fix CSRF.Bypass NONE" "cpo-content-types 1.1.1 Admin+.Stored.XSS LOW" "compact-wp-audio-player 1.9.15 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "compact-wp-audio-player 1.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sc_embed_player.Shortcode MEDIUM" "compact-wp-audio-player 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fileurl MEDIUM" "compact-wp-audio-player 1.9.8 Contributor+.Stored.XSS MEDIUM" "compact-wp-audio-player 1.9.7 Setting.Change.via.CSRF MEDIUM" "compact-wp-audio-player 1.9.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "custom-post-type-pdf-attachment 3.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pdf_attachment.Shortcode MEDIUM" "caret-country-access-limit 1.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "craw-data No.known.fix Server.Side.Request.Forgery MEDIUM" "content-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cm-header-footer-script-loader 1.2.2 Reflected.XSS HIGH" "codesnips No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-security-policy-pro No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "categorized-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "cs-framework No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Read HIGH" "cs-framework 7.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "contact-form-advanced-database No.known.fix Unauthorised.AJAX.Calls MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "cornerstone 0.8.1 Reflected.Cross-Site.Scripting.via.PHP_SELF MEDIUM" "cp-contact-form-with-paypal 1.3.53 Cross-Site.Request.Forgery MEDIUM" "cp-contact-form-with-paypal 1.3.02 Multiple.XSS MEDIUM" "cp-contact-form-with-paypal 1.1.6 Multiple.Vulnerabilities HIGH" "cc-canadian-mortgage-calculator 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpsimpleaccounting No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-global-variables 1.1.1 Stored.Cross-Site.Scripting.(XSS) HIGH" "contact-widgets-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "css-live No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "csprite No.known.fix Cross-Site.Request.Forgery MEDIUM" "ce21-suite 2.2.1 Unauthenticated.Privilege.Escalation CRITICAL" "ce21-suite No.known.fix JWT.Token.Disclosure CRITICAL" "ce21-suite 2.2.1 Authentication.Bypass CRITICAL" "ce21-suite No.known.fix Missing.Authorization.to.Unauthenticated.Plugin.Settings.Change MEDIUM" "contact-form-check-tester No.known.fix Broken.Access.Control.to.Cross-Site.Scripting.(XSS) HIGH" "countdown-timer-block No.known.fix Contributor+.Stored.XSS MEDIUM" "contact-form-7-designer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.7.22 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.7.21 Admin+.SQLi MEDIUM" "cbxwpbookmark 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cbxwpbookmark 1.6.9 Reflected.Cross-Site.Scripting HIGH" "custom-widget-classes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "copy-move-posts No.known.fix Missing.Authorization MEDIUM" "cryptocurrency-product-for-woocommerce 3.16.10 Reflected.Cross-Site.Scripting MEDIUM" "cryptocurrency-product-for-woocommerce 3.14.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "copyright-safeguard-footer-notice No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "contact-form-7-sms-addon 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "custom-twitter-feeds 2.2.4 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.2.3 Admin+.Stored.XSS LOW" "custom-twitter-feeds 2.2.2 Cross-Site.Request.Forgery.to.Plugin.Options.Update MEDIUM" "custom-twitter-feeds 2.2 Cross-Site.Request.Forgery MEDIUM" "custom-twitter-feeds 2.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "custom-twitter-feeds 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-cc-avenue-add-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cart66-lite 1.5.5 XSS MEDIUM" "comment-press 2.7.2 Unauthenticated.Cross-Frame.Scripting HIGH" "computer-repair-shop 3.8120 Authenticated.(Customer+).Privilege.Esclation.via.Account.Takeover CRITICAL" "computer-repair-shop 3.8122 Missing.Authorization.to.Account.Takeover/Privilege.Escalation HIGH" "computer-repair-shop 3.8116 Unauthenticated.Arbitrary.File.Upload CRITICAL" "culture-object 4.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "cj-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "coming-soon-page 3.7.4 IP.Address.Spoofing.via.get_real_ip MEDIUM" "coming-soon-page 3.6.8 Arbitrary.Email.Sending.to.Subscribed.Users.via.CSRF LOW" "coming-soon-page 3.6.7 Subscriber+.Arbitrary.Email.Sending.to.Subscribed.Users MEDIUM" "coming-soon-page 3.5.3 Authenticated.Stored.XSS LOW" "control-block-patterns No.known.fix Missing.Authorization MEDIUM" "cs-element-bucket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cf7-styler No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.9 Reflected.XSS MEDIUM" "cf7-styler 1.6.9 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.6.5 Missing.Authorization.via.Several.AJAX.Action MEDIUM" "cf7-styler 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler 1.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-constant-contact-fields-mapping No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-reply-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "coming-soon 6.18.4 Editor+.Stored.XSS MEDIUM" "coming-soon 6.15.22 Unauthenticated.Plugin.Page.Content.Update MEDIUM" "coming-soon 6.15.15.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "coming-soon 5.1.2 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "comparepress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-login-page No.known.fix Reflected.XSS HIGH" "comments-disable-accesspress 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "cf7-store-to-db-lite 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "cf7-store-to-db-lite 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "cardoza-facebook-like-box 4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "coming-soons No.known.fix Under.Construction.<=.1.2.0.-.Admin+.Stored.Cross-Site.Scripting LOW" "click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-to-tweet No.known.fix Reflected.XSS HIGH" "click-to-tweet No.known.fix Missing.Authorization MEDIUM" "cool-tag-cloud 2.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "common-ninja No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.livesite-pay.Shortcode MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "contact-form-with-a-meeting-scheduler-by-vcita 4.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "currency-per-product-for-woocommerce 1.7.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "custom-dashboard-widgets No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.cdw_DashboardWidgets HIGH" "codestyling-localization No.known.fix Multiple.CSRF HIGH" "cherry-plugin 1.2.7 Unauthenticated.Arbitrary.File.Upload.and.Download CRITICAL" "custom-registration-form-builder-with-submission-manager 6.0.3.4 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 6.0.2.7 Unauthenticated.Privilege.Escalation.via.Password.Recovery CRITICAL" "custom-registration-form-builder-with-submission-manager 6.0.2.1  Stored.XSS LOW" "custom-registration-form-builder-with-submission-manager 6.0.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 6.0.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.2.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "custom-registration-form-builder-with-submission-manager 5.3.1.0 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "custom-registration-form-builder-with-submission-manager 5.2.6.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 IP.Spoofing MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.5.1 Form.Submission.Limit.Bypass MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.6 Authenticated(Administrator+).SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.1 Missing.Authorization MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.3.0 Cross-Site.Request.Forgery MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.4.2 Reflected.Cross-Site.Scripting.via.section_id MEDIUM" "custom-registration-form-builder-with-submission-manager 5.2.1.1 Unauthenticated.Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 5.2.1.0 Admin+.Arbitrary.Password.Update.via.IDOR MEDIUM" "custom-registration-form-builder-with-submission-manager 5.1.9.3 Form.Deletion.via.CSRF MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.2.2 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.9 Reflected.Cross-Site.Scripting HIGH" "custom-registration-form-builder-with-submission-manager 5.0.1.6 Admin+.SQL.Injection MEDIUM" "custom-registration-form-builder-with-submission-manager 5.0.1.8 Authentication.Bypass CRITICAL" "custom-registration-form-builder-with-submission-manager 4.6.0.4 Multiple.Critical.Issues HIGH" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Authenticated.SQL.Injection.via.Form_id MEDIUM" "custom-registration-form-builder-with-submission-manager 4.6.0.3 Multiple.Cross-Site.Scripting.(XSS) HIGH" "cobwebo-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "copymatic 2.0 Missing.Authorization MEDIUM" "copymatic 1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "configure-login-timeout No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "changyan No.known.fix Missing.Authorization MEDIUM" "custom-welcome-guide 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "custom-welcome-guide 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clinked-client-portal 1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "checkout-freemius-rewamped 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "cart-weight-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cart-weight-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cleanup-action-scheduler 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "cta 2.5.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "campation-postoffice No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "campation-postoffice 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cc-coming-soon No.known.fix Reflected.XSS HIGH" "cryptocurrency-prices No.known.fix Contributor+.Stored.XSS MEDIUM" "category-page-icons No.known.fix Arbitrary.File.Upload/Deletion.via.Path.Traversal CRITICAL" "custom-tabs-for-products-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-ready 2.0.12 Form.Styling.Update.via.CSRF MEDIUM" "checkbox 0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "checkbox 0.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "caddy 1.9.8 Cross-Site.Request.Forgery MEDIUM" "chatplusjp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "catch-sticky-menu 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "click-to-chat-for-whatsapp 4.0 Contributor+.LFI HIGH" "click-to-chat-for-whatsapp 3.18.1 Contributor+.Stored.XSS MEDIUM" "coru-lfmember No.known.fix Arbitrary.Game.Deletion/Activation.via.CSRF MEDIUM" "coru-lfmember No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "collapsing-archives 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "core-control No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "crm-customer-relationship-management-by-vcita No.known.fix Missing.Authorization.to.Authenticated.(Susbcriber+).Widget.Toggle MEDIUM" "crm-customer-relationship-management-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "crm-customer-relationship-management-by-vcita 2.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clinicalwp-core No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "clinicalwp-core No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "convert-post-types No.known.fix Cross-Site.Request.Forgery MEDIUM" "convert-post-types No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-hubs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "content-hubs 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "category-post-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contact-form-add No.known.fix CSRF HIGH" "contact-form-add 1.9.8.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "contact-form-add 1.9.8.4 Authenticated.Stored.Cross-Site.Scripting LOW" "contact-form-7-multi-step-addon 1.0.7 Injected.Backdoor CRITICAL" "custom-tinymce-shortcode-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contexture-page-security No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "content-no-cache 0.1.3 Unauthenticated.Private.Content.Disclosure MEDIUM" "christmas-greetings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "countdown-block 1.1.2 Missing.Authorisation.in.AJAX.action MEDIUM" "customizable-captcha-and-contact-us-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cmc-migrate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cluevo-lms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cluevo-lms No.known.fix Cross-Site.Request.Forgery.to.Module.Deletion MEDIUM" "cluevo-lms 1.11.0 Settings.Update.via.CSRF MEDIUM" "cluevo-lms 1.8.1 Admin+.Stored.Cross.Site.Scripting LOW" "cache-images 3.2.1 Image.Upload./.Import.via.CSRF MEDIUM" "css3-rotating-words 5.7 Cross-Site.Request.Forgery MEDIUM" "css3-rotating-words 5.5 Cross-Site.Request.Forgery.via.save_admin_options MEDIUM" "cost-calculator-builder-pro 3.2.16 Unauthenticated.SQL.Injection.via.data HIGH" "cost-calculator-builder-pro No.known.fix .Unauthenticated.Price.Manipulation MEDIUM" "cost-calculator-builder-pro 3.1.76 Unauthenticated.Arbitrary.Email.Sending MEDIUM" "cost-calculator-builder-pro 3.1.73 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "cost-calculator-builder-pro 3.1.68 Unauthenticated.Cross-Site.Scripting.via.SVG.Upload HIGH" "cwd-3d-image-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cyberus-key 1.1 Admin+.Stored.XSS LOW" "category-icon 1.0.1 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "creative-mail-by-constant-contact 1.6.0 Settings.Reset.via.CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 Multiple.CSRF MEDIUM" "creative-mail-by-constant-contact 1.6.0 CSRF MEDIUM" "content-excel-importer 4.3 Reflected.Cross-Site.Scripting MEDIUM" "campaign-url-builder 1.8.2 Contributor+.Stored.XSS MEDIUM" "catch-gallery 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "crazy-call-to-action-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "code-generator-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "comments-from-facebook 2.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "chatbot-support-ai No.known.fix Admin+.Stored.XSS LOW" "cmyee-momentopress 1.0.2 Contributor+.Stored.XSS MEDIUM" "content-egg 5.5.0 Multiple.CSRF MEDIUM" "content-egg 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "content-egg 5.3.0 Reflected.Cross-Site.Scripting MEDIUM" "checklist 1.1.9 Unauthenticated.Reflected.XSS MEDIUM" "companion-sitemap-generator 4.5.3 Reflected.XSS HIGH" "companion-sitemap-generator 4.5.3 Contributor+.Stored.XSS MEDIUM" "companion-sitemap-generator 3.7.0 CSRF HIGH" "classified-listing 4.0.5 Unauthenticated.Settings.Exposure MEDIUM" "classified-listing 3.1.16 Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update HIGH" "classified-listing 3.1.17 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "classified-listing 3.1.8 Missing.Authorization MEDIUM" "classified-listing 3.0.11 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "classified-listing 3.0.5 Missing.Authorization MEDIUM" "classified-listing 3.0.5 Cross-Site.Request.Forgery.to.Account.Takeover.via.rtcl_update_user_account HIGH" "classified-listing 2.4.6 Cross-Site.Request.Forgery MEDIUM" "classified-listing 2.2.14 Reflected.Cross-Site.Scripting MEDIUM" "community-events 1.5.1 Admin+.Stored.XSS LOW" "community-events 1.5 Event.Deletion.via.CSRF MEDIUM" "community-events 1.4.9 Admin+.Stored.XSS LOW" "community-events 1.4.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "community-events 1.4 SQL.Injection CRITICAL" "contact-form-7-to-database-extension 2.10.36 CSV.Injection CRITICAL" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_address MEDIUM" "contact-form-plugin 4.2.9 Reflected.Cross-Site.Scripting.via.cntctfrm_contact_subject MEDIUM" "contact-form-plugin 4.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 4.0.2 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "contact-form-plugin 3.96 XSS MEDIUM" "contact-form-plugin 3.82 Unauthorized.Language.Manipulation MEDIUM" "contact-form-plugin 3.82 contact_form.php.cntctfrm_contact_email.Parameter.XSS MEDIUM" "current-menu-item-for-custom-post-types 1.6 Cross-Site.Request.Forgery MEDIUM" "category-post-list-widget No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_title] MEDIUM" "custom-field-suite No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Term.Custom.Field HIGH" "custom-field-suite No.known.fix Contributor+.PHP.Code.Injection.via.Loop.Custom.Field HIGH" "custom-field-suite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cfs[post_content] MEDIUM" "custom-field-suite 2.6.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "custom-field-suite 2.6.3 Admin+.Stored.XSS LOW" "custom-field-suite 2.5.15 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "cp-multi-view-calendar 1.4.07 Unauthenticated.Arbitrary.Event.Creation.to.Stored.XSS HIGH" "cp-multi-view-calendar 1.4.01 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "custom-post-types 5.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "custom-post-types 5.0.3 Admin+.Stored.XSS LOW" "cp-image-store 1.0.68 Unauthenticated.SQLi HIGH" "chessgame-shizzle 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "catch-breadcrumb 1.7 Unauthorised.Plugin's.Setting.Change MEDIUM" "catch-breadcrumb 1.5.7 Unauthenticated.Reflected.XSS MEDIUM" "content-repeater No.known.fix Admin+.Stored.XSS LOW" "custom-content-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "custom-content-shortcode No.known.fix Contributor+.LFI CRITICAL" "custom-content-shortcode 4.0.2 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "custom-content-shortcode 4.0.1 Unauthorised.Arbitrary.Post.Metadata.Access MEDIUM" "custom-content-shortcode 4.0.2 Authenticated.Arbitrary.File.Access./.LFI HIGH" "canto 3.0.9 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto 3.0.7 Unauthenticated.RCE CRITICAL" "canto 3.0.5 Unauthenticated.Remote.File.Inclusion CRITICAL" "canto No.known.fix Unauthenticated.Blind.SSRF MEDIUM" "cpo-companion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cpo-companion 1.1.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "cpo-companion 1.1.0 Admin+.Stored.XSS LOW" "contact-manager 8.6.5 Unauthenticated.Arbitrary.Double.File.Extension.Upload HIGH" "connected-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "connected-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "coming-soon-by-supsystic 1.7.11 Cross-Site.Request.Forgery MEDIUM" "coming-soon-by-supsystic 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "clean-social-icons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "chaty-pro 3.3.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "chaty-pro 2.8.2 Reflected.Cross-Site.Scripting HIGH" "carousel-anything No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cosmetsy-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "connect-daily-web-calendar 1.4.5 Multiple.Reflected.XSS HIGH" "cab-grid 1.6 Admin+.Stored.XSS LOW" "coblocks 3.1.14 Missing.Authorization MEDIUM" "coblocks 3.1.13 Editor+.Stored.XSS LOW" "coblocks 3.1.12 Contributor+.SSRF LOW" "coblocks 3.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Profiles MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "coblocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "cf7-dynamics-crm 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "constant-contact-forms 2.4.3 Information.Disclosure.via.Log.Files MEDIUM" "constant-contact-forms 1.8.8 Multiple.Authenticated.Stored.XSS MEDIUM" "content-aware-sidebars 3.19.1 Reflected.Cross-Site.Scripting MEDIUM" "content-aware-sidebars 3.17.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "content-aware-sidebars 3.8.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "ctt-expresso-para-woocommerce 3.2.13 Information.Exposure.via.Unprotected.Directory MEDIUM" "ctt-expresso-para-woocommerce 3.2.13 Admin+.Stored.XSS LOW" "ctt-expresso-para-woocommerce 3.2.12 Admin+.Stored.XSS LOW" "cartoon-url No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "croma-music 3.6.1 Authenticated.(Subscriber+).Arbitrary.Options.Update.in.ironMusic_ajax HIGH" "code-snippets 3.6.0 Arbitrary.settings.change.via.CSRF MEDIUM" "code-snippets 2.14.4 Reflected.Cross-Site.Scripting MEDIUM" "code-snippets 2.14.3 Reflected.Cross-Site.Scripting HIGH" "code-snippets 2.14.0 CSRF.to.RCE HIGH" "custom-simple-rss 2.0.7 CSRF MEDIUM" "control-horas No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "category-posts 4.9.18 Admin+.Stored.XSS LOW" "category-posts 4.9.17 Admin+.Stored.XSS LOW" "canvasflow No.known.fix Reflected.XSS HIGH" "ck-and-syntaxhighlighter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "convertful 2.6 Missing.Authorization.via.add_woo_coupon MEDIUM" "candidate-application-form No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "commonsbooking 2.6.8 Unauthenticated.SQL.Injection HIGH" "cmp-coming-soon-maintenance 4.1.11 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "cmp-coming-soon-maintenance 4.1.8 Maintenance.Mode.Bypass MEDIUM" "cmp-coming-soon-maintenance 4.1.7 Unauthenticated.Post/Page.Access.in.Maintenance.Mode MEDIUM" "cmp-coming-soon-maintenance 4.0.19 Unauthenticated.Arbitrary.CSS.Update HIGH" "cmp-coming-soon-maintenance 3.8.2 Coming.Soon.&.Maintenance.<.3.8.2.-.Improper.Access.Controls.on.AJAX.Calls HIGH" "content-warning-v2 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-forms-anti-spam 2.2.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Change MEDIUM" "contact-forms-anti-spam 2.1.3 Advanced.Spam.protection.<.2.1.3.-.Admin+.Stored.XSS LOW" "contact-forms-anti-spam 0.10.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "contact-forms-anti-spam 0.10.4 IP.Validation.Bypass MEDIUM" "contact-forms-anti-spam 0.9.3 Unauthenticated.Stored.Cross-Site.Scripting.via.efas_add_to_log MEDIUM" "contact-forms-anti-spam 0.7.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Contributor+.Stored.XSS MEDIUM" "codelights-shortcodes-and-widgets No.known.fix Admin+.Stored.Cross.Site.Scripting MEDIUM" "coschool No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "cartflows 2.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cartflows 2.0.2 Editor+.Stored.XSS LOW" "cartflows 1.6.13 Authenticated.Stored.XSS.via.FB.Pixel.ID.and.Google.Analytics.ID MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery MEDIUM" "cartflows 1.5.16 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "css-js-manager 2.4.49.1 Multiple.CSRF MEDIUM" "content-text-slider-on-post 6.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "community-yard-sale No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cookiemonster No.known.fix Admin+.Stored.XSS LOW" "contact-form-integrated-with-google-maps 2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "corner-ad 1.0.57 Ads.Deletion.via.CSRF MEDIUM" "corner-ad 1.0.8 Admin+.Stored.XSS LOW" "contact-form-x 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "coronavirus-covid-19-notice-message No.known.fix Admin+.Stored.XSS LOW" "co2ok-for-woocommerce 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "co2ok-for-woocommerce 1.0.9.22 Subscriber+.Arbitrary.Option.Update CRITICAL" "contact-form-7-round-robin-lead-distribution No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "contact-form-7-round-robin-lead-distribution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cybersoldier 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "cookie-bar 2.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "cookie-bar 1.8.9 Admin+.Stored.Cross-Site.Scripting LOW" "copyscape-premium 1.4.0 Stored.XSS.via.CSRF HIGH" "counter-yandex-metrica No.known.fix Admin+.Stored.XSS LOW" "cp-simple-newsletter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cp-simple-newsletter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "contextual-related-posts 3.3.1 Contributor+.Stored.XSS MEDIUM" "contextual-related-posts 2.9.4 CSRF.Nonce.Validation.Bypass MEDIUM" "contextual-related-posts 1.8.7 Cross-Site.Request.Forgery MEDIUM" "contextual-related-posts 1.8.10.2 Multiple.Parameter.SQL.Injection HIGH" "contest-code-checker 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.8 Reflected.Cross-Site.Scripting MEDIUM" "contest-code-checker 1.9.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "client-power-tools 1.9.1 Reflected.Cross-Site.Scripting MEDIUM" "chart-builder 2.9.6 Unauthenticated.Local.File.Inclusion.via.source CRITICAL" "chart-builder 2.7.7 Reflected.Cross-Site.Scripting MEDIUM" "chart-builder 2.0.7 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "chart-builder 1.9.7 Admin+.Stored.XSS LOW" "custom-field-finder 0.4 Authenticated.(Author+).PHP.Object.Injection HIGH" "cm-table-of-content 1.2.4 Stored.XSS.via.CSRF HIGH" "cm-table-of-content 1.2.3 Settings.Reset.via.CSRF MEDIUM" "create-with-code 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "check-zipcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "check-zipcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cm-answers 3.2.7 Missing.Authorization MEDIUM" "cm-answers 3.2.0 Admin+.Stored.XSS LOW" "cf7-redirect-thank-you-page 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "cf7-redirect-thank-you-page 1.0.4 Cross-Site.Request.Forgery MEDIUM" "catalyst-connect-client-portal 2.1.0 Admin+.Stored.XSS LOW" "catalyst-connect-client-portal 2.1.0 Reflected.XSS HIGH" "css-js-files 1.5.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "change-login-logo 1.1.5 Authenticated.Stored.Cross-Site.Scripting LOW" "countdown-wpdevart-extended 1.8.3 Admin+.Stored.XSS LOW" "countdown-wpdevart-extended 1.5.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "check-email 1.0.10 Unauthenticated.Hook.Injection HIGH" "check-email 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "check-email 1.0.4 Reflected.Cross-Site.Scripting HIGH" "check-email 1.0.3 Admin+.SQL.Injections MEDIUM" "check-email 0.5.2 Cross-Site.Scripting.(XSS) MEDIUM" "change-wp-admin-login 1.1.4 Secret.Login.Page.Disclosure MEDIUM" "change-wp-admin-login 1.1.0 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "copify No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "cloudnet-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contests-from-rewards-fuel 2.0.66 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "contests-from-rewards-fuel 2.0.65 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.update_rewards_fuel_api_key MEDIUM" "contests-from-rewards-fuel 2.0.63 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-fields-shortcode No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "cf7-widget-elementor 2.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "cf7-widget-elementor 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7_redirect_page.Attribute MEDIUM" "cf7-widget-elementor 2.4 Missing.Authorization MEDIUM" "conversador No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "continue-shopping-from-cart-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "crelly-slider 1.4.7 Admin+.Stored.XSS LOW" "crelly-slider 1.4.6 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "crelly-slider No.known.fix Admin+.Stored.XSS LOW" "crelly-slider 1.3.5 Arbitrary.File.Upload HIGH" "custom-add-to-cart-button-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "cart-lift 3.1.6 Reflected.XSS HIGH" "checkout-files-upload-woocommerce 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "coupon-zen 1.0.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "classy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "content-slider-block 3.1.6 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "captcha-bank No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customize-my-account-for-woocommerce 2.9.0 Reflected.Cross-Site.Scripting MEDIUM" "customize-my-account-for-woocommerce 2.7.30 Reflected.Cross-Site.Scripting.via.tab.Parameter MEDIUM" "customize-my-account-for-woocommerce 1.8.4 Cross-Site.Request.Forgery.via.restore_my_account_tabs MEDIUM" "custom-css-js 3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "crafthemes-demo-import No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload.in.process_uploaded_files HIGH" "crafthemes-demo-import No.known.fix Missing.Authorization.to.Arbitrary.Plugin.Installation HIGH" "compare-affiliated-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "compare-affiliated-products No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cubepm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clyp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.4 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "crm-perks-forms 1.1.6 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "crm-perks-forms 1.1.5 Unauthenticated.SQL.Injection CRITICAL" "crm-perks-forms 1.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "crm-perks-forms 1.1.1 Reflected.XSS HIGH" "custom-banners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-banners 3.3 CSRF.Nonce.Bypass.in.saveCustomFields MEDIUM" "custom-banners 2.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "cosmic-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "chaty 3.3.6 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "chaty 3.2.3 Admin+.Stored.XSS LOW" "chaty 3.1.9 Editor+.Stored.XSS LOW" "chaty 3.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "chaty 3.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.1 Reflected.XSS HIGH" "chaty 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "chaty 3.0.3 Admin+.SQLi MEDIUM" "chaty 2.8.4 Admin+.Stored.Cross-Site.Scripting MEDIUM" "chaty 2.8.3 Reflected.Cross-Site.Scripting HIGH" "ceceppa-multilingua No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "cognito-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "cm-video-lesson-manager 1.8.3 Reflected.XSS HIGH" "cm-video-lesson-manager 1.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "cmsmasters-elementor-addon 1.15.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "citadela-directory No.known.fix Cross-Site.Request.Forgery MEDIUM" "citadela-directory No.known.fix Unauthenticated.Sensitive.Information.Exposure HIGH" "cf7-calendly-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cross-linker No.known.fix Arbitrary.Cross-Link.Creation.via.CSRF MEDIUM" "cookielay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cookielay.Shortcode MEDIUM" "capa No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "clickbank-ads-clickbank-widget 1.35 Admin+.Stored.Cross-Site.Scripting LOW" "clickbank-ads-clickbank-widget 1.35 CSRF.to.Stored.Cross-Site.Scripting HIGH" "clean-contact No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "csv-wc-product-import-export No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Creation MEDIUM" "cf7-message-filter 1.6.3.1 Subscriber+.Filter.Updates/Deletions MEDIUM" "cf7-message-filter 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "cf7-message-filter 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "captain-slider No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "calculated-fields-form 5.2.64 Denial.of.Service MEDIUM" "calculated-fields-form 5.2.64 Admin+.Stored.XSS LOW" "calculated-fields-form 5.2.46 HTML.Injection MEDIUM" "calculated-fields-form 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "calculated-fields-form 5.1.57 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "calculated-fields-form 1.2.53 Contributor+.Stored.XSS MEDIUM" "calculated-fields-form 1.2.29 Contributor+.Open.Redirect MEDIUM" "calculated-fields-form 1.2.41 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "calculated-fields-form 1.1.151 Admin+.Stored.Cross-Site.Scripting.via.Dropdown.Fields LOW" "calculated-fields-form 1.0.354 Authenticated.Stored.XSS MEDIUM" "chesstempoviewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "click-to-top 1.2.8 Authenticated.Stored.Cross-Site.Scripting LOW" "clasify-classified-listing No.known.fix Reflected.XSS HIGH" "cm-registration-pro 3.2.1 PHP.Object.Injection MEDIUM" "custom-post-type-cpt-cusom-taxonomy-ct-manager No.known.fix Stored.XSS.via.CSRF HIGH" "comments-on-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "change-uploaded-file-permissions No.known.fix File.Permission.Update.via.CSRF MEDIUM" "chameleon-jobs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "create-block-theme 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "cryptocurrency-pricing-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-generator No.known.fix Contributor+.SQLi MEDIUM" "contact-form-generator 2.6.0 Reflected.XSS HIGH" "contact-form-generator 2.5.5 Multiple.Cross-Site.Request.Forgery.(CSRF) HIGH" "chronoforms No.known.fix CSRF MEDIUM" "custom-post-type-page-template No.known.fix Cross-Site.Request.Forgery MEDIUM" "configure-conference-room No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "category-specific-rss-feed-menu 2.3 Admin+.Stored.XSS LOW" "category-specific-rss-feed-menu 2.2 Settings.Update.via.CSRF MEDIUM" "carousel-slider 2.2.4 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.0.0 Cross-Site.Request.Forgery MEDIUM" "carousel-slider 2.2.4 Editor+.Stored.XSS LOW" "carousel-slider 2.2.11 Editor+.Stored.XSS LOW" "carousel-slider 2.2.10 Editor+.Stored.XSS MEDIUM" "carousel-slider 2.2.7 Editor+.Stored.XSS LOW" "carousel-slider 2.2.3 Missing.Authorization MEDIUM" "contact-form-to-db 1.7.3 Authenticated.(Author+).SQL.Injection CRITICAL" "contact-form-to-db 1.7.2 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "create-custom-dashboard-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "create-custom-dashboard-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "count-per-day 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "count-per-day 3.5.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "count-per-day 3.4.1 SQL.Injection MEDIUM" "custom-post-view-generator No.known.fix Reflected.Cross-Site.Scripting HIGH" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization.to.Authenticated.(Contributor+).PHP.Object.Injection HIGH" "coupon-x-discount-pop-up 1.3.6 Missing.Authorization MEDIUM" "custom-share-buttons-with-floating-sidebar 4.2 Admin+.Stored.XSS LOW" "calculator-builder 1.6.3 Unauthenticated.Local.File.Inclusion HIGH" "calculator-builder 1.5.1 Reflected.XSS MEDIUM" "cookie-consent-autoblock No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "custom-map No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.3 Reflected.Cross-Site.Scripting HIGH" "clio-grow-form 1.0.1 Admin+.Stored.XSS LOW" "crm-memberships No.known.fix Admin+.Stored.XSS LOW" "cloudflare-cache-purge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-paystack-add-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-form-master No.known.fix Reflected.XSS HIGH" "christian-science-bible-lesson-subjects 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cgc-maintenance-mode No.known.fix Sensitive.Information.Exposure MEDIUM" "cgc-maintenance-mode No.known.fix IP.Spoofing MEDIUM" "cnzz51la-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cmb2 2.11.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "contact-form-manager 1.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "captainform No.known.fix Reflected.Cross-Site.Scripting.via.REQUEST_URI MEDIUM" "captainform No.known.fix CSRF MEDIUM" "call-to-action-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coaching-staffs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "custom-login-redirect No.known.fix CSRF.to.Stored.XSS HIGH" "cpo-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "cpo-shortcodes No.known.fix Admin+.Stored.XSS LOW" "calendar-event 1.4.7 Unauthenticated.Arbitrary.Event.Deletion MEDIUM" "calendar-event 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "cookies-by-jm No.known.fix Admin+.Stored.XSS LOW" "coming-soon-maintenance-mode 1.0.6 Information.Exposure MEDIUM" "cm-map-locations 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "clickcease-click-fraud-protection 3.2.5 Improper.Authorization.to.sensitive.information.exposure.via.get_settings MEDIUM" "clickcease-click-fraud-protection 3.2.8 Cross-Site.Request.Forgery MEDIUM" "caxton No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "caxton 1.30.1 Reflected.Cross-Site.Scripting MEDIUM" "caxton 1.30.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "conditional-logic-for-woo-product-add-ons 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-list 2.9.88 Missing.Authorization.to.Notice.Dismissal MEDIUM" "contact-list 2.9.72 Reflected.Cross-Site.Scripting MEDIUM" "contact-list 2.9.50 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-list 2.9.42 Reflected.Cross-Site.Scripting HIGH" "clickwhale 2.4.4 Cross-Site.Request.Forgery MEDIUM" "clickwhale 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "clickwhale 2.4.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "change-default-login-logo-url-and-title No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-7-star-rating No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "codepress-admin-columns 4.3 Admin+.Stored.XSS.in.Label LOW" "codepress-admin-columns 4.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Custom.Field MEDIUM" "car-demon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-mollie No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "cf7-mollie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "custom-contact-forms 5.1.0.4 Unauthenticated.Database.Import/Export CRITICAL" "custom-contact-forms 5.1.0.3 Authenticated.Cross.Site.Scripting CRITICAL" "custom-product-builder-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "correos-express No.known.fix Sensitive.Information.Disclosure HIGH" "contact-form-7-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cozy-addons 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "cforms2 15.0.7 Unauthenticated.Stored.XSS HIGH" "cforms2 15.0.7 Admin+.Stored.XSS LOW" "cforms2 15.0.5 Settings.Update.via.CSRF MEDIUM" "cforms2 15.0.2 Unauthenticated.HTML.Injection.&.CSRF HIGH" "cforms2 14.13.3 Multiple.XSS MEDIUM" "cforms2 14.13 SQL.Injection CRITICAL" "cforms2 14.6.10 SQL.Injection CRITICAL" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.7.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).PHP.Object.Injection MEDIUM" "countdown-builder No.known.fix Admin+.Stored.XSS LOW" "countdown-builder 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "countdown-builder No.known.fix Pro.Features.Lock.Bypass LOW" "countdown-builder 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "currency-switcher 1.2.0.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "currency-switcher 1.2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "currency-switcher 1.2.0.2 Cross-Site.Request.Forgery MEDIUM" "currency-switcher 1.2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.2.0 Subscriber+.Missing.Authorization.Checks MEDIUM" "currency-switcher 1.2.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "currency-switcher 1.1.7 Arbitrary.Plugin's.Settings.Change.via.CSRF MEDIUM" "custom-order-numbers-for-woocommerce 1.4.1 CSRF MEDIUM" "conditional-shipping-for-woocommerce 2.3.2 Ruleset.Toggle.via.CSRF MEDIUM" "comment-guestbook No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "currency-converter-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "catalog No.known.fix Admin+.SQL.Injection MEDIUM" "customizely No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "customizely 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-dynamic-text-extension 5.0.2 Cross-Site.Request.Forgery MEDIUM" "contact-form-7-dynamic-text-extension 4.5.1 Information.Disclosure.via.Shortcode MEDIUM" "contact-form-7-dynamic-text-extension 4.2.0 Insecure.Direct.Object.Reference MEDIUM" "content-cards No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "content-cards 0.9.7 Cross-Site.Scripting.(XSS) MEDIUM" "content-syndication-toolkit-reader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.IP.Spoofing MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "coming-soon-maintenance-mode-from-acurax No.known.fix Unauthenticated.Stored.XSS HIGH" "camoo-sms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contact-bank No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "categories-gallery-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cleverwise-daily-quotes No.known.fix Stored.XSS.via.CSRF HIGH" "custom-tiktok-video-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cf7-customizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-customizer No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "conditional-marketing-mailer 1.5.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "conditional-marketing-mailer 1.6 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "cc-child-pages 1.43 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxUpdateFolderPosition MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxClearCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxDeleteCategory MEDIUM" "categorify 1.0.7.5 Missing.Authorization.in.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxRenameCategory MEDIUM" "categorify 1.0.7.5 Cross-Site.Request.Forgery.via.categorifyAjaxAddCategory MEDIUM" "categorify 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "country-flags-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cryptocurrency-donation-box 1.8 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "comment-reply-notification No.known.fix Cross-Site.Request.Forgery MEDIUM" "custom-post-type-list-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "cyber-new-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "charitable 1.8.3.1 Reflected.Cross-Site.Scripting MEDIUM" "charitable 1.8.1.15 Insecure.Direct.Object.Reference.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "charitable 1.8.1.8 Missing.Authorization.via.ajax_license_check() MEDIUM" "charitable 1.8.1.8 Missing.Authorization.to.Unauthorized.Donation MEDIUM" "charitable 1.7.0.14 Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "charitable 1.7.0.13 Unauthenticated.Privilege.Escalation CRITICAL" "charitable 1.7.0.11 Reflected.XSS HIGH" "charitable 1.6.51 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "charitable 1.6.51 Donation.Plugin.<.1.6.51.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "charitable 1.5.14 Unauthorised.Access HIGH" "currency-converter-calculator 1.3.2 Contributor+.Stored.XSS MEDIUM" "convertkit 2.4.9.1 Missing.Authorization MEDIUM" "convertkit 2.4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "convertkit 2.2.1 Reflected.XSS HIGH" "convertkit 2.0.5 Contributor+.Stored.XSS MEDIUM" "cmsmasters-content-composer 1.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "calendar-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "cardealerpress 6.7.2411.00 Reflected.Cross-Site.Scripting MEDIUM" "cpt-to-map-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "cities-shipping-zones-for-woocommerce 1.2.8 Authenticated.(Shop.Manager+).Local.File.Inclusion HIGH" "cube-slider No.known.fix Admin+.SQLi MEDIUM" "company-updates-for-linkedin No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "custom-icons-for-elementor 0.3.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "cf7-styler-for-divi 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "cf7-styler-for-divi 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cf7-easy-math-captcha No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "cart-tracking-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-with-captcha No.known.fix Cross-Site.Request.Forgery MEDIUM" "contact-form-with-captcha 1.6.8 CSRF.to.Stored.Cross-Site.Scripting HIGH" "cookie-law-info 1.8.3 Improper.Access.Controls CRITICAL" "cartflows-pro 1.11.13 CSRF MEDIUM" "cartflows-pro 1.11.12 Reflected.Cross-Site.Scripting HIGH" "contact-form-7-paypal-add-on 2.3.2 PayPal.&.Stripe.Add-on.<.2.3.2.-.Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-paypal-add-on 2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "contact-form-7-paypal-add-on 1.9.4 Cross-Site.Request.Forgery MEDIUM" "custom-post-type-lockdown No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "cool-facebook-page-feed-timeline No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "cowidgets-elementor-addons No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "cowidgets-elementor-addons 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.heading_tag.Parameter MEDIUM" "card-elements-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Profile.Card.Widget MEDIUM" "card-elements-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "catch-popup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "comfino-payment-gateway 4.1.2 Reflected.Cross-Site.Scripting HIGH" "clipr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "content-audit 1.9.2 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "commenting-feature 3.2 Reflected.Cross-Site.Scripting MEDIUM" "commenting-feature 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "conditional-payments-for-woocommerce 2.3.2 Plugin.RuleSets.Activation/Deactivation.via.CSRF MEDIUM" "cookie-notice-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "category-seo-meta-tags No.known.fix Cross-Site.Request.Forgery.via.csmt_admin_options MEDIUM" "category-seo-meta-tags No.known.fix Admin+.Stored.XSS LOW" "contentlock No.known.fix Settings.Update.via.CSRF MEDIUM" "contentlock No.known.fix Email.Adding.via.CSRF MEDIUM" "contentlock No.known.fix Groups/Emails.Deletion.via.CSRF MEDIUM" "custom-settings No.known.fix Admin+.Stored XSS LOW" "chat-bee No.known.fix Admin+.Stored.XSS LOW" "competition-form No.known.fix Reflected.XSS HIGH" "competition-form No.known.fix Competition.Deletion.via.CSRF MEDIUM" "compare-ninja-comparison-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "classified-listing-store 1.4.20 Reflected.Cross-Site.Scripting MEDIUM" "content-grabber No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "campus-explorer-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery 26.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "contest-gallery 25.1.2 Authenticated.(Author+).SQL.Injection MEDIUM" "contest-gallery 24.0.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 24.0.8 Unauthenticated.Arbitrary.Password.Reset CRITICAL" "contest-gallery 24.0.4 Unauthenticated.SQL.Injection CRITICAL" "contest-gallery 23.1.3 Unauthenticated.Information.Exposure MEDIUM" "contest-gallery 23.1.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.5 Authenticated.(Author+).Arbitrary.File.Deletion MEDIUM" "contest-gallery 21.3.6 Reflected.Cross-Site.Scripting MEDIUM" "contest-gallery 21.3.2.1 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "contest-gallery 21.3.1 Author+.Stored.Cross.Site.Scripting MEDIUM" "contest-gallery 21.2.9 Cross-Site.Request.Forgery MEDIUM" "contest-gallery 21.2.8.1 Unauthenticated.Stored.XSS.via.HTTP.Headers HIGH" "contest-gallery 21.1.2.1 Reflected.XSS HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5.1 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Author+.SQL.Injection MEDIUM" "contest-gallery 19.1.5 Unauthenticated.SQL.Injection HIGH" "contest-gallery 19.1.5 Admin+.SQL.Injection MEDIUM" "contest-gallery 14.0.0 Unauthenticated.Stored.XSS MEDIUM" "contest-gallery 17.0.5 Author+.SQLi HIGH" "contest-gallery 14.0.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "contest-gallery 13.1.0.6 Missing.Access.Controls.to.Unauthenticated.SQL.injection./.Email.Address.Disclosure HIGH" "contest-gallery 13.1.0.7 Subscriber+.Email.Address.Disclosure MEDIUM" "contest-gallery 10.4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "crayon-syntax-highlighter No.known.fix Contributor+.Server.Side.Request.Forgery MEDIUM" "crayon-syntax-highlighter No.known.fix Cross-Site.Request.Forgery MEDIUM" "crayon-syntax-highlighter 2.8.4 Multiple.XSS MEDIUM" "custom-user-guide 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "custom-user-guide 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "crypto 2.16 Cross-Site.Request.Forgery.to.Authentication.Bypass HIGH" "crypto 2.19 Authentication.Bypass.via.log_in CRITICAL" "crypto 2.20 Authentication.Bypass.via.register CRITICAL" "content-control No.known.fix Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "content-control 2.2.0 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "content-control 1.1.10 Contributor+.Stored.XSS MEDIUM" "credova-financial 1.4.9 Sensitive.Information.Disclosure MEDIUM" "customize-login No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "capabilities-pro 2.5.2 Admin+.PHP.Objection.Injection MEDIUM" "capabilities-pro 2.3.1 Unauthenticated.Arbitrary.Options.Update.to.Blog.Compromise CRITICAL" "candifly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "calendapp No.known.fix Reflected.XSS HIGH" "contact-form-7-multi-step-module 4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "contact-form-7-multi-step-module 4.1.91 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "contact-form-7-multi-step-module 3.0.9 Subscriber+.Arbitrary.Option.Update CRITICAL" "duplicate-page 4.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-page 3.4 Authenticated.SQL.Injection HIGH" "digital-publications-by-supsystic 1.7.8 Missing.Authorization MEDIUM" "digital-publications-by-supsystic 1.7.8 Cross-Site.Request.Forgery MEDIUM" "digital-publications-by-supsystic 1.7.7 Cross-Site.Request.Forgery.via.AJAX.action MEDIUM" "digital-publications-by-supsystic 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "digital-publications-by-supsystic 1.6.12 Authenticated.Path.Traversal LOW" "digital-publications-by-supsystic 1.7.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "dsdownloadlist No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "dynamicconditions No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dokan-pro 3.11.0 Unauthenticated.SQL.Injection CRITICAL" "disable-comments-wpz No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "data-dash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "document-data-automation 1.6.2 Cross-Site.Request.Forgery MEDIUM" "delete-all-comments-of-website 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "display-custom-post No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "d-bargain 4.0.0 Admin+.Stored.XSS LOW" "dejureorg-vernetzungsfunktion 1.98.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "downloader-tiktok 1.4 Server.Side.Request.Forgery.(SSRF).&.Local.File.Inclusion.(LFI) MEDIUM" "dextaz-ping No.known.fix Admin+.RCE MEDIUM" "debug-log-manager 2.3.2 Missing.Authorization MEDIUM" "debug-log-manager 2.3.2 Missing.Authorization.via.toggle_debugging MEDIUM" "debug-log-manager 2.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "debug-log-manager 2.3.0 Sensitive.Logs.Exposure MEDIUM" "debug-log-manager 2.2.2 Debug.Log.Clearing.via.CSRF MEDIUM" "debug-log-manager 2.2.2 Subscriber+.Debug.Log.Clearing MEDIUM" "drag-and-drop-custom-sidebar No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "dashylite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dashylite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dynamic-post-grid-elementor-addon 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dynamically-register-sidebars No.known.fix Admin+.Stored.XSS LOW" "data-tables-generator-by-supsystic 1.10.37 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.32 Missing.Authorization MEDIUM" "data-tables-generator-by-supsystic 1.10.20 Admin+.Stored.Cross-Site.Scripting LOW" "data-tables-generator-by-supsystic 1.10.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "data-tables-generator-by-supsystic 1.10.0 Authenticated.SQL.Injection CRITICAL" "data-tables-generator-by-supsystic 1.9.92 Authenticated.Stored.XSS MEDIUM" "data-tables-generator-by-supsystic 1.9.92 Insecure.Permissions.on.AJAX.Actions MEDIUM" "data-tables-generator-by-supsystic 1.9.92 CSRF.to.Stored.XSS,.Data.Table.Creations,.Settings.Modification CRITICAL" "donation-thermometer 2.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "digital-climate-strike-wp No.known.fix Redirect.to.Malicious.Website.due.to.Compromised.JS.Asset HIGH" "drip-feed-content-extended-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "directories 1.3.46 Authenticated.Self-Reflected.Cross-Site.Scripting LOW" "directories 1.3.46 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "download-from-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "drag-and-drop-form-builder-for-contact-form-7 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "drag-and-drop-form-builder-for-contact-form-7 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "documentpress-display-any-document-on-your-site No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-page-or-post 1.5.1 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "doofinder-for-woocommerce 2.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "doofinder-for-woocommerce 2.1.1 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "doofinder-for-woocommerce 2.1.8 Reflected.Cross-Site.Scripting HIGH" "doofinder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "donate-with-qrcode No.known.fix Plugin's.Setting.Update.via.CSRF MEDIUM" "donate-with-qrcode 1.4.5 Stored.Cross-Site.Scripting MEDIUM" "dse-divi-section-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "donations-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "donations-block No.known.fix Unauthenticated.Stored.XSS HIGH" "donations-block 2.1.0 Contributor+.Stored.XSS MEDIUM" "disqus-popular-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "directory-pro 1.9.5 Subscriber+.Privilege.Escalation CRITICAL" "dzs-enable-debug No.known.fix Cross-Site.Request.Forgery MEDIUM" "delete-all-comments-easily No.known.fix All.Comments.Deletion.via.CSRF MEDIUM" "debug-bar-extender No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-title-validate 1.4 Subscriber+.SQL.Injection HIGH" "demo-my-wordpress 1.1.0 Unauthenticated.Privilege.Escalation CRITICAL" "dynamic-widgets 1.6.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-widgets 1.6 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-widgets 1.5.11 Authenticated.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "divebook No.known.fix Improper.Authorisation.Check MEDIUM" "divebook No.known.fix Unauthenticated.SQL.Injection CRITICAL" "divebook No.known.fix Unauthenticated.Reflected.XSS LOW" "digits 8.4.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "dynamic-url-seo 1.2 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-url-seo 1.2 Cross-Site.Request.Forgery MEDIUM" "dynamic-url-seo 1.2 Reflected.XSS HIGH" "dimage-360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "device-theme-switcher No.known.fix Cross-Site.Request.Forgery MEDIUM" "devbuddy-twitter-feed No.known.fix Admin+.Stored.XSS LOW" "disc-golf-manager No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "directorypress 3.6.20 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "directorypress 3.6.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "directorypress 3.6.11 Contributor+.SQL.Injection HIGH" "directorypress 3.6.8 Reflected.Cross-Site.Scripting HIGH" "dop-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "directorist 8.2 Privilege.Escalation.and.Account.Takeover HIGH" "directorist 8.1 Unauthenticated.User.Information.Exposure MEDIUM" "directorist 7.9.0 Missing.Authorization MEDIUM" "directorist 7.8.5 Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "directorist 7.5.5 Subscriber+.Insecure.Direct.Object.Reference.to.Arbitrary.Post.Deletion MEDIUM" "directorist 7.5.5 Subscriber+.Arbitrary.User.Password.Reset.to.Privilege.Escalation HIGH" "directorist 7.5.4 Admin+.LFI MEDIUM" "directorist 7.4.4 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "directorist 7.4.2.2 Subscriber+.Arbitrary.User.Password.Update.via.IDOR HIGH" "directorist 7.3.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "directorist 7.3.0 Subscriber+.Arbitrary.E-mail.Sending MEDIUM" "directorist 7.2.3 Business.Directory.Plugin.<.7.2.3.-.Admin+.Arbitrary.File.Upload MEDIUM" "directorist 7.0.6.2 CSRF.to.Remote.File.Upload CRITICAL" "dk-pricr-responsive-pricing-table 5.1.11 Author+.Stored.XSS MEDIUM" "dk-pricr-responsive-pricing-table 5.1.8 Admin+.Stored.Cross-Site.Scriping LOW" "dk-pricr-responsive-pricing-table 5.1.7 Contributor+.Stored.XSS MEDIUM" "depicter 3.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.5.0 Missing.Authorization MEDIUM" "depicter 3.5.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "depicter 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "depicter 3.1.0 Authenticated.(Contributor+).Arbitrary.Nonce.Generation MEDIUM" "depicter 2.0.7 Settings.Update.via.CSRF MEDIUM" "dark-mode 1.7 Stored.XSS MEDIUM" "debug-assistant 1.5 Admin+.Stored.XSS LOW" "debug-assistant 1.5 Administrator.Account.Creation.via.CSRF HIGH" "display-widgets 2.7 Backdoored MEDIUM" "duplicate-post 3.2.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "devnex-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dvk-social-sharing 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "docket-cache 21.08.02 Reflected.Cross-Site.Scripting HIGH" "demo-user-dzs-showcase-your-admin-safely No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "dominion-domain-checker-wpbakery-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "devoluciones-packback No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "dr-affiliate No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "domain-sharding No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dn-footer-contacts 1.6.3 Admin+.Stored.XSS LOW" "delivery-drivers-for-vendors 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-for-vendors 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-post-revisions-on-single-click No.known.fix Cross-Site.Request.Forgery MEDIUM" "dtc-documents No.known.fix Cross-Site.Request.Forgery MEDIUM" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Reflected.XSS HIGH" "dyn-business-panel No.known.fix Stored.XSS.via.CSRF HIGH" "disable-right-click-for-wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "dethemekit-for-elementor 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "dethemekit-for-elementor 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URL.Parameter.of.the.De.Gallery.Widget MEDIUM" "dethemekit-for-elementor 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slitems.Attribute MEDIUM" "dethemekit-for-elementor 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "dethemekit-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dethemekit-for-elementor 1.5.5.5 Contributor+.Stored.XSS MEDIUM" "download-media No.known.fix Missing.Authorization.via.generate_link_for_media MEDIUM" "duplica 0.7 Authenticated.(Subscriber+).Missing.Authorization.to.Users/Posts.Duplicates.Creation MEDIUM" "duplicate-theme No.known.fix CSRF MEDIUM" "debug-info No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "daily-prayer-time-for-mosques 2024.09.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "daily-prayer-time-for-mosques 2023.10.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "daily-prayer-time-for-mosques 2023.03.18 Settings.Update.via.CSRF MEDIUM" "daily-prayer-time-for-mosques 2023.05.05 Contributor+.Stored.XSS MEDIUM" "daily-prayer-time-for-mosques 2022.03.01 Unauthenticated.SQLi HIGH" "daily-prayer-time-for-mosques 2021.08.10 Admin+.Stored.XSS LOW" "display-admin-page-on-frontend 1.21.1 Reflected.Cross-Site.Scripting MEDIUM" "display-admin-page-on-frontend 1.17.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dsgvo-youtube 1.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-info-page No.known.fix Admin+.Stored.XSS LOW" "deeper-comments No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "devrix-dark-site 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "download-theme 1.1.0 Cross-Site.Request.Forgery MEDIUM" "dental-optimizer-patient-generator-app No.known.fix Reflected.XSS HIGH" "da-reactions 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "da-reactions 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "da-reactions 3.20.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "debug 1.11 CSRF MEDIUM" "droip No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "droip No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Settings.Change MEDIUM" "domain-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dazzlersoft-teams No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "different-shipping-and-billing-address-for-woocommerce 1.5 Unauthenticated.SQL.Injection HIGH" "different-shipping-and-billing-address-for-woocommerce 1.3 Unauthenticated.SQL.Injection HIGH" "drop-shadow-boxes 1.7.15 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "drop-shadow-boxes 1.7.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "drop-shadow-boxes 1.7.12 Reflected.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.11 Contributor+.Cross-Site.Scripting MEDIUM" "drop-shadow-boxes 1.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "drop-shadow-boxes 1.7.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "document-emberdder 1.7.5 Unauthenticated.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "document-emberdder 1.7.9 Subscriber+.Arbitrary.Private/Draft.Post.Title.Disclosure MEDIUM" "database-cleaner 1.0.6 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "database-cleaner 0.9.9 Sensitive.Information.Exposure.via.Log.File MEDIUM" "disable-auto-updates No.known.fix Cross-Site.Request.Forgery.to.Auto-update.Disable MEDIUM" "dreamstime-stock-photos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "donate-me No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "donate-button 2.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "digital-river-global-commerce No.known.fix Use.of.Polyfill.io MEDIUM" "drivr-google-drive-file-picker No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "delivery-and-pickup-scheduling-for-woocommerce 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "designer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "designer 1.5.0 Contributor+.Local.File.Inclusion HIGH" "demo-importer-plus 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "dologin 3.8 Missing.Authorization.via.REST.Endpoints MEDIUM" "dologin 3.7.1 Subscriber+.IP.Address.leak MEDIUM" "dologin 3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "dologin 3.7 IP.Spoofing MEDIUM" "download-manager 3.3.09 Authenticated.(Author+).Path.Traversal.to.Limited.File.Overwrite MEDIUM" "download-manager 3.3.07 Unauthenticated.Data.Exposure MEDIUM" "download-manager 3.3.04 Missing.Authorization MEDIUM" "download-manager 3.3.04 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "download-manager 3.3.04 Unauthenticated.Download.of.Password-Protected.Files MEDIUM" "download-manager 3.3.03 Admin+.Stored.XSS LOW" "download-manager 3.3.00 Contributor+.Stored.XSS LOW" "download-manager 3.2.99 Admin+.Stored.XSS LOW" "download-manager 3.2.98 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "download-manager 3.2.90 Improper.Authorization.via.protectMediaLibrary HIGH" "download-manager 3.2.94 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "download-manager 3.2.87 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "download-manager 3.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm_modal_login_form.Shortcode MEDIUM" "download-manager 3.2.91 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdm-all-packages.Shortcode MEDIUM" "download-manager 3.2.85 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.85 Unauthenticated.File.Download MEDIUM" "download-manager 3.2.86 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.83 Unauthenticated.Protected.File.Download.Password.Leak MEDIUM" "download-manager 3.2.71 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.71 Broken.Access.Controls MEDIUM" "download-manager 6.3.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "download-manager 3.2.62 Contributor+.Stored.XSS MEDIUM" "download-manager 3.2.60 Reflected.XSS HIGH" "download-manager 3.2.55 Admin+.Arbitrary.File/Folder.Access.via.Path.Traversal MEDIUM" "download-manager 3.2.50 Contributor+.PHAR.Deserialization HIGH" "download-manager 3.2.53 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.51 Contributor+.Arbitrary.File.Deletion HIGH" "download-manager 3.2.49 Clear.Stats.&.Cache.via.CSRF MEDIUM" "download-manager 3.2.49 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.49 Multiple.CSRF MEDIUM" "download-manager 3.2.50 Bypass.IP.Address.Blocking.Restriction MEDIUM" "download-manager 3.2.44 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.44 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.48 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "download-manager 3.2.43 Reflected.Cross-Site.Scripting MEDIUM" "download-manager 3.2.39 Unauthenticated.brute.force.of.files.master.key MEDIUM" "download-manager 3.2.35 Sensitive.Information.Disclosure HIGH" "download-manager 3.2.34 Authenticated.SQL.Injection.to.Reflected.XSS MEDIUM" "download-manager 3.2.22 Subscriber+.Stored.Cross-Site.Scripting HIGH" "download-manager 3.2.16 Admin+.Stored.Cross-Site.Scripting LOW" "download-manager 3.2.13 Email.Template.Setting.Update.via.CSRF MEDIUM" "download-manager 3.1.25 .Authenticated.Directory.Traversal MEDIUM" "download-manager 3.1.25 Authenticated.File.Upload MEDIUM" "download-manager 3.1.23 Unauthorised.Asset.Manager.Usage HIGH" "download-manager 3.1.19 Authenticated.(author+).PHP4.File.Upload.to.RCE CRITICAL" "download-manager 3.1.22 Plugin.Settings.Change.via.CSRF MEDIUM" "download-manager 3.1.18 Unauthorised.Download.Duplication MEDIUM" "download-manager 2.9.97 Various.Sanitisation.Issues MEDIUM" "download-manager 2.9.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.61 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-manager 2.9.50 Cross-Site.Scripting.(XSS) MEDIUM" "download-manager 2.9.51 Open.Redirect HIGH" "dhvc-form 2.4.8 Unauthenticated.Privilege.Escalation CRITICAL" "datamentor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "devices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "devices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "devices No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "drawblog No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-media-tools-auto No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "demomentsomtres-classify-on-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-classify-on-publish No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "database-peek No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dropdown-multisite-selector 0.9.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "dn-shipping-by-weight 1.2 Settings.Update.via.CSRF MEDIUM" "demomentsomtres-mailchimp-subscribe 3.201706150908 Reflected.Cross-Site.Scripting MEDIUM" "dynamic-qr-code-generator No.known.fix Reflected.XSS HIGH" "disable-comments 1.0.4 disable_comments_settings.php.Comment.Status.Manipulation.CSRF HIGH" "duplicate-post-page-menu-custom-post-type 2.4.0 Subscriber+.Post.Duplication MEDIUM" "demon-image-annotation 4.8 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "database-collation-fix 1.2.8 Cross-Site.Request.Forgery MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "duplicate-variations-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dx-share-selection 1.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "defa-online-image-protector No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "dr-widgets-blocks 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "database-sync No.known.fix Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "doneren-met-mollie 2.10.3 Unauthenticated.Reflected.Cross-Site.Scripting.via.search MEDIUM" "doneren-met-mollie 2.8.5 Unauthorised.CSV.Export.leading.to.Sensitive.Data.Disclosure MEDIUM" "display-medium-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.display_medium_posts.Shortcode MEDIUM" "display-terms-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.15 Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "dc-woocommerce-multi-vendor 4.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Cross-Site.Request.Forgery.to.Vendor.Updates MEDIUM" "dc-woocommerce-multi-vendor 4.2.5 Missing.Authorization.to.Forged.Vendor.Profile.Deletion.Email.Sending MEDIUM" "dc-woocommerce-multi-vendor 4.2.1 Missing.Authorization.to.Limited.Vendor.Privilege.Escalation/Account.Takeover CRITICAL" "dc-woocommerce-multi-vendor 4.2.0 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 4.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.hover_animation.Parameter MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Missing.Authorization MEDIUM" "dc-woocommerce-multi-vendor 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 4.0.26 Missing.Authorization HIGH" "dc-woocommerce-multi-vendor 4.0.24 Missing.Authorization.via.mvx_save_dashpages HIGH" "dc-woocommerce-multi-vendor 4.0.26 Improper.Authorization.on.REST.Routes.via.'save_settings_permission' HIGH" "dc-woocommerce-multi-vendor 3.8.12 Unauthorised.AJAX.Calls HIGH" "dc-woocommerce-multi-vendor 3.8.12 Unauthenticated.LFI MEDIUM" "dc-woocommerce-multi-vendor 3.8.12 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "dc-woocommerce-multi-vendor 3.8.4 Reflected.Cross-Site.Scripting HIGH" "dc-woocommerce-multi-vendor 3.7.4 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "dc-woocommerce-multi-vendor 3.7.4 Unauthenticated.Arbitrary.Product.Comment MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery MEDIUM" "dc-woocommerce-multi-vendor 3.5.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "duplicate-wp-page-post 2.8 Admin+.Stored.Cross-Site.Scripting LOW" "duplicate-wp-page-post 2.5.7 SQL.Injections.due.to.Duplicated.Snippets HIGH" "duracelltomi-google-tag-manager 1.15.2 Admin+.Stored.Cross-Site.Scripting LOW" "duracelltomi-google-tag-manager 1.15.1 Reflected.Cross-Site.Scripting MEDIUM" "drm-protected-video-streaming No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "drm-protected-video-streaming No.known.fix Reflected.XSS HIGH" "dd-post-carousel 1.4.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "duplicator 1.5.10 Full.Path.Disclosure MEDIUM" "duplicator 1.5.7.1 Settings.Removal.via.CSRF MEDIUM" "duplicator 1.3.0 Unauthenticated.RCE CRITICAL" "duplicator 1.5.7.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator 1.4.7.1 Unauthenticated.System.Information.Disclosure MEDIUM" "duplicator 1.4.7 Unauthenticated.Backup.Download HIGH" "duplicator 1.3.28 Unauthenticated.Arbitrary.File.Download HIGH" "duplicator 1.2.42 Unauthenticated.Arbitrary.Code.Execution MEDIUM" "duplicator 1.2.33 Cross-Site.Scripting.(XSS) MEDIUM" "duplicator 1.2.29 Duplicator.<=.1,2,28.–.Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "donorbox-donation-form 7.1.7 Admin+.Stored.Cross-Site.Scripting LOW" "dashing-memberships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "diary-availability-calendar No.known.fix Authenticated.(subscriber+).SQL.Injection HIGH" "download-now-for-woocommerce 3.5.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dont-break-the-code No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "debt-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dearpdf-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delete-old-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "donate-visa No.known.fix Missing.Authorization MEDIUM" "decon-wp-sms No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "deal-of-the-day No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dino-game 1.2.0 Contributor+.Stored.XSS MEDIUM" "dynamictags 1.4.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "doctor-listing 1.3.6 Subscriber+.Privilege.Escalation CRITICAL" "dw-question-answer No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "different-menus-in-different-pages 2.4.0 Subscriber+.Menu.Duplication MEDIUM" "dragfy-addons-for-elementor No.known.fix Missing.Authorization.via.save_settings MEDIUM" "distance-based-shipping-calculator 2.0.23 Missing.Authorization MEDIUM" "distance-based-shipping-calculator 2.0.23 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "distance-based-shipping-calculator 2.0.22 Reflected.Cross-Site.Scripting MEDIUM" "distance-based-shipping-calculator 2.0.24 Subscriber+.SQL.Injection HIGH" "dokan-lite 3.7.6 Unauthenticated.SQLi HIGH" "dokan-lite 3.6.4 Vendor.Stored.Cross-Site.Scripting MEDIUM" "dokan-lite 3.2.1 CSRF.Nonce.Bypasses MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery MEDIUM" "dokan-lite 3.0.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "dukapress 2.5.9.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "duplicate-pp 3.5.6 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "disqus-conditional-load 11.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "delete-usermetas 1.2.0 Cross-Site.Request.Forgery MEDIUM" "devexhub-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "dev-land 3.0.5 Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-address No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-address No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dx-delete-attached-media 2.0.6 Settings.Update.via.CSRF MEDIUM" "disable-user-login 1.3.9 User.Login.Toggle.via.CSRF MEDIUM" "dtabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dts-simple-share No.known.fix Admin+.XSS LOW" "duofaq-responsive-flat-simple-faq No.known.fix Reflected.Cross-Site.Scripting HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.8.6 Limited.Arbitrary.File.Deletion MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.8 Sensitive.Information.Exposure MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.7.4 Contact.Form.7.<.1.3.7.4.-.Unauthenticated.Arbitrary.File.Upload HIGH" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.6 File.Upload.and.File.deletion.via.CSRF MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.5 File.Upload.Size.Limit.Bypass MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.6.3 Contact.Form.7.<.1.3.6.3.-.Unauthenticated.Stored.XSS MEDIUM" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.5.5 Unauthenticated.Remote.Code.Execution CRITICAL" "drag-and-drop-multiple-file-upload-contact-form-7 1.3.3.3 Unauthenticated.File.Upload.Bypass CRITICAL" "dofollow-case-by-case 3.5.0 Email&URLs.Adding.to.Allowlist.via.CSRF MEDIUM" "doctor-appointment-booking No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "doctor-appointment-booking No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "download-monitor 5.0.14 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "download-monitor 5.0.13 Missing.Authorization.to.API.Key.Manipulation MEDIUM" "download-monitor 5.0.10 Missing.Authorization.to.Authenticated.(Subscriber+).Shop.Enable MEDIUM" "download-monitor 4.9.14 Missing.Authorization MEDIUM" "download-monitor 4.9.5 Authenticated.(Admin+).SQL.Injection HIGH" "download-monitor 4.8.2 Admin+.SSRF MEDIUM" "download-monitor 4.5.98 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.5.91 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Reflected.Cross-Site.Scripting MEDIUM" "download-monitor 4.4.7 Admin+.Arbitrary.File.Download MEDIUM" "download-monitor 4.4.7 Admin+.Stored.Cross-Site.Scripting LOW" "download-monitor 4.4.5 Admin+.SQL.Injection MEDIUM" "download-monitor 1.9.7 Unauthenticated.Downloading.of.Logs MEDIUM" "download-monitor 1.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "download-monitor 1.6.4 Authenticated.Directory.Listing MEDIUM" "download-monitor 3.3.6.2 Multiple.Reflected.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.7.0 Improper.Path.Validation.to.Authenticated.(Subscriber+).Arbitrary.File.Move.and.Read HIGH" "delicious-recipes 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "delicious-recipes 1.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "decorator-woocommerce-email-customizer 1.2.8 WooCommerce.Email.Customizer.<.1.2.8.-.Cross-Site.Request.Forgery MEDIUM" "dwnldr 1.01 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "distancr 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dreamgrow-scroll-triggered-box No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "darkmysite No.known.fix Cross-Site.Request.Forgery MEDIUM" "debounce-io-email-validator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "debounce-io-email-validator 5.6.6 Reflected.Cross-Site.Scripting MEDIUM" "display-post-metadata 1.5.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ds-site-message 1.14.5 Stored.XSS.via.CSRF HIGH" "donate-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ds-cf7-math-captcha 3.0.1 Reflected.XSS HIGH" "debug-log-config-tool 1.5 Unauthenticated.Information.Exposure.via.Logs MEDIUM" "delete-me 3.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "df-draggable No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "download-attachments 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-attachments 1.3 Contributor+.Stored.XSS MEDIUM" "delete-old-posts-programmatically 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "delete-old-posts-programmatically 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "deny-all-firewall 1.1.7 CSRF HIGH" "digitimber-cpanel-integration 1.4.8 Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "don8 No.known.fix Admin+.Stored.XSS LOW" "delete-comments-by-status No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "demomentsomtres-mailchimp-immediate-send 3.201704281627 Reflected.Cross-Site.Scripting MEDIUM" "designthemes-core-features No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.via.dt_process_imported_file HIGH" "drag-n-drop-upload-cf7-pro 2.11.1 Contact.Form.7.Standard.<.2.11.1.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 5.0.6.4 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.4.-.Reflected.Cross-Site.Scripting HIGH" "drag-n-drop-upload-cf7-pro 5.0.6.3 Contact.Form.7.with.Remote.Storage.Integrations.<.5.0.6.3.-.Path.Traversal MEDIUM" "drag-n-drop-upload-cf7-pro 2.11.0 Contact.Form.7.Standard.<.2.11.0.-.Path.Traversal MEDIUM" "dw-question-answer-pro 1.3.7 Multiple.CSRF MEDIUM" "dw-question-answer-pro 1.3.7 Arbitrary.Comment.Edition.via.IDOR MEDIUM" "digipass No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "dyslexiefont No.known.fix CSRF MEDIUM" "dyslexiefont 1.0.0 Authenticated.Cross-Site.Scripting MEDIUM" "dh-anti-adblocker 37 Anti.AdBlocker.<.37.-.Settings.Update.via.CSRF MEDIUM" "default-thumbnail-plus No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "disable-admin-notices No.known.fix Cross-Site.Request.Forgery MEDIUM" "dsgvo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dropdown-menu-widget No.known.fix Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "dp-intro-tours 6.5.3 Reflected.Cross-Site.Scripting MEDIUM" "digirisk 6.1.0.0 Reflected.Cross-Site.Scripting MEDIUM" "distance-rate-shipping-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "dollie 6.2.1 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "dynamic-featured-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dfiFeatured.Parameter MEDIUM" "dynamic-to-top No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "delhivery-logistics-courier No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "device-wrapper 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "disabler 4.0.0 CSRF MEDIUM" "dynamic-product-categories-design 1.1.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "dj-email-publish No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dn-sitemap-control No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dl-robotstxt No.known.fix Admin+.Stored.XSS LOW" "debranding No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "debranding No.known.fix Privilege.Escalation HIGH" "dn-popup No.known.fix Settings.Update.via.CSRF MEDIUM" "dropbox-folder-share No.known.fix Unauthenticated.Server-Side.Request.Forgery.via.'link' HIGH" "dropbox-folder-share No.known.fix Unauthenticated.Remote.Code.Execution.via.LFI CRITICAL" "dd-roles No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "delightful-downloads No.known.fix Unauthenticated.Path.Traversal MEDIUM" "dark-mode-for-wp-dashboard 1.2.4 Cross-Site.Request.Forgery MEDIUM" "date-time-picker-field 2.3 Reflected.Cross-Site.Scripting MEDIUM" "date-time-picker-field 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "disable-update-notifications 2.4.2 Settings.Update.via.CSRF MEDIUM" "duogeek-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "duplicator-pro 4.5.14.2 Unauthenticated.Sensitive.Data.Exposure HIGH" "duplicator-pro 4.5.11.1 Unauthenticated.Reflected.XSS HIGH" "duplicator-pro 3.8.7.1 Unauthenticated.Arbitrary.File.Download HIGH" "dtracker No.known.fix Unauthorised.Contract.Creation HIGH" "dtracker No.known.fix Multiple.Unauthenticated.Blind.SQL.Injections HIGH" "database-backup 2.36 Authenticated.(Administrator+).Sensitive.Information.Exposure HIGH" "database-backup 2.37 Authenticated.(Administrator+).Arbitrary.File.Deletion HIGH" "database-backup 2.33 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "digital-lottery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "documentor-lite No.known.fix Unauthenticated.SQLi HIGH" "droit-elementor-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "droit-elementor-addons No.known.fix Cross-Site.Request.Forgery MEDIUM" "dd-rating No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "definitive-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "daext-autolinks-manager 1.10.05 CSRF MEDIUM" "ditty-news-ticker 3.1.52 Author+.Stored.XSS LOW" "ditty-news-ticker 3.1.47 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.46 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.45 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.43 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.39 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ditty-news-ticker 3.1.36 Author+.Stored.XSS MEDIUM" "ditty-news-ticker 3.1.32 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ditty-news-ticker 3.1.25 Missing.Authorization.via.save_ditty_permissions_check MEDIUM" "ditty-news-ticker 3.1.25 Reflected.XSS HIGH" "ditty-news-ticker 3.0.33 Contributor+.Stored.XSS MEDIUM" "ditty-news-ticker 3.0.15 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "different-home-for-logged-in-logged-out 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "dx-auto-save-images No.known.fix CSRF MEDIUM" "dsgnwrks-twitter-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "daggerhart-openid-connect-generic 3.8.2 Reflected.Cross.Site.Scripting.(XSS).via.Login.Error MEDIUM" "democracy-poll No.known.fix Missing.Authorization MEDIUM" "democracy-poll 5.4 CSRF.&.XSS HIGH" "debug-tool No.known.fix Missing.Authorization MEDIUM" "debug-tool No.known.fix Unauthenticated.Arbitrary.File.Creation CRITICAL" "debug-tool No.known.fix Missing.Authorization.to.Information.Exposure MEDIUM" "demomentsomtres-wp-export No.known.fix Subscriber+.unauthorized.data.export MEDIUM" "demomentsomtres-wp-export 20200610 Reflected.Cross-Site.Scripting MEDIUM" "domain-mapping-system 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "domain-mapping-system 1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "download-plugins-dashboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "download-plugins-dashboard 1.8.8 Cross-Site.Request.Forgery MEDIUM" "download-plugins-dashboard 1.8.6 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "download-plugins-dashboard 1.6.0 Unauthenticated.Stored.XSS MEDIUM" "document No.known.fix Missing.Authorization MEDIUM" "debug-functions-time 1.41 Reflected.Cross-Site.Scripting MEDIUM" "database-backups No.known.fix CSRF.to.Backup.Download HIGH" "dupeoff No.known.fix Admin+.Stored.XSS LOW" "doko-box-builder 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "dracula-dark-mode 1.0.9 The.Revolutionary.Dark.Mode.Plugin.For.WordPress.<.1.0.9.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "dracula-dark-mode 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "decalog 3.9.1 Authenticated.(Admin+).SQL.injection CRITICAL" "do-that-task No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "display-metadata No.known.fix Contributor+.Stored.XSS MEDIUM" "devvn-image-hotspot 1.2.6 Authenticated.(Author+).PHP.Object.Injection HIGH" "download-zip-attachments No.known.fix Arbitrary.File.Download HIGH" "disable-dashboard-for-woocommerce 3.2.9 Reflected.Cross-Site.Scripting MEDIUM" "donation-button No.known.fix Subscriber+.Broken.Access.Control.leading.to.SMS.Spam MEDIUM" "donation-button No.known.fix Contributor+.Stored.XSS MEDIUM" "droit-dark-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "drag-and-drop-multiple-file-upload-for-woocommerce 1.1.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "dont-muck-my-markup No.known.fix Cross-Site.Request.Forgery MEDIUM" "down-as-pdf No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digiproveblog No.known.fix Reflected.Cross-Site-Scripting MEDIUM" "demo-awesome 1.0.3 Missing.Authorization MEDIUM" "demo-awesome 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "drozd-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "domain-check 1.0.17 Reflected.Cross-Site.Scripting MEDIUM" "dx-auto-publish No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "dsgvo-all-in-one-for-wp 4.7 Cross-Site.Request.Forgery.to.Account.Deletion MEDIUM" "dsgvo-all-in-one-for-wp 4.6 Contributor+.Stored.XSS MEDIUM" "dsgvo-all-in-one-for-wp 4.4 Cross-Site.Request.Forgery MEDIUM" "dsgvo-all-in-one-for-wp 4.2 Admin+.Stored.Cross-Site.Scripting LOW" "dsgvo-all-in-one-for-wp 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "dw-promobar No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "dynamic-content-for-elementor 2.12.5 Cross-Site.Request.Forgery MEDIUM" "dynamic-content-for-elementor 1.9.6 Authenticated.RCE CRITICAL" "dx-sales-crm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "drop-in-image-slideshow-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-to-do-list 1.3.0 Missing.Authorization.via.ardtdw_widgetsetup() MEDIUM" "dashboard-to-do-list 1.3.2 Cross-Site.Request.Forgery.via.ardtdw_widgetupdate() MEDIUM" "daily-image No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dforms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "db-tables-importexport No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dk-pdf 1.9.7 Reflected.Cross-Site.Scripting MEDIUM" "downloadmanager 3.2.83 Unauthenticated.Password.Protected.File.Bypass MEDIUM" "docollipics-faustball-de 2.1.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dx-watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "delete-custom-fields No.known.fix Cross-Site.Request.Forgery.to.Post.Meta.Deletion MEDIUM" "disable-elementor-editor-translation 1.0.3 Missing.Authorization MEDIUM" "dh-local-seo No.known.fix Unauthenticated.SQL.Injection HIGH" "daves-wordpress-live-search No.known.fix Admin+.Stored.XSS LOW" "delete-duplicate-posts 4.9 Missing.Authorization.via.AJAX.Actions MEDIUM" "delete-duplicate-posts 4.8.9 Reflected.Cross-Site.Scripting MEDIUM" "delete-duplicate-posts 4.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "delete-duplicate-posts 4.1.9.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "defend-wp-firewall 1.1.1 Missing.Authorization MEDIUM" "dl-leadback No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "drawit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "defender-security 4.7.3 Missing.Authorization MEDIUM" "defender-security 4.4.2 IP.Address.Spoofing MEDIUM" "defender-security 4.2.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "defender-security 4.2.1 Masked.Login.Area.Security.Feature.Bypass MEDIUM" "defender-security 4.1.0 Protection.Bypass.(Hidden.Login.Page) MEDIUM" "defender-security 2.4.6.1 CSRF.Nonce.Bypasses MEDIUM" "divi-builder 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi-builder 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi-builder 4.0.10 Authenticated.Code.Injection MEDIUM" "divi-builder 2.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi-builder 1.2.4 Privilege.Escalation HIGH" "dans-gcal 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dezdy-mcommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dnui-delete-not-used-image-wordpress No.known.fix Deletion.of.images.through.CSRF MEDIUM" "dbox-slider-lite No.known.fix Multiple.Authenticated.SQL.injection HIGH" "depay-payments-for-woocommerce 2.12.18 Missing.Authorization.to.Information.Exposure MEDIUM" "datasets-manager-by-arttia-creative No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "dzs-zoomsounds No.known.fix WordPress.Wave.Audio.Player.with.Playlist.<=.6.91.-.Unauthenticated.PHP.Object.Injection HIGH" "dzs-zoomsounds 6.50 Unauthenticated.Arbitrary.File.Download HIGH" "dzs-zoomsounds 6.05 Unauthenticated.Arbitrary.File.Upload CRITICAL" "dzs-zoomsounds 3.0 Remote.File.Upload CRITICAL" "device-detector 4.2.1 Reflected.Cross-Site.Scripting.via.id MEDIUM" "demomentsomtres-gravity-forms-improvements 201704251008 Reflected.Cross-Site.Scripting MEDIUM" "display-a-meta-field-as-block 1.2.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "donations-for-woocommerce 1.1.10 Cross-Site.Request.Forgery MEDIUM" "delucks-seo No.known.fix Subscriber+.Arbitrary.File.Read MEDIUM" "delucks-seo 2.5.5 Missing.Authorization MEDIUM" "dl-yandex-metrika No.known.fix Admin+.Stored.XSS LOW" "delivery-drivers-manager 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "delivery-drivers-manager 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "download-button-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "download-magnet 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "denk-internet-solutions 6.0.0 Admin+.Stored.XSS LOW" "disable-image-right-click No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "delivery-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delivery-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dp-addthis No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "directorypress-frontend 2.8.0 Cross-Site.Request.Forgery.to.Listing.Status.Update MEDIUM" "ds-suit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "double-opt-in-for-download 2.1.0 Authenticated.SQL.Injection CRITICAL" "database-for-cf7 1.2.5 Subscriber+.CF7.DB.Entries.Deletion MEDIUM" "download-plugin 2.2.1 Missing.Authorization.to.Authenticated.(Subscriber+).User.Metadata.and.Comment.Download MEDIUM" "download-plugin 2.0.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "download-plugin 2.0.0 Subscriber+.Website.Download HIGH" "download-plugin 1.6.1 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "dl-verification No.known.fix Admin+.Stored.XSS LOW" "demomentsomtres-categories No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "demomentsomtres-categories No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-categories No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dynamic-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "duitku-social-payment-gateway 2.11.7 Missing.Authorization.via.check_duitku_response MEDIUM" "draw-attention 2.0.16 Improper.Access.Control.via.register_cpt MEDIUM" "draw-attention 2.0.12 Subscriber+.Unauthorized.Featured.Image.Modification MEDIUM" "dirtysuds-embed-pdf No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "download-html-tinymce-button No.known.fix Reflected.XSS HIGH" "debrandify 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "dashboard-widgets-suite 3.4.4 Reflected.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "dashboard-widgets-suite 3.2.2 Admin+.Stored.XSS LOW" "dzs-ajaxer-lite-dynamic-page-load No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "drug-search No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "dpt-oauth-client No.known.fix CSRF MEDIUM" "dpt-oauth-client No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "display-future-posts No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "dancepress-trwa No.known.fix Cross-Site.Request.Forgery MEDIUM" "dancepress-trwa 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "dancepress-trwa 2.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "dovetail No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "daily-proverb No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "demomentsomtres-grid-archive No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "demomentsomtres-grid-archive No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "dropdown-and-scrollable-text 2.1 Reflected.Cross-Site.Scripting MEDIUM" "enqueue-anything No.known.fix Subscriber+.Arbitrary.Asset/Post.Deletion MEDIUM" "email-newsletter No.known.fix SQL.Injection CRITICAL" "epoll-wp-voting 3.5 Subscriber+.Arbitrary.File.Upload CRITICAL" "epoll-wp-voting 3.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "epoll-wp-voting 3.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Title MEDIUM" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "easy-digital-downloads 3.3.5 3.3.4.-.Improper.Authorization.to.Paywall.Bypass LOW" "easy-digital-downloads 3.3.4 Authenticated.(Admin+).PHAR.Deserialization HIGH" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Agreement.Text LOW" "easy-digital-downloads 3.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Currency.Settings MEDIUM" "easy-digital-downloads 3.3.1 Missing.Authorization MEDIUM" "easy-digital-downloads 3.3.1 Unauthenticated.SQL.Injection CRITICAL" "easy-digital-downloads 3.2.12 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.12 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Cross-Site.Request.Forgery MEDIUM" "easy-digital-downloads 3.2.10 Sensitive.Information.Exposure MEDIUM" "easy-digital-downloads 3.2.7 Shop.Manager+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.6 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.2.0 Missing.Authorization MEDIUM" "easy-digital-downloads 3.1.1.4.2 Unauthenticated.Privilege.Escalation CRITICAL" "easy-digital-downloads 3.1.0.5 Contributor+.Stored.XSS MEDIUM" "easy-digital-downloads 3.1.0.4 Unauthenticated.SQLi HIGH" "easy-digital-downloads 3.0 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "easy-digital-downloads 3.1.0.2 Unauthenticated.CSV.Injection MEDIUM" "easy-digital-downloads 3.0.2 Admin+.PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.11.6 Admin+.Stored.Cross-Site.Scripting LOW" "easy-digital-downloads 2.11.6 Arbitrary.Payment.Note.Insertion.via.CSRF LOW" "easy-digital-downloads 2.11.2.1 Reflected.Cross-Site.Scripting HIGH" "easy-digital-downloads 2.10.3 Unauthorised.Stripe.Disconnect.via.CSRF MEDIUM" "easy-digital-downloads 2.9.16 Stored.XSS MEDIUM" "easy-digital-downloads 2.5.8 PHP.Object.Injection MEDIUM" "easy-digital-downloads 2.3.7 Cross-Site.Scripting.Issue MEDIUM" "easy-digital-downloads 2.3.3 SQL.Injection CRITICAL" "embed-docs 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox-premium No.known.fix Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-facebook-likebox-premium 6.2.7 Reflected.Cross-Site.Scripting HIGH" "easy-prayer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-prayer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-table 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "easy-table 1.5.3 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "easy-pie-coming-soon 1.0.7.4 Admin+.Stored.XSS LOW" "ez-form-calculator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-venmo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elementor-pro 3.25.11 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "elementor-pro 3.21.3 Reflected.Cross-Site.Scripting MEDIUM" "elementor-pro 3.21.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Widget.SVGZ.File.Upload MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.video_html_tag MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation MEDIUM" "elementor-pro 3.20.2 Authententicated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementor-pro 3.19.3 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementor-pro 3.11.7 Subscriber+.Arbitrary.Options.Update HIGH" "elementor-pro 2.9.4 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor-pro 2.0.10 XSS MEDIUM" "export-woocommerce-customer-list 2.0.69 CSV.Injection LOW" "essential-addons-for-elementor-lite 6.0.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 6.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Author+).Sensitive.Information.Exposure.to.Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 6.0.10 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.4 Best.Elementor.Templates,.Widgets,.Kits.&.WooCommerce.Builders.<.6.0.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "essential-addons-for-elementor-lite 6.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.no_more_items_text.Parameter MEDIUM" "essential-addons-for-elementor-lite 5.9.27 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.22 Contributor+.Stored.Cross-Site.Scripting.via.Twitter.Feed MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Interactive.Circles' MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Several.Widgets MEDIUM" "essential-addons-for-elementor-lite 5.9.20 Contributor+.Stored.Cross-Site.Scripting.via.'Dual.Color.Header',.'Event.Calendar',.&.'Advanced.Data.Table' MEDIUM" "essential-addons-for-elementor-lite 5.9.18 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Information.Exposure MEDIUM" "essential-addons-for-elementor-lite 5.9.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.15 Contributor+.Store.XSS.via.Widget.URL MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Author+.PHP.Object.Injection MEDIUM" "essential-addons-for-elementor-lite 5.9.14 Unauthenticated.Private/Draft.Posts.Access MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.12 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Data.Table MEDIUM" "essential-addons-for-elementor-lite 5.9.10 Contributor+.Stored.Cross-Site.Scripting.via.Event.Calendar HIGH" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting.via.Accordion MEDIUM" "essential-addons-for-elementor-lite 5.9.9 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.9.8 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scritping MEDIUM" "essential-addons-for-elementor-lite 5.9.5 Contributor+.Stored.Cross-Site.Scripting.via.Image.URl MEDIUM" "essential-addons-for-elementor-lite 5.9.3 Contributor+.Stored.XSS MEDIUM" "essential-addons-for-elementor-lite 5.8.9 Authenticated.(Contributor+).Privilege.Escalation HIGH" "essential-addons-for-elementor-lite 5.8.2 Unauthenticated.MailChimp.API.Key.Disclosure MEDIUM" "essential-addons-for-elementor-lite 5.7.2 Unauthenticated.Privilege.Escalation CRITICAL" "essential-addons-for-elementor-lite 5.0.9 Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-for-elementor-lite 5.0.5 Unauthenticated.LFI CRITICAL" "essential-addons-for-elementor-lite 4.5.4 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "event-geek No.known.fix Stored.Cross-site.Scripting.(XSS) MEDIUM" "elemenda No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "etsy-shop 3.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "e-signature 1.5.6.8 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "easy-org-chart No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "electric-studio-client-login No.known.fix Admin+.Stored.XSS LOW" "easy-image-collage 1.13.6 Missing.Authorization.to.Authenticated.(Contributor+).Data.Clearance MEDIUM" "exchange-addon-membership 1.3.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "erp 1.13.4 Custom+.Unauthorized.Access.to.Terminated.Employee.Information MEDIUM" "erp 1.13.4 Admin+.Stored.XSS LOW" "erp 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "erp 1.13.1 Authenticated.(Accounting.Manager+).SQL.Injection.via.vendor_id HIGH" "erp 1.13.2 Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(AccountingManager+).SQL.Injection HIGH" "erp No.known.fix Authenticated.(Accounting.Manager+).SQL.Injection HIGH" "erp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "erp 1.30.0 Authenticated.(Accounting.Manager+).SQL.Injection.via.id HIGH" "erp 1.12.9 Authenticated.(Accounting.manager+).SQL.Injection HIGH" "erp 1.12.7 Missing.Authorization.via.admin.notice.dismissal MEDIUM" "erp 1.12.4 Admin+.SQL.Injection MEDIUM" "erp 1.12.4 Reflected.Cross-Site.Scripting HIGH" "erp 1.7.5 CSRF.Nonce.Bypasses MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery MEDIUM" "erp 1.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "exit-intent-popups-by-optimonk 2.0.5 Account.ID.Update.via.CSRF MEDIUM" "event-tickets-plus 5.9.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets-plus 5.9.1 Contributor+.Attendees.Lists.Disclosure LOW" "everest-backup 2.2.14 Unauthenticated.Backup.Download HIGH" "everest-backup 2.2.5 Admin+.Arbitrary.File.Upload MEDIUM" "everest-backup 2.2.0 Sensitive.Information.Exposure.via.Log.File HIGH" "everest-gallery-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "embed-youtube-video No.known.fix Authenticated.SQL.Injection MEDIUM" "exxp-wp No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "event-countdown-timer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-google-product-feed No.known.fix Admin+.SQLi MEDIUM" "events-calendar-registration-booking-by-events-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-testimonial-manager No.known.fix Authenticated.SQL.Injection MEDIUM" "envo-elementor-for-woocommerce 1.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.17 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Theme.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "envo-elementor-for-woocommerce 1.4.5 Subscriber+.Template.Creation MEDIUM" "easy-charts 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-manager 6.6.4.2 Missing.Authorization MEDIUM" "events-manager 6.6.4 Unauthenticated.SQL.Injection.via.Event.Status.Parameter HIGH" "events-manager 6.4.9 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.event,.location,.and.event_category.Shortcodes MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7 Missing.Authorization MEDIUM" "events-manager 6.4.7.2 Cross-Site.Request.Forgery MEDIUM" "events-manager 6.4.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-manager 6.4.7 Authenticated(Administator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "events-manager 6.4.6 Reflected.Cross-Site.Scripting MEDIUM" "events-manager 5.9.8 Cross-Site.Scripting.(XSS) LOW" "events-manager 5.9.8 Admin+.SQL.Injection MEDIUM" "events-manager 5.9.7.2 CSV.Injection MEDIUM" "events-manager 5.9.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.8.1.2 Unauthenticated.Stored.XSS CRITICAL" "events-manager 5.6 Cross-Site.Scripting.(XSS).&.Code.Injection MEDIUM" "events-manager 5.5.7.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.7 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.3.4 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5.2 Multiple.Unspecified.XSS.Vulnerabilities MEDIUM" "events-manager 5.3.9 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "events-manager 5.5 Cross-Site.Scripting.(XSS) MEDIUM" "export-all-urls 4.6 Reflected.XSS HIGH" "export-all-urls 4.2 Editor+.Stored.XSS MEDIUM" "export-all-urls 4.4 Admin+.Arbitrary.System.File.Removal MEDIUM" "export-all-urls 4.2 Editor+.Stored.Cross-Site.Scripting LOW" "export-all-urls 4.3 Private/Draft.Post/Page.Title.Disclosure.via.CSRF MEDIUM" "export-all-urls 4.2 Reflected.Cross-Site.Scripting MEDIUM" "envato-elements 2.0.15 Author+.Server-Side.Request.Forgery MEDIUM" "envato-elements 2.0.11 Contributor+.Arbitrary.File.Upload HIGH" "embed-rss No.known.fix Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "ecpay-logistics-for-woocommerce 1.3.1910240 Unauthenticated.Reflected.XSS MEDIUM" "event-registration-calendar-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-registration-calendar-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "event-registration-calendar-by-vcita 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "external-featured-image-from-bing No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "email-keep No.known.fix Email.Deletion.via.CSRF MEDIUM" "email-keep No.known.fix Reflected.XSS HIGH" "envato-affiliater No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-media-gallery-pro 1.3.0 CSRF.&.Cross-Site.Scripting.(XSS) MEDIUM" "easy-wp-cleaner 2.0 Data.Deletion.via.CSRF MEDIUM" "exports-and-reports 0.9.2 Contributor+.CSV.Injection LOW" "email-artillery No.known.fix CSRF.to.Stored.XSS HIGH" "email-artillery No.known.fix Multiple.Authenticated.SQL.Injections MEDIUM" "email-artillery No.known.fix Multiple.Reflected.Cross-Site.Scripting HIGH" "email-artillery No.known.fix Arbitrary.File.Upload MEDIUM" "eyewear-prescription-form 4.0.19 Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "enhanced-wordpress-contactform 2.3 Admin+.Stored.XSS LOW" "easy-set-favicon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "event-espresso-core-reg 4.10.7.p Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "easy-testimonial-rotator 1.0.19 Admin+.Stored.XSS LOW" "easy-testimonial-rotator 1.0.16 Reflected.Cross-Site.Scripting HIGH" "e-unlocked-student-result No.known.fix Student.Result.<=.1.0.4.-.Arbitrary.File.Upload.via.CSRF HIGH" "easy-faq-with-expanding-text No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "easy-social-sharebar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-page-templates-addon-for-the-events-calendar 1.6 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "easyappointments 1.3.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "eventon-lite 2.2.17 Admin+.Stored.XSS LOW" "eventon-lite 2.2.16 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Plugin.Settings.Updates HIGH" "eventon-lite 2.2.15 Admin+.Stored.Cross-Site.Scripting.via.event.subtitle LOW" "eventon-lite 2.2.15 Admin+.Stored.XSS LOW" "eventon-lite 2.2.8 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventon-lite 2.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "eventon-lite 2.2.8 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventon-lite 2.2.8 Reflected.XSS HIGH" "eventon-lite 2.2.8 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventon-lite 2.2.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventon-lite 2.2 Admin.+.Stored.HTML.Injection LOW" "eventon-lite 2.2.3 Reflected.Cross.Site.Scripting HIGH" "eventon-lite 2.2 Admin+.Stored.XSS LOW" "eventon-lite 2.1.2 Unauthenticated.Event.Access HIGH" "eventon-lite 2.1.2 Unauthenticated.Post.Access.via.IDOR HIGH" "easily-generate-rest-api-url No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "expert-invoice No.known.fix Expert.Invoice.<=.1,0,2.-Admin+.Stored.XSS LOW" "easy-pricing-tables 3.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fontFamily.Attribute MEDIUM" "easy-pricing-tables 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "easy-pricing-tables 3.2.1 Reflected.Cross-Site-Scripting MEDIUM" "easy-pricing-tables 3.1.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "easy-pricing-tables 3.1.3 Arbitrary.Post.Removal.via.CSRF MEDIUM" "essential-breadcrumbs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-twitter-feeds No.known.fix Authenticated.(Contributor+).Post.Exposure MEDIUM" "easy-twitter-feeds 1.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-side-tab-cta 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "elegant-calendar-lite 1.5.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eexamhall No.known.fix CSRF MEDIUM" "essential-blocks-pro 1.1.1 Unauthenticated.Object.Injection HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks-pro 1.1.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "easy-custom-auto-excerpt 2.5.0 Sensitive.Information.Exposure MEDIUM" "easy-custom-auto-excerpt 2.4.7 XSS MEDIUM" "essay-wizard-wpcres No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "event-monster 1.4.4 Information.Exposure.Via.Visitors.List.Export MEDIUM" "event-monster 1.4.4 Unauthenticated.Information.Exposure MEDIUM" "event-monster 1.4.0 Contributor+.PHP.Object.Injection.via.Custom.Meta MEDIUM" "event-monster No.known.fix Admin+.Stored.XSS LOW" "event-monster 1.2.1 Admin+.SQLi MEDIUM" "event-monster 1.2.0 Visitors.Deletion.via.CSRF MEDIUM" "easy-table-booking No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-waveform-player 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-slideshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-slideshow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elementary-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-code-placement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "emails-verification-for-woocommerce 2.9.5 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "emails-verification-for-woocommerce 2.9.6 Authentication.Bypass.via.Shortcode HIGH" "emails-verification-for-woocommerce 2.9.0 Unauthenticated.SQL.Injection HIGH" "emails-verification-for-woocommerce 2.7.5 Authentication.Bypass HIGH" "emails-verification-for-woocommerce 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "easy-accordion-block 1.2.5 Missing.Authorization MEDIUM" "ewww-image-optimizer 7.3.0 Cross-Site.Request.Forgery MEDIUM" "ewww-image-optimizer 7.2.1 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log MEDIUM" "ewww-image-optimizer 7.2.1 Sensitive.Information.Exposure MEDIUM" "ewww-image-optimizer 5.9 Cross-Site.Request.Forgery MEDIUM" "eventr No.known.fix Blind.SQL.Injection CRITICAL" "easy-paypal-shopping-cart 1.1.11 Contributor+.Stored.XSS MEDIUM" "elisqlreports 5.25.08 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elite-notification 2.0.0 Subscriber+.Stored.XSS MEDIUM" "element-ready-lite 6.4.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "element-ready-lite 6.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.4.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "element-ready-lite 6.4.3 .Open.Redirect MEDIUM" "element-ready-lite 6.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "element-ready-lite 5.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-media-library 2.8.10 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "event-tickets 5.19.1.2 Missing.Authorization.to.Ticket.Deletion MEDIUM" "event-tickets 5.18.1.1 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "event-tickets 5.11.0.5 Cross-Site.Request.Forgery MEDIUM" "event-tickets 5.8.3 Improper.Authorization.to.Information.Disclosure MEDIUM" "event-tickets 5.8.2 Missing.Authorization MEDIUM" "event-tickets 5.8.1 Contributor+.Arbitrary.Events.Access LOW" "event-tickets 5.6.0 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets 5.3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "event-tickets 5.2.2 Open.Redirect MEDIUM" "event-tickets 4.10.7.2 CSV.Injection HIGH" "estatik-mortgage-calculator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "estatik-mortgage-calculator 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "estatik-mortgage-calculator No.known.fix Reflected.XSS HIGH" "extreme-blocks 0.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "e-shops-cart2 No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "ehive-objects-image-grid 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-address-obfuscation 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "easy-bet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exchange-addon-authorize-net 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-gallery-slideshow No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "embed-peertube-playlist 1.10 Editor+.Stored.XSS LOW" "easy-media-download 1.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "easy-media-download 1.1.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "explara-membership No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "etruel-del-post-copies No.known.fix Missing.Authorization MEDIUM" "easy-slider-revolution 1.1.0 Author+.Stored.XSS MEDIUM" "emoji-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'provider_name' MEDIUM" "embedpress 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedpress 4.0.10 Unauthenticated.Local.File.Inclusion CRITICAL" "embedpress 4.0.5 Missing.Authorization MEDIUM" "embedpress 3.9.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.PDF.Widget.URL MEDIUM" "embedpress 4.0.2 .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.13 Contributor+.PDF.Block.Embedding LOW" "embedpress 3.9.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.12 Missing.Authorization MEDIUM" "embedpress 3.9.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Youtube.Block MEDIUM" "embedpress 3.9.9 Missing.Authorization.via.handle_calendly_data MEDIUM" "embedpress 3.9.13 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.'embedpress_doc_custom_color' MEDIUM" "embedpress 3.9.13 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Attribute MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Wistia.Block MEDIUM" "embedpress 3.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EmbedPress.PDF.Widget MEDIUM" "embedpress 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 3.9.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Google.Calendar.Widget.Link MEDIUM" "embedpress 3.9.6 Contributor+.Stored.XSS MEDIUM" "embedpress 3.9.5 Missing.Authorization MEDIUM" "embedpress 3.9.2 Reflected.XSS MEDIUM" "embedpress 3.9.2 Reflected.XSS HIGH" "embedpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "embedpress 3.8.3 Subscriber+.Plugin.Settings.Delete MEDIUM" "embedpress 3.8.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "embedpress 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "embedpress 3.8.0 Sensitive.Data.Disclosure MEDIUM" "elastik-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "express-pay 1.1.9 Unauthenticated.SQL.Injection.via.type_id HIGH" "easy-faqs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easyazon No.known.fix Reflected.Cross-Site.Scripting.via.easyazon-cloaking-locale MEDIUM" "easyazon 5.1.1 Missing.Authorization.on.AJAX.actions MEDIUM" "embed-swagger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-product-catalog 3.3.44 Cross-Site.Request.Forgery.to.Password.Reset HIGH" "ecommerce-product-catalog 3.3.33 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-product-catalog 3.3.29 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.3.27 Sensitive.Information.Exposure.via.CSV.Files MEDIUM" "ecommerce-product-catalog 3.3.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecommerce-product-catalog 3.3.26 Products.Deletion.via.CSRF MEDIUM" "ecommerce-product-catalog 3.3.9 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.3.5 Admin+.Stored.XSS LOW" "ecommerce-product-catalog 3.0.72 Reflected.XSS.via.AJAX MEDIUM" "ecommerce-product-catalog 3.0.72 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.71 Reflected.XSS MEDIUM" "ecommerce-product-catalog 3.0.39 Reflected.Cross-Site.Scripting HIGH" "ecommerce-product-catalog 3.0.18 Cross-Site.Request.Forgery MEDIUM" "ecommerce-product-catalog 3.0.18 CSRF.Nonce.Bypass MEDIUM" "ecommerce-product-catalog 2.9.44 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-svg-upload No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "explara-events No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "erocket 1.2.5 Admin+.Stored.XSS LOW" "exit-notifier 1.10.6 Reflected.Cross-Site.Scripting MEDIUM" "easy-watermark 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "easy-watermark 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "elegant-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-post 5.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.events_cal.Shortcode MEDIUM" "event-post 5.9.6 Unauthenticated.Local.File.Inclusion CRITICAL" "event-post No.known.fix Post.Metadata.Update.via.CSRF MEDIUM" "event-post 5.9.5 Missing.Authorization MEDIUM" "event-post 5.9.1 Contributor+.Stored.XSS MEDIUM" "enhanced-youtube-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "event-calendar-wd 1.1.51 Reflected.Cross-Site.Scripting HIGH" "event-calendar-wd 1.1.51 Subscriber+.Event.Creation MEDIUM" "event-calendar-wd 1.1.46 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.45 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.1.22 Cross-Site.Scripting.(XSS) MEDIUM" "event-calendar-wd 1.0.94 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "easy-ad-manager No.known.fix Admin+.Stored.XSS LOW" "essential-widgets 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "echo-knowledge-base 11.31.0 Unauthenticated.PHP.Object.Injection.in.is_article_recently_viewed CRITICAL" "embedalbum-pro 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "embedalbum-pro 1.1.28 Contributor+.Stored.XSS MEDIUM" "exchange-addon-paypal-pro 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-popup-show No.known.fix Cross-Site.Request.Forgery MEDIUM" "elements-plus 2.16.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elements-plus 2.16.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.links MEDIUM" "easy-youtube-gallery 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-under-construction 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "extra-privacy-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enteraddons 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.2.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Events.Card.Widget MEDIUM" "enteraddons 2.2.0 Contributor+.Stored.XSS MEDIUM" "enteraddons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Heading.widget MEDIUM" "enteraddons 2.1.6 Contributor+.Stored.XSS.via.Animation.Title.widget MEDIUM" "everest-review-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easy-settings-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-settings-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "echoza No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Text.and.Image.Comparison.Widgets MEDIUM" "exclusive-addons-for-elementor 2.7.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "exclusive-addons-for-elementor 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.9 Authenticated.(Contibutor+).Stored.Cross-Site.Scripting.via.Card.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.2 Missing.Authorization.to.Post.Duplication MEDIUM" "exclusive-addons-for-elementor 2.6.9.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Expired.Title MEDIUM" "exclusive-addons-for-elementor 2.6.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.to.Action MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9.3 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Call.To.Action.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-addons-for-elementor 2.6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Covid-19.Stats.Widget MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.9 Contributor+.Stored.XSS MEDIUM" "exclusive-addons-for-elementor 2.6.2 Arbitrary.Uninstall.Reason.Feedback.via.CSRF MEDIUM" "extensions-for-elementor No.known.fix Reflected.Cross-Site.Scripting HIGH" "extensions-for-elementor 2.0.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensions-for-elementor 2.0.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.EE.Events.and.EE.Flipbox.Widget MEDIUM" "extensions-for-elementor 2.0.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "easyevent No.known.fix Admin+.Stored.XSS LOW" "elfsight-pricing-table No.known.fix Cross-Site.Request.Forgery.via.ajax() MEDIUM" "elfsight-pricing-table No.known.fix Missing.Authorization MEDIUM" "exhibit-to-wp-gallery No.known.fix Reflected.XSS HIGH" "easy-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elasticpress 5.1.2 Data.Sync.via.CSRF MEDIUM" "elasticpress 3.5.4 Cross-Site.Request.Forgery MEDIUM" "easy-pixels-by-jevnet No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "eveeno 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eventer 3.9.9.3 Subscriber+.SQLi HIGH" "eventer 3.9.9 Reflected.Cross-Site.Scripting MEDIUM" "eventer 3.9.9.1 Missing.Authorization.to.Authenticated.(Subscriber+).Bookings.Export MEDIUM" "eventer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "eventer No.known.fix Missing.Authorization.to.Unauthenticated.Event.Ticket.Download MEDIUM" "eventer 3.9.9 Unauthenticated.SQL.Injection HIGH" "eventer 3.9.8 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "easy-bootstrap-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "extra-options-favicons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "email-customizer-for-woocommerce 2.6.1 Information.Exposure MEDIUM" "estatebud-properties-listings No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "elespare 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Horizontal.Nav.Menu.Widge MEDIUM" "elespare 2.1.3 Missing.Authorization.to.Subscriber+.Arbitrary.Post.Creation MEDIUM" "evernote-sync No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elfsight-telegram-chat-cc No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "export-customers-data 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "editor-custom-color-palette 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-tynt No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy2map 1.3.0 Local.File.Inclusion CRITICAL" "easy2map 1.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "email-subscriber No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "eyes-only-user-access-shortcode No.known.fix Admin+.Stored.XSS LOW" "everlightbox 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "everlightbox 1.1.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-popups 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "error-log-viewer-wp 1.0.4 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read HIGH" "easy-maintenance-mode-coming-soon No.known.fix Information.Exposure MEDIUM" "eps-301-redirects 2.51 Easy.Redirect.Manager.<.2.51.-.Authenticated.SQL.Injection CRITICAL" "eps-301-redirects 2.45 Easy.Redirect.Manager.<.2.45.-.Authenticated.Arbitrary.Redirect.Injection.and.Modification,.XSS,.and.CSRF CRITICAL" "embed-comment-images 0.6 Unauthenticated.Stored.XSS MEDIUM" "easy-career-openings No.known.fix jobid.Parameter.SQL.Injection MEDIUM" "extensions-leaflet-map 3.4.2 Reflected.XSS HIGH" "ever-compare 1.2.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "easy-mls-listings-import 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-cookie-law No.known.fix Settings.Update.via.CSRF MEDIUM" "encyclopedia-lexicon-glossary-wiki-dictionary 1.7.61 Reflected.Cross-Site.Scripting MEDIUM" "edge-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edge-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "events-manager-pro-extended No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "easy-contact-form-solution 1.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "enhanced-plugin-admin 1.17 CSRF MEDIUM" "email-capture-lead-generation No.known.fix Missing.Authorization MEDIUM" "easy-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy2map-photos 1.1.0 SQL.Injection CRITICAL" "eonet-manual-user-approve No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easyrecipe No.known.fix Cross-Site.Request.Forgery MEDIUM" "event-espresso-free 3.1.37.12.L Authenticated.Blind.SQL.Injection HIGH" "export-wp-page-to-static-html 2.2.3 Open.Redirect HIGH" "export-wp-page-to-static-html 2.2.0 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "export-wp-page-to-static-html 2.2.0 Cross-Site.Request.Forgery.via.Multiple.AJAX.Actions MEDIUM" "ezoic-integration 2.8.9 Admin+.Stored.XSS LOW" "ezoic-integration 2.8.9 Unauthenticated.Settings.Update.to.Stored.XSS MEDIUM" "embedding-barcodes-into-product-pages-and-orders 2.0.3 Authenticated.(Subscriber+).Sensitive.Information.Disclosure MEDIUM" "email-form-under-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-countdowner No.known.fix Cross-Site.Request.Forgery MEDIUM" "easy-amazon-product-information No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-social-share-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elastic-email-sender 1.2.7 Admin+.Stored.XSS LOW" "easyrotator-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-demo-importer 1.1.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-wp-smtp 2.3.1 Exposure.of.Sensitive.Information.via.the.UI LOW" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Access MEDIUM" "easy-wp-smtp 1.5.2 Admin+.Arbitrary.File.Deletion MEDIUM" "easy-wp-smtp 1.5.2 Admin+.RCE MEDIUM" "easy-wp-smtp 1.5.0 Admin+.PHP.Objection.Injection MEDIUM" "easy-wp-smtp 1.4.3 Debug.Log.Disclosure HIGH" "easy-wp-smtp 1.3.9.1 Unauthenticated.Arbitrary.wp_options.Import MEDIUM" "embed-pdf-viewer 2.4.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "embed-pdf-viewer 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.height.and.width.Parameters MEDIUM" "emarksheet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ele-blog No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Deactivation.Submission MEDIUM" "ele-blog No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-modal 2.1.0 Authenticated.SQL.Injection HIGH" "elex-woocommerce-google-product-feed-plugin-basic 1.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-redirect-manager No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "error-log-monitor 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "error-log-monitor 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "error-log-monitor 1.6.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "exchange-addon-easy-canadian-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-testimonials 3.9.3 Contributor+.Stored.XSS MEDIUM" "easy-testimonials 3.9 Reflected.Cross-Site.Scripting MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery MEDIUM" "easy-testimonials 3.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "easy-testimonials 3.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "easy-testimonials 1.37 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "eroom-zoom-meetings-webinar 1.4.19 Missing.Authorization.to.Information.Exposure MEDIUM" "eroom-zoom-meetings-webinar 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "eroom-zoom-meetings-webinar 1.3.8 Sync.Meetings.via.CSRF MEDIUM" "eroom-zoom-meetings-webinar 1.3.9 Cache.Deletion.via.CSRF MEDIUM" "easy-language-switcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-addons-elementor 5.8.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Lightbox.and.Modal.Widget MEDIUM" "essential-addons-elementor 5.8.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Carousel.Widget MEDIUM" "essential-addons-elementor 5.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'title_html_tag' MEDIUM" "essential-addons-elementor 5.4.9 Reflected.XSS HIGH" "essential-addons-elementor 5.4.9 Unauthenticated.SSRF MEDIUM" "easy-newsletter-signups No.known.fix Admin+.SQLi MEDIUM" "easy-newsletter-signups No.known.fix Missing.Authorization MEDIUM" "easy-newsletter-signups 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-order-view No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-panorama 1.1.5 Admin+.Stored.XSS LOW" "estatik No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "estatik 4.1.1 Reflected.XSS HIGH" "estatik 4.1.1 Unauthenticated.PHP.Object.Injection HIGH" "estatik 4.1.1 Subscriber+.Arbitrary.Option.Update HIGH" "estatik 2.3.1 Arbitrary.File.Upload HIGH" "email-customizer-woocommerce 1.7.2 Multiple.Author+.SQLi MEDIUM" "easync-booking 1.3.15 Subscriber+.PayPal.Settings.Update MEDIUM" "easync-booking 1.3.12 Reflected.Cross-Site.Scripting HIGH" "easync-booking 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "easync-booking 1.1.16 Unauthenticated.Arbitrary.File.Upload CRITICAL" "easync-booking 1.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-form-builder 3.8.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "easy-form-builder 3.7.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "easy-form-builder 3.4.0 Admin+.Stored.XSS LOW" "eventon-rsvp 2.9.5 Reflected.XSS HIGH" "easy-custom-js-and-css-pro No.known.fix Reflected.Cross-Site.Scripting HIGH" "event-list 0.8.8 Admin+.Stored.Cross-Site.Scripting LOW" "event-list 0.7.10 XSS MEDIUM" "event-list 0.7.9 Authenticated.SQL.Injection HIGH" "ethpress 2.1.1 Reflected.Cross-Site.Scripting MEDIUM" "ethpress 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "everest-coming-soon-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "enl-newsletter No.known.fix Campaign.Deletion.via.CSRF MEDIUM" "enl-newsletter No.known.fix Stored.XSS.via.CSRF HIGH" "enl-newsletter No.known.fix Admin+.SQL.Injection MEDIUM" "exchange-addon-stripe 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-property-listings 3.5.4 Arbitrary.Contact.Deletion.via.CSRF MEDIUM" "easy-property-listings 3.5.4 Missing.Authorization.via.epl_update_listing_coordinates() MEDIUM" "easy-property-listings 3.5.3 Authenticated(Contributor+).SQL.Injection.via.Shortcode HIGH" "easy-property-listings 3.5.4 Admin+.Stored.XSS LOW" "easy-property-listings 3.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "easy-property-listings 3.4 Cross-Site.Scripting.(XSS) MEDIUM" "easy-call-now-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-call-now-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "et-core-plugin No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Download MEDIUM" "et-core-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "et-core-plugin No.known.fix Missing.Authorization MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "et-core-plugin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "et-core-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "et-core-plugin No.known.fix Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload CRITICAL" "easy-form 2.7.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-form 1.2.1 Admin+.Stored.XSS LOW" "email-users No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "email-users 4.8.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "email-users 4.8.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "email-users 4.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "embed-power-bi No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "expire-tags No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "expire-tags No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ect-product-carousel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "external-media-upload 0.5 Reflected.Cross-Site.Scripting MEDIUM" "envo-extra 1.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "envo-extra 1.8.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "envo-extra 1.8.17 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "envo-extra 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "envo-extra 1.8.4 Cross-Site.Request.Forgery MEDIUM" "erident-custom-login-and-dashboard 3.5.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "erident-custom-login-and-dashboard 3.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "embed-google-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-google-map No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-appointments 3.11.19 Insufficient.Authorization MEDIUM" "easy-appointments 3.11.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-appointments 3.11.10 Cross-Site.Request.Forgery MEDIUM" "easy-appointments 3.11.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "easy-appointments 1.12.0 Cross-Site.Scripting.(XSS) MEDIUM" "extend-filter-products-by-price-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "events-addon-for-elementor 2.2.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "events-addon-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 2.2.1 Contributor+.Stored.XSS MEDIUM" "events-addon-for-elementor 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "events-addon-for-elementor 2.1.3 Missing.Authorization MEDIUM" "events-addon-for-elementor 2.1.3 Cross-Site.Request.Forgery MEDIUM" "events-addon-for-elementor 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "events-addon-for-elementor 1.9.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eg-attachments No.known.fix Reflected.XSS HIGH" "ecwid-shopping-cart 6.12.28 Cross-Site.Request.Forgery.to.Send.Deactivation.Message MEDIUM" "ecwid-shopping-cart 6.12.11 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ecwid-shopping-cart 6.12.5 Cross-Site.Request.Forgery MEDIUM" "ecwid-shopping-cart 6.12.5 Arbitrary.Plugin.Settings.Change.via.CSRF MEDIUM" "ecwid-shopping-cart 6.12.4 Missing.Authorization.on.multiple.functions MEDIUM" "ecwid-shopping-cart 6.11.5 Contributor+.Stored.Cross-Site.Scriping MEDIUM" "ecwid-shopping-cart 6.11.4 Import.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.24 Settings.Update.via.CSRF MEDIUM" "ecwid-shopping-cart 6.10.23 Insufficient.Access.Control MEDIUM" "easy-accordion-free 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-accordion-free 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-accordion-free 2.0.22 Admin+.Stored.Cross-Site.Scripting LOW" "edunext-openedx-integrator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "embed-office-viewer 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "embed-office-viewer 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eventprime-event-calendar-management 4.0.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Attendees.Export MEDIUM" "eventprime-event-calendar-management 4.0.7.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Ticket.Category.and.Ticket.Type.Name HIGH" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 4.0.4.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Transaction.Log MEDIUM" "eventprime-event-calendar-management 4.0.4.6 Open.Redirect MEDIUM" "eventprime-event-calendar-management 4.0.4.4 Missing.Authorization.to.Unauthenticated.Private.or.Password-Protected.Events.Disclosure MEDIUM" "eventprime-event-calendar-management 4.0.4.0 Missing.Authorization.via.calendar_event_create() MEDIUM" "eventprime-event-calendar-management 3.5.0 .Subscriber+.Arbitrary.booking.settings.update MEDIUM" "eventprime-event-calendar-management 3.3.5 Unauthenticated.Booking.Price.Manipulation MEDIUM" "eventprime-event-calendar-management 3.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "eventprime-event-calendar-management 3.4.3 Unauthenticated.Booking.Payment.Bypass MEDIUM" "eventprime-event-calendar-management 3.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "eventprime-event-calendar-management 3.4.3 Missing.Authorization.to.Arbitrary.Post.Overwrite MEDIUM" "eventprime-event-calendar-management 3.4.4 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "eventprime-event-calendar-management 3.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Attendee.List.Retrieval MEDIUM" "eventprime-event-calendar-management 3.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Event.Export MEDIUM" "eventprime-event-calendar-management 3.4.0 Improper.Input.Validation.via.save_event_booking MEDIUM" "eventprime-event-calendar-management 3.3.6 Unauthenticated.Event.Access MEDIUM" "eventprime-event-calendar-management 3.3.3 Contributor+.Stored.XSS MEDIUM" "eventprime-event-calendar-management 3.3.6 Booking.Pricing.Bypass MEDIUM" "eventprime-event-calendar-management 3.1.6 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.2.0 Reflected.HTML.Injection.on.keyword.parameter MEDIUM" "eventprime-event-calendar-management 3.2.0 Booking.Creation.via.CSRF MEDIUM" "eventprime-event-calendar-management 3.2.0 Reflected.XSS HIGH" "eventprime-event-calendar-management 3.0.6 Reflected.Cross-Site.Scripting HIGH" "eventprime-event-calendar-management 3.0.0 Unauthenticated.Reflected.XSS HIGH" "e2pdf 1.25.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "e2pdf 1.23.00 Missing.Authorization MEDIUM" "e2pdf 1.23.00 Cross-Site.Request.Forgery MEDIUM" "e2pdf 1.20.24 Authenticated(Administrator+).SQL.Injection MEDIUM" "e2pdf 1.20.26 Admin+.Arbitrary.File.Upload HIGH" "e2pdf 1.20.19 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "e2pdf 1.20.20 Admin+.Stored.Cross-Site.Scriping LOW" "e2pdf 1.16.45 Admin+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "easy-tiktok-feed 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-tiktok-feed 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-courses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-two-factor-authentication 1.0.5 Two.Factor.Authentication.<.1.0.5.-.Reflected.Cross-Site.Scripting HIGH" "easy-wp-tiles No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easyjobs 2.4.15 Reflected.Cross-Site.Scripting MEDIUM" "easyjobs 2.4.7 Subscriber+.Arbitrary.Settings.Update MEDIUM" "easyjobs 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.5.4 Arbitrary.Tickets.Deletion.via.CSRF MEDIUM" "event-tickets-with-ticket-scanner 2.4.4 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.12 Authenticated.(Author+).Remote.Code.Execution HIGH" "event-tickets-with-ticket-scanner 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "event-tickets-with-ticket-scanner 2.3.8 Admin+.Stored.XSS LOW" "ekc-tournament-manager 2.2.2 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "ekc-tournament-manager 2.2.2 Delete.Tournaments.via.CSRF MEDIUM" "ekc-tournament-manager 2.2.2 Admin+.Arbitrary.File.Download LOW" "ekc-tournament-manager 2.2.2 Create.Tournaments/Teams.via.CSRF MEDIUM" "events-search-addon-for-the-events-calendar 1.2 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "embed-ispring No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "email-suscripcion No.known.fix Unauthenticated.SQL.Injection HIGH" "eewee-admincustom No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "eewee-admincustom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-posts-to-subscribers No.known.fix Admin+.Stored.XSS LOW" "email-posts-to-subscribers No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "email-posts-to-subscribers No.known.fix Unauthenticated.SQLi HIGH" "everest-forms 3.0.9.5 Unauthenticated.Arbitrary.File.Upload,.Read,.and.Deletion CRITICAL" "everest-forms 3.0.8.1 Admin+.Stored.XSS LOW" "everest-forms 3.0.4.2 Admin+.Stored.XSS LOW" "everest-forms 3.0.3.1 Admin+.Stored.XSS LOW" "everest-forms 2.0.8 Unauthenticated.Server-Side.Request.Forgery.via.font_url HIGH" "everest-forms 2.0.5 Admin+.Stored.XSS LOW" "everest-forms 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "everest-forms 1.5.0 SQL.Injection CRITICAL" "essential-real-estate 5.1.9 Cross-Site.Request.Forgery MEDIUM" "essential-real-estate 5.1.7 Missing.Authorization.to.Authenticated.(Contributor+).Information.Exposure MEDIUM" "essential-real-estate 4.4.5 Insecure.Direct.Object.Reference.to.Arbitrary.Attachment.Deletion MEDIUM" "essential-real-estate 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "essential-real-estate 4.4.0 Subscriber+.Stored.XSS HIGH" "essential-real-estate 4.4.0 Subscriber+.Denial.of.Service.via.Arbitrary.Option.Update HIGH" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "essential-real-estate 4.4.0 Subscriber+.Arbitrary.File.Upload HIGH" "essential-real-estate 3.9.6 Reflected.Cross-Site-Scripting MEDIUM" "ebay-feeds-for-wordpress 3.4 Admin+.Stored.XSS LOW" "ebay-feeds-for-wordpress 1.2 Cross-Site.Scripting.via.rss_url.Parameter MEDIUM" "easy-menu-manager-wpzest No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "emergency-password-reset 9.0 Cross-Site.Request.Forgery MEDIUM" "educare 1.4.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "educare 1.4.4 Students.&.Result.Management.System.<.1.4.4.-.Cross-Site.Request.Forgery.(CSRF) MEDIUM" "eazydocs No.known.fix Contributor+.Local.File.Inclusion HIGH" "eazydocs 2.5.1 Missing.Authorization MEDIUM" "eazydocs 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eazydocs 2.5.0 Admin+.Stored.XSS LOW" "eazydocs 2.4.0 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.6 Subscriber+.Arbitrary.Posts.Deletion.and.Document.Management MEDIUM" "eazydocs 2.3.4 Subscriber.+.SQLi HIGH" "eazydocs 2.3.6 Reflected.XSS MEDIUM" "eazydocs 2.3.6 Unauthenticated.OnePage.Document.Update/Publish MEDIUM" "eazydocs 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.45 Admin+.Stored.XSS LOW" "email-subscribers 5.7.44 Admin+.SQL.Injection MEDIUM" "email-subscribers 5.7.35 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "email-subscribers 5.7.35 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "email-subscribers 5.7.27 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.27.-.Missing.Authorization MEDIUM" "email-subscribers 5.7.26 Unauthenticated.SQL.Injection.via.unsubscribe CRITICAL" "email-subscribers 5.7.24 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.24.-.Unauthenticated.SQL.Injection.via.optin CRITICAL" "email-subscribers 5.7.23 Authenticated.(Subscriber+).SQL.Injection.Vulnerability.via.options[list_id] HIGH" "email-subscribers 5.7.21 Unauthenticated.SQL.Injection.via.hash CRITICAL" "email-subscribers 5.7.18 Missing.Authorization MEDIUM" "email-subscribers 5.7.20 Missing.Authorization.in.handle_ajax_request HIGH" "email-subscribers 5.7.15 Email.Subscribers,.Newsletters.and.Marketing.Automation.Plugin.<.5.7.15.-.Unauthenticated.SQL.Injection CRITICAL" "email-subscribers 5.7.16 Authenticated.(Administrator+).Cross-Site.Scripting.via.CSV.import MEDIUM" "email-subscribers 5.7.14 Missing.Authorization MEDIUM" "email-subscribers 5.7.12 Reflected.Cross-Site.Scripting.via.campaign_id MEDIUM" "email-subscribers 5.6.24 .Admin+.Directory.Traversal CRITICAL" "email-subscribers 5.5.3 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "email-subscribers 5.5.1 Subscriber+.SQLi HIGH" "email-subscribers 5.3.2 Unauthenticated.arbitrary.option.update HIGH" "email-subscribers 5.3.2 Subscriber+.Blind.SQL.injection HIGH" "email-subscribers 4.5.6 Unauthenticated.email.forgery/spoofing HIGH" "email-subscribers 4.5.1 Cross-site.Request.Forgery.in.send_test_email() LOW" "email-subscribers 4.5.1 Authenticated.SQL.injection.in.es_newsletters_settings_callback() MEDIUM" "email-subscribers 4.2.3 Multiple.Issues HIGH" "email-subscribers 4.3.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "email-subscribers 4.1.8 SQL.Injection HIGH" "email-subscribers 4.1.7 Cross-Site.Scripting.(XSS) CRITICAL" "email-subscribers 3.5.0 Cross-Site.Scripting.(XSS) MEDIUM" "email-subscribers 3.4.8 Unauthenticated.Subscriber.Download HIGH" "email-subscribers 2.9.1 Multiple.XSS.&.SQLi MEDIUM" "evaluate No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "ezyonlinebookings-online-booking-system No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-video-player 1.2.2.11 Contributor+.Stored.XSS MEDIUM" "easy-video-player 1.2.2.3 Contributor+.Stored.XSS MEDIUM" "eduadmin-booking 5.3.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "email-address-encoder 1.0.24 Cross-Site.Request.Forgery.via.eae_clear_caches() MEDIUM" "email-address-encoder 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "edoc-easy-tables No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "events-for-geodirectory 2.3.15 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ean-for-woocommerce 5.4.0 Missing.Authorization MEDIUM" "ean-for-woocommerce 4.9.0 Authenticated.(Shop.Manager+).Arbitrary.Options.Update MEDIUM" "ean-for-woocommerce 4.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alg_wc_ean_product_meta.Shortcode MEDIUM" "ean-for-woocommerce 4.9.3 Insecure.Direct.Object.Reference.to.Sensitve.Information.Exposure.via.Shortcode MEDIUM" "ean-for-woocommerce 4.4.3 Contributor+.Stored.XSS MEDIUM" "email-on-publish No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "email-before-download No.known.fix Cross-Site.Request.Forgery MEDIUM" "email-before-download 6.8 Admin+.SQL.Injection MEDIUM" "email-before-download 4.0 SQL.Injection MEDIUM" "easy-media-replace 0.2.0 Author+.File.Deletion MEDIUM" "easy-post-types No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "easy-post-types No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "easy-post-types No.known.fix Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "events-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "expand-maker 3.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.'Read.More'.Post.Deletion MEDIUM" "expand-maker 3.2.7 Admin+.PHP.Object.Injection LOW" "easy-hide-login 1.0.8 Admin+.Stored.XSS LOW" "easy-hide-login 1.0.9 Arbitrary.settings.update.via.CSRF MEDIUM" "easy-wp-cookie-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-wp-cookie-popup No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-courses 0.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-courses 0.1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "edd-recent-purchases No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "editable-table No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "easy-team-manager No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "edit-comments-xt No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elementor 3.25.11 Contributor+.Stored.XSS MEDIUM" "elementor 3.27.5 Contributor+.Stored.XSS MEDIUM" "elementor 3.25.10 Contributor+.Stored.XSS.via.Typography.Settings MEDIUM" "elementor 3.25.8 Contributor+.Stored.XSS MEDIUM" "elementor 3.24.6 Contributor+.Information.Exposure.via.get_image_alt LOW" "elementor 3.24.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.the.URL.Parameter.in.Multiple.Widgets MEDIUM" "elementor 3.22.2 Contributor+.Arbitrary.SVG.Download MEDIUM" "elementor 3.21.6 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.20.3 Contributor+.DOM.Stored.XSS MEDIUM" "elementor 3.19.1 Authenticated(Contributor+).Arbitrary.File.Deletion.and.PHAR.Deserialization HIGH" "elementor 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_image_alt MEDIUM" "elementor 3.18.2 Contributor+.Arbitrary.File.Upload.to.RCE.via.Template.Import HIGH" "elementor 3.16.5 Missing.Authorization.to.Arbitrary.Attachment.Read MEDIUM" "elementor 3.16.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.get_inline_svg() MEDIUM" "elementor 3.5.5 Iframe.Injection MEDIUM" "elementor 3.13.2 Missing.Authorization MEDIUM" "elementor 3.12.2 Admin+.SQLi MEDIUM" "elementor 3.5.6 DOM.Reflected.Cross-Site.Scripting MEDIUM" "elementor 3.6.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "elementor 3.4.8 DOM.Cross-Site-Scripting MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Divider.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Icon.Box.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Heading.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Accordion.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Image.Box.Widget MEDIUM" "elementor 3.1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS).in.Column.Element MEDIUM" "elementor 3.0.14 SVG.Upload.Allowed.by.Default MEDIUM" "elementor 2.9.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "elementor 2.9.10 Authenticated.Stored.XSS HIGH" "elementor 2.9.8 SVG.Sanitizer.Bypass.leading.to.Authenticated.Stored.XSS MEDIUM" "elementor 2.9.6 Authenticated.Safe.Mode.Privilege.Escalation MEDIUM" "elementor 2.7.7 Authenticated.Stored.XSS MEDIUM" "elementor 2.8.5 Authenticated.Reflected.XSS MEDIUM" "elementor 2.8.4 Cross-Site.Scripting.(XSS) MEDIUM" "elementor 2.7.5 Authenticated.Arbitrary.File.Upload CRITICAL" "elementor 1.8.0 Authenticated.Unrestricted.Editing HIGH" "ere-recently-viewed 2.0 Unauthenticated.PHP.Object.Injection MEDIUM" "ecab-taxi-booking-manager 1.1.9 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "ecab-taxi-booking-manager 1.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "ekiline-block-collection 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elevio No.known.fix Cross-Site.Request.Forgery MEDIUM" "editorial-calendar 3.8.3 Contributor+.Stored.XSS MEDIUM" "easy-real-estate No.known.fix Privilege.Escalation CRITICAL" "easy-real-estate No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "easy-social-icons 3.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "easy-social-icons 3.2.5 Missing.Authorization.via.cnss_save_ajax_order MEDIUM" "easy-social-icons 3.2.1 Admin+.Stored.Cross-Site.Scripting.in.add.icon LOW" "easy-social-icons 3.2.1 Unauthenticated.Arbitrary.Icon.Deletion MEDIUM" "easy-social-icons 3.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "easy-social-icons 3.1.4 Admin+.SQL.Injection MEDIUM" "easy-social-icons 3.1.3 Reflected.Cross-Site.Scripting HIGH" "easy-social-icons 3.0.9 Reflected.Cross-Site.Scripting HIGH" "easy-chart-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exchange-rates-widget 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "email-template-customizer-for-woo 1.2.9.2 Shop.manager+.Stored.XSS LOW" "ect-social-share No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-replace No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "explore-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-post-to-post-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-affiliate-links 3.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "easy-affiliate-links 3.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-affiliate-links 3.7.1 Contributor+.Stored.XSS MEDIUM" "easy-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "easy-automatic-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ebook-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ebook-store No.known.fix Reflected.Cross-Site.Scripting.via.'step' MEDIUM" "ebook-store No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "ebook-store 5.8002 Admin+.Stored.XSS LOW" "ebook-store 5.785 Reflected.XSS HIGH" "ebook-store 5.78 Unauthenticated.Sensitive.Data.Disclose MEDIUM" "ebook-store 5.78 Admin+.Stored.XSS LOW" "events-calendar-for-google 3.0.0 Contributor+.Local.File.Inclusion HIGH" "exchange-addon-easy-ue-vat-taxes 1.2.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "enable-accessibility No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enable-accessibility 1.4.1 CSRF MEDIUM" "export-users-to-csv No.known.fix CSV.Injection HIGH" "embed-google-fonts No.known.fix Missing.Authorization MEDIUM" "email-customizer-for-woocommerce-with-drag-drop-builder No.known.fix WooCommerce.Email.Customizer.<=.3.0.34.-.Authenticated.(Subscriber+).Missing.Authorization.to.SQL.Injection MEDIUM" "exchange-addon-custom-url-tracking 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "ect-homepage-products No.known.fix Reflected.XSS HIGH" "ethereumico 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ethereum-ico.Shortcode MEDIUM" "ethereumico 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "ethereumico 2.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "error-log-viewer 1.1.3 Directory.Listing.to.Sensitive.Data.Exposure LOW" "error-log-viewer 1.1.2 Arbitrary.Text.File.Deletion.via.CSRF LOW" "error-log-viewer 1.1.2 Admin+.Arbitrary.File.Clearing MEDIUM" "error-log-viewer 1.0.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ezpz-one-click-backup No.known.fix Cross-Site.Scripting.(XSS) CRITICAL" "external-database-based-actions No.known.fix Authenticated.(Subscriber+).Authentication.Bypass HIGH" "easy-marijuana-age-verify 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-marijuana-age-verify 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "events-calendar-pro 7.0.2.1 Authenticated.(Administrator+).PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "events-calendar-pro 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "eshop No.known.fix Authenticated.Blind.SQL.Injection HIGH" "eshop No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "eshop No.known.fix Reflected.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "eshop 6.3.12 Remote.Code.Execution MEDIUM" "essential-blocks 5.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 5.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.8.4 Missing.Authorization MEDIUM" "essential-blocks 5.1.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.7.0 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.13 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.10 Contributor+.DOM-Based.XSS.via.Social.Icons.Block MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.4.10 Missing.Authorization MEDIUM" "essential-blocks 4.5.4 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.5.2 Contributor+.Stored.XSS MEDIUM" "essential-blocks 4.4.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "essential-blocks 4.2.1 Contributor+.Unauthorised.Actions LOW" "essential-blocks 4.2.1 Subscriber+.Unauthorised.Actions MEDIUM" "essential-blocks 4.4.3 Unauthenticated.Local.File.Inclusion CRITICAL" "essential-blocks 4.2.1 Missing.Authorization.via.AJAX.actions MEDIUM" "essential-blocks 4.2.1 Unauthenticated.Object.Injection HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.products HIGH" "essential-blocks 4.2.1 Unauthenticated.PHP.Object.Injection.via.queries HIGH" "essential-blocks 4.0.7 Multiple.Functions.Missing.Authorization.Checks MEDIUM" "examapp No.known.fix Authenticated.SQL.Injection./.Cross-Site.Scripting HIGH" "easy-coming-soon No.known.fix Admin+.Stored.XSS LOW" "export-import-menus 1.9.2 Missing.Authorization.to.Unauthenticated.Menu.Export MEDIUM" "export-import-menus 1.9.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "email-to-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elements-for-lifterlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elements-for-lifterlms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-login-styler No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "extended-widget-options 5.1.3 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "embedded-cdn No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-notify-lite 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-notify-lite 1.1.33 Contributor+.Stored.XSS MEDIUM" "easy-notify-lite 1.1.30 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 Cross-Site.Request.Forgery MEDIUM" "exportfeed-for-woocommerce-product-to-etsy 3.3.2 CSRF.Bypass MEDIUM" "exquisite-paypal-donation No.known.fix Admin+.Stored.XSS LOW" "error-notification No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "eu-cookie-law No.known.fix Admin+.Stored.XSS LOW" "eu-cookie-law 3.1.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "easy-sign-up No.known.fix Contributor+.Stored.XSS MEDIUM" "elegant-themes-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enable-media-replace 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "enable-media-replace 4.1.3 Author+.PHP.Object.Injection MEDIUM" "enable-media-replace 4.0.2 Author+.Arbitrary.File.Upload CRITICAL" "enable-media-replace 4.0.0 Admin+.Path.Traversal LOW" "easy-custom-js-and-css No.known.fix Reflected.Cross-Site.Scripting HIGH" "easy-paypal-events-tickets 1.2.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "easy-paypal-events-tickets 1.1.2 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "easy-code-snippets No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "easy-code-snippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-code-snippets 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-code-snippets 1.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "exit-popup-show No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "emails-blacklist-everest-forms 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "emails-blacklist-everest-forms 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "express-shop 4.0.3 CSRF.Bypass MEDIUM" "easy-pdf-restaurant-menu-upload 1.2 XSS MEDIUM" "events-widgets-for-elementor-and-the-events-calendar 1.5 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "ep4-more-embeds No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "easy-table-of-contents 2.0.68 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.67.1 Editor+.Stored.XSS LOW" "easy-table-of-contents 2.0.66 Admin+.Stored.XSS LOW" "endless-posts-navigation 2.2.8 Cross-Site.Request.Forgery MEDIUM" "easy-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ecpay-ecommerce-for-woocommerce 1.1.2502030 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Deletion MEDIUM" "eu-vat-for-woocommerce 2.12.14 Missing.Authorization MEDIUM" "eu-vat-for-woocommerce 2.12.14 Reflected.Cross-Site.Scripting MEDIUM" "eu-vat-for-woocommerce 3.0.0 Reflected.Cross-Site.Scripting HIGH" "epermissions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exchange-addon-manual-purchases 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-elementor-addons 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-elementor-addons 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "extensive-vc-addon 1.9.1 Unauthenticated.RCE CRITICAL" "easy-facebook-like-box 4.1.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "edwiser-bridge 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "edwiser-bridge 3.0.8 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "edwiser-bridge 3.0.6 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "edwiser-bridge 3.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "edwiser-bridge 2.0.7 Cross-Site.Request.Forgery MEDIUM" "edwiser-bridge 2.0.7 CSRF.Nonce.Bypass MEDIUM" "extra-product-options-for-woocommerce 3.0.7 Missing.Authorization MEDIUM" "extra-product-options-for-woocommerce No.known.fix Shop.manager+.Stored.XSS MEDIUM" "easy-call-now No.known.fix Cross-Site.Request.Forgery.via.settings_page MEDIUM" "enhanced-tooltipglossary 4.3.12 Reflected.XSS HIGH" "enhanced-tooltipglossary 4.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 4.3.4 Admin+.Stored.XSS LOW" "enhanced-tooltipglossary 4.3.0 Settings.Update.via.CSRF MEDIUM" "enhanced-tooltipglossary 3.9.21 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "enhanced-tooltipglossary 3.3.5 XSS MEDIUM" "easylogo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "embed-any-document 2.7.6 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.embeddoc.Shortcode MEDIUM" "embed-any-document 2.7.2 Author+.Stored.XSS LOW" "elo-rating-shortcode 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-sticky-sidebar 1.5.9 Unauthenticated.AJAX.Actions.Call MEDIUM" "events-calendar No.known.fix Admin+.Stored.XSS LOW" "external-video-for-everybody No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ebook-downloader No.known.fix Unauthenticated.SQL.Injection HIGH" "extender-all-in-one-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "etsy-importer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "essential-content-types 1.9 Unauthorised.Plugin's.Setting.Change MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.13 Reflected.Cross-Site.Scripting MEDIUM" "ether-and-erc20-tokens-woocommerce-payment-gateway 4.12.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "external-url-as-post-featured-image-thumbnail 2.03 Reflected.Cross-Site.Scripting MEDIUM" "emailshroud No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "everest-faq-manager-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "enable-shortcodes-inside-widgetscomments-and-experts No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "essential-grid 3.1.2 Unauthenticated.Private.Post.Disclosure MEDIUM" "essential-grid 3.0.19 Missing.Authorization HIGH" "essential-grid 3.1.1 Reflected.XSS HIGH" "essential-wp-real-estate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "essential-wp-real-estate No.known.fix Reflected.XSS HIGH" "essential-wp-real-estate No.known.fix Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "exchange-addon-table-rate-shipping 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "email-reminders 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "email-reminders 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "external-media 1.0.36 Admin+.Stored.XSS LOW" "external-media 1.0.34 Authenticated.Arbitrary.File.Upload CRITICAL" "emc2-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-popup-lightbox-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "edd-google-sheet-connector-pro 1.4 Access.Code.Update.via.CSRF MEDIUM" "edoc-employee-application No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "external-videos No.known.fix Admin+.Stored.XSS LOW" "easy-blocks-pro No.known.fix Missing.Authorization HIGH" "easy-event-calendar No.known.fix Admin+.Stored.XSS LOW" "endomondowp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "echosign 1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "export-post-info 1.2.1 Author+.CSV.Injection MEDIUM" "export-post-info 1.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "eelv-redirection 1.5.1 Cross-Site.Request.Forgery.to.Arbitrary.Site.Redirect MEDIUM" "email-encoder-bundle 2.2.2 Admin+.Stored.XSS LOW" "email-encoder-bundle 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "email-encoder-bundle 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "email-encoder-bundle 2.1.2 Reflected.Cross.Site.Scripting MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.8 Missing.Authorization MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "elex-woocommerce-dynamic-pricing-and-discounts 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "embed-form 1.3.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-contact-form-pro 1.1.1.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "email-queue 1.1.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "embed-google-photos-album-easily 2.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "ebecas No.known.fix Admin+.Stored.XSS LOW" "evergreen-content-poster 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "evergreen-content-poster 1.4.3 Missing.Authorization MEDIUM" "evergreen-content-poster 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "evergreen-content-poster 1.4.1 Admin+.Stored.XSS LOW" "exam-matrix No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "email-verification-for-woocommerce-pro 1.8.2 Loose.Comparison.to.Authentication.Bypass CRITICAL" "email-obfuscate-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-custom-code 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "easy-site-importer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Change MEDIUM" "easy-preloader No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "easy-broken-link-checker No.known.fix Bulk.Actions.via.CSRF MEDIUM" "easy-broken-link-checker No.known.fix Admin+.Stored.XSS LOW" "easy-broken-link-checker No.known.fix Reflected.XSS HIGH" "easy-broken-link-checker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exchange-addon-easy-us-sales-taxes 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "easy-social-share-buttons3 9.5 Missing.Authorization MEDIUM" "easy-social-share-buttons3 9.5 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "easy-social-share-buttons3 9.5 Reflected.Cross-Site.Scripting MEDIUM" "easy-captcha No.known.fix Missing.Authorization MEDIUM" "easy-captcha No.known.fix Reflected.Cross-Site.Scripting HIGH" "esb-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "export-woocommerce 2.0.9 Missing.Authorization MEDIUM" "export-woocommerce 2.0.11 Reflected.XSS HIGH" "embed-swagger-ui No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization MEDIUM" "elementinvader-addons-for-elementor 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "elementinvader-addons-for-elementor 1.3.2 Missing.Authorization.to.Arbitrary.Options.Read MEDIUM" "elementinvader-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Information.Exposure MEDIUM" "elementinvader-addons-for-elementor 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementinvader-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-cookies-policy No.known.fix Broken.Access.Control.to.Stored.Cross-Site.Scripting HIGH" "erima-zarinpal-donate No.known.fix Cross-Site.Request.Forgery MEDIUM" "email-tracker 5.3.9 Reflected.Cross-Site.Scripting MEDIUM" "email-tracker 5.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "email-tracker 5.2.6 Reflected.Cross-Site.Scripting HIGH" "email-tracker 5.2.7 Arbitrary.Email.Entry.Deletion.via.CSRF MEDIUM" "email-templates 1.4.3 Email.Sending.via.CSRF MEDIUM" "embedder-for-google-reviews 1.5.11 Reflected.Cross-Site.Scripting MEDIUM" "ezplayer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-csv-importer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "edd-tab-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edd-tab-manager 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "edd-tab-manager 1.3.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "embed-power-bi-reports 1.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-schema-structured-data-rich-snippets 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-paypal-donation 1.4.5 Reflected.Cross-Site.Scripting MEDIUM" "easy-paypal-donation 1.3.4 Arbitrary.Post.Deletion.via.CSRF HIGH" "easy-paypal-donation 1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "easy-paypal-donation 1.3.1 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-paypal-donation 1.3.1 CSRF.to.Arbitrary.Post.Deletion MEDIUM" "extended-search-plugin No.known.fix Settings.Update.via.CSRF MEDIUM" "eid-easy-qualified-electonic-signature 3.3.1 Use.of.Polyfill.io MEDIUM" "ebook-download 1.2 Directory.Traversal HIGH" "event-espresso-decaf 5.0.31.decaf Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 5.0.22.decaf Authenticated.(Subscriber+).Missing.Authorization.to.Limited.Plugin.Settings.Modification MEDIUM" "event-espresso-decaf 4.10.12 Cross-Site.Request.Forgery MEDIUM" "event-espresso-decaf 4.10.14 CSRF.Bypass MEDIUM" "export-media-urls 2.0 Cross-Site.Request.Forgery MEDIUM" "event-notifier 1.2.1 XSS MEDIUM" "eupago-gateway-for-woocommerce 3.1.10 CSRF MEDIUM" "everest-timeline-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "exclusive-divi No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "exchange-addon-invoices 1.4.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "exchange-addon-2checkout 1.1.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "embed-calendly-scheduling 3.7 Embed.Calendly.<.3,7.Contributor+.Stored.XSS MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Unauthenticated.Arbitrary.Instagram.Account.Unlinking MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel No.known.fix Subscriber+.Plugin.Database.Reset MEDIUM" "enjoy-instagram-instagram-responsive-images-gallery-and-carousel 6.2.1 Reflected.Cross-Site.Scripting MEDIUM" "enable-svg-uploads No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "easy-embed-for-youtube-wall 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Stored.XSS MEDIUM" "enable-svg-webp-ico-upload 1.1.1 Author+.Arbitrary.File.Upload HIGH" "enable-svg-webp-ico-upload 1.0.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "easy-shortcode-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "everest-tab-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "eprolo-dropshipping 1.7.2 Missing.Authorization MEDIUM" "eventify No.known.fix Admin+.Stored.XSS LOW" "elementskit-lite 3.4.1 Unauthenticated.Information.Exposure MEDIUM" "elementskit-lite 3.4.1 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison.Widget MEDIUM" "elementskit-lite 3.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "elementskit-lite 3.2.1 Unauthenticated.Information.Exposure.via.ekit_widgetarea_content.Function MEDIUM" "elementskit-lite 3.2.0 Missing.Authorization MEDIUM" "elementskit-lite 3.1.3 3.1.2.-.Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.1.1 Contributor+.Local.File.Inclusion.via.Onepage.Scroll.Module HIGH" "elementskit-lite 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "elementskit-lite 3.0.7 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.7 Contributor+.Local.File.Inclusion HIGH" "elementskit-lite 3.0.4 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.6 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.5 Contributor+.Stored.XSS MEDIUM" "elementskit-lite 3.0.4 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "elementskit-lite 2.9.2 Missing.Authorization MEDIUM" "elementskit-lite 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-zillow-reviews 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-zillow-reviews 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "envira-gallery-lite 1.8.16 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "envira-gallery-lite 1.8.15 Missing.Authorization MEDIUM" "envira-gallery-lite 1.8.15 Author+.Stored.XSS MEDIUM" "envira-gallery-lite 1.8.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "envira-gallery-lite 1.8.7.3 Missing.Authorization.to.Gallery.Modification.via.envira_gallery_insert_images MEDIUM" "envira-gallery-lite 1.8.4.7 Reflected.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.8.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "envira-gallery-lite 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS).Issue MEDIUM" "emag-marketplace-connector 1.0.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "event-feed-for-eventbrite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "event-feed-for-eventbrite 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-student-results No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-student-results No.known.fix Sensitive.Information.Disclosure.via.REST.API LOW" "edd-cashapp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enweby-variation-swatches-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "emailpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "everest-counter-lite 2.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "events-made-easy No.known.fix Subscriber+.SQLi HIGH" "events-made-easy 2.3.17 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "events-made-easy 2.2.81 Unauthenticated.SQLi HIGH" "events-made-easy 2.2.36 Subscriber+.SQL.Injection HIGH" "events-made-easy 2.2.24 Admin+.Stored.Cross-Site.Scripting LOW" "events-made-easy 1.6.21 CSRF.to.Cross-Site.Scripting.(XSS) HIGH" "events-made-easy 1.5.50 Multi.CSRF.to.Stored.Cross-Site.Scripting.&.Event.Deletion HIGH" "embedstories 0.7.5 Contributor+.Stored.XSS MEDIUM" "easy-pie-maintenance-mode No.known.fix Admin+.Stored.XSS LOW" "edubin No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "easy-admin-menu No.known.fix Admin+.Stored.XSS LOW" "event-calendars No.known.fix Unauthenticated.Arbitrary.Calendar.Deletion MEDIUM" "ecommerce-addon 1.4 Reflected.Cross-Site.Scripting MEDIUM" "ecommerce-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.3 Reflected.Cross-Site.Scripting MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "envialosimple-email-marketing-y-newsletters-gratis No.known.fix Cross-Site.Request.Forgery MEDIUM" "envialosimple-email-marketing-y-newsletters-gratis 2.2 EnvíaloSimple.<.2,2.Unauthenticated.PHP.Object.Injection MEDIUM" "enable-wp-debug-from-admin-dashboard 1.86 Reflected.Cross-Site.Scripting MEDIUM" "elementskit 3.7.9 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "elementskit 3.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Motion.Text.and.Table.Widgets MEDIUM" "elementskit 3.6.3 Authenticated.(Contributor+).Server-Side.Request.Forgery HIGH" "elementskit 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elementskit 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Price.Menu,.Hotspot,.and.Advanced.Toggle.Widgets HIGH" "elementskit 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'ekit_btn_id' MEDIUM" "elementskit 2.2.0 Contributor+.Stored.XSS MEDIUM" "easy-svg-image-allow No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-catalog-images-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "easy-tweet-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-eu-cookie-law No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "edit-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "edit-comments No.known.fix Unauthenticated.SQL.Injection HIGH" "everest-google-places-reviews-lite 2.0.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "easypromos 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-filtering No.known.fix Reflected.Cross-Site.Scripting HIGH" "education-addon No.known.fix Authenticated.(Contributor+).Insecure.Direct.Object.Reference.via.naedu_elementor_template.Shortcode MEDIUM" "education-addon No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "education-addon 1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.1.1 All-in-one.Google.Analytics,.Pixels.and.Product.Feed.Manager.for.WooCommerce.<.7.1.1.-.Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.0 Reflected.Cross-Site.Scripting MEDIUM" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection.via.ee_syncProductCategory HIGH" "enhanced-e-commerce-for-woocommerce-store 7.0.8 Subscriber+.SQL.Injection HIGH" "enhanced-e-commerce-for-woocommerce-store 6.5.4 Reflected.XSS HIGH" "enhanced-e-commerce-for-woocommerce-store 5.2.4 Settings.Update.via.CSRF MEDIUM" "enhanced-e-commerce-for-woocommerce-store 4.6.2 Subscriber+.SQL.Injection HIGH" "easy-justified-gallery 1.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-registration-forms No.known.fix Subscriber+.Information.Disclosure.via.Shortcode MEDIUM" "easy-registration-forms No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "easy-registration-forms No.known.fix CSV.Injection MEDIUM" "easy-fancybox 2.3.4 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "easy-fancybox 2.3.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "easy-fancybox 1.8.18 Authenticated.Stored.XSS MEDIUM" "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic No.known.fix Authenticated.(Shop.manager+).SQL.Injection MEDIUM" "easy-form-builder-by-bitware No.known.fix Unauthorised.AJAX.calls HIGH" "easy-form-builder-by-bitware No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "extensions-for-cf7 3.2.1 Authenticated.(Admin+).Sever-Side.Request.Forgery LOW" "extensions-for-cf7 3.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "extensions-for-cf7 2.0.9 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "editionguard-for-woocommerce-ebook-sales-with-drm No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "e-search No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "easy-login-woocommerce 2.8.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.xoo_el_action.Shortcode MEDIUM" "easy-login-woocommerce 2.7.3 2.7.2.-.Missing.Authorization.to.Arbitrary.Options.Exposure MEDIUM" "easy-login-woocommerce 2.7.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.4 Settings.Reset.via.CSRF MEDIUM" "easy-login-woocommerce 2.3 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "easy-login-woocommerce 2.2 Reflected.Cross-Site.Scripting HIGH" "easy-login-woocommerce 1.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Switcher,.Slider,.and.Iconbox.Widgets MEDIUM" "elegant-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HTML.tags MEDIUM" "exs-widgets 0.3.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "embed-twine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elex-helpdesk-customer-support-ticket-system 3.2.7 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "extra-user-details 0.5.1 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "extra-user-details 0.5.1 Admin+.Stored.XSS LOW" "easy-textillate No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-textillate 2.02 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "everest-admin-theme-lite 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "email-log 2.4.9 Unauthenticated.Hook.Injection HIGH" "email-log 2.4.8 Reflected.Cross-Site.Scripting HIGH" "email-log 2.4.7 Admin+.SQL.Injection MEDIUM" "email-subscribe 1.2.24 Authenticated.(Administrator+).SQL.Injection MEDIUM" "email-subscribe 1.2.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.print_email_subscribe_form.Shortcode MEDIUM" "email-subscribe 1.2.21 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.20 Reflected.XSS HIGH" "email-subscribe 1.2.19 .Reflected.Cross-Site.Scripting MEDIUM" "email-subscribe 1.2.17 Reflected.XSS HIGH" "empty-cart-button-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "exclusive-content-password-protect No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "exertio-framework 1.3.2 Unauthenticated.Arbitrary.User.Password.Update HIGH" "ect-add-to-cart-button No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "emi-calculator No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Change MEDIUM" "easy-svg 3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "easy-svg 3.3.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "expandable-paywall 2.0.17 Reflected.Cross-Site.Scripting MEDIUM" "expandable-paywall 2.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-video-thumbnail 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "easy-booked 2.4.6 Cross-Site.Request.Forgery MEDIUM" "easy-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.10.6 Reflected.Cross-Site.Scripting MEDIUM" "ethereum-wallet 4.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exmage-wp-image-links 1.0.7 Admin+.Blind.SSRF LOW" "export-users No.known.fix CSV.Injection MEDIUM" "easy-smooth-scroll-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "easy-smooth-scroll-links 2.23.1 Admin+.Stored.Cross-Site.Scripting LOW" "easy-smooth-scroll-links 2.23.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-caller-with-moceanapi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-header-footer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "email-header-footer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "embed-privacy 1.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-school-registration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "exportfeed-list-woocommerce-products-on-ebay-store No.known.fix Admin+.SQL.Injection MEDIUM" "enable-svg 1.4.0 Author+.Stored.Cross.Site.Scripting.via.SVG MEDIUM" "enhanced-text-widget 1.6.6 Admin+.Stored.XSS LOW" "enhanced-text-widget 1.5.8 Subscriber+.Plugin.Installation MEDIUM" "enhanced-text-widget 1.5.8 Plugin.Installation.via.CSRF MEDIUM" "eventon 4.7 WordPress.Virtual.Event.Calendar.Plugin.<.4.7.-.Cross-Site.Request.Forgery.via.admin_test_email MEDIUM" "easy-post-views-count 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-age-verify 1.8.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "easy-age-verify 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "eelv-newsletter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "eelv-newsletter No.known.fix Cross-Site.Request.Forgery MEDIUM" "eelv-newsletter 4.6.1 CSRF.&.XSS HIGH" "etemplates No.known.fix Unauthenticated.SQL.Injection CRITICAL" "embed-documents-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easy-quotes 1.2.3 Unauthenticated.SQL.Injection HIGH" "easy-liveblogs 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "enquiry-quotation-for-woocommerce 2.2.33.34 Authenticated.(Author+).PHP.Object.Injection.in.enquiry_detail.php HIGH" "enquiry-quotation-for-woocommerce 2.2.13 Admin+.Stored.XSS LOW" "eventON 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "eventON 4.5.5 Reflected.XSS HIGH" "eventON 4.5.5 Unauthenticated.Virtual.Event.Password.Disclosure MEDIUM" "eventON 4.5.9 Unauthenticated.Virtual.Event.Settings.Update MEDIUM" "eventON 4.5.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "eventON 4.5.5 Admin+.Stored.Cross-Site.Scripting LOW" "eventON 4.5.6 Unauthenticated.Arbitrary.Post.Metadata.Update HIGH" "eventON 4.4.1 Reflected.Cross-Site.Scripting HIGH" "eventON 4.4 Unauthenticated.Event.Access HIGH" "eventON 4.4 Unauthenticated.Post.Access.via.IDOR HIGH" "everse-starter-sites 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "everse-starter-sites 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-facebook-likebox 6.5.7 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.6 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fb_appid MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "easy-facebook-likebox 6.5.5 Cross-Site.Request.Forgery MEDIUM" "easy-facebook-likebox 6.5.3 Subscriber+.Settings.Update MEDIUM" "easy-facebook-likebox 6.5.0 Reflected.Cross-Site.Scripting MEDIUM" "easy-facebook-likebox 6.4.0 Contributor+.Stored.XSS MEDIUM" "easy-facebook-likebox 6.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "easy-facebook-likebox 6.2.7 Reflected.Cross-Site.Scripting HIGH" "everest-comment-rating-lite 2.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "email-my-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "external-media-without-import No.known.fix Subscriber+.Blind.SSRF LOW" "external-media-without-import 1.0.1 Reflected.XSS HIGH" "full-screen-menu-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "fudou 5.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "f4-improvements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "f4-improvements 1.8.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "fulltext-search 1.79.262 Missing.Authorization MEDIUM" "fulltext-search 1.79.262 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.69.234 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fulltext-search 1.70.236 Cross-Site.Request.Forgery MEDIUM" "fulltext-search 1.69.234 Missing.Authorization MEDIUM" "fulltext-search 1.60.213 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WPFTS.Live.Search.Widget MEDIUM" "forms-by-made-it 2.8.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-by-made-it 1.12.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "freemind-wp-browser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "folders 3.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "folders 3.0.1 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders 3.0.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.User.First.Name.and.Last.Name MEDIUM" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload.in.handle_folders_file_upload HIGH" "folders 2.9.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "five-minute-webshop No.known.fix Admin+.SQLi.via.orderby MEDIUM" "five-minute-webshop No.known.fix Admin+.SQLi.via.id MEDIUM" "free-product-sample 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "free-product-sample 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "far-future-expiry-header 1.5 Plugin's.Settings.Update.via.CSRF MEDIUM" "fintelligence-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flickr-slideshow-wrapper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "faq-manager-with-structured-data 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "faq-manager-with-structured-data 5.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fancy-roller-scroller 1.4.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "formfacade 1.3.7 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.3.7 Reflected.Cross-Site.Scripting HIGH" "formfacade 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "formfacade 1.2.2 Contributor+.Stored.XSS MEDIUM" "fresh-framework No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "fathom-analytics 3.1.0 Admin+.Stored.XSS LOW" "fathom-analytics 3.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "friendstore-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "full-page-blog-designer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-products-first-for-woocommerce 1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "featured-products-first-for-woocommerce 1.9.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fontsampler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fontsampler 0.14.3 CSRF.to.Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "f12-profiler No.known.fix Cross-Site.Request.Forgery MEDIUM" "fb-account-kit-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fb-account-kit-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "full-screen-page-background-image-slideshow No.known.fix Admin+.Stored.XSS LOW" "formidable 6.16.2 Reflected.Cross-Site.Scripting.via.Custom.HTML.Form.Parameter MEDIUM" "formidable 6.14.1 Admin+.Stored.XSS LOW" "formidable 6.11.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "formidable 6.8 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "formidable 6.7.1 HTML.Injection MEDIUM" "formidable 6.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "formidable 6.2 Unauthenticated.PHP.Object.Injection HIGH" "formidable 6.1 IP.Spoofing MEDIUM" "formidable 5.5.7 Arbitrary.Entry.Deletion.via.CSRF MEDIUM" "formidable 5.0.07 Admin+.Stored.Cross-Site.Scripting LOW" "formidable 4.09.05 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "formidable 4.02.01 Unsafe.Deserialisation CRITICAL" "formidable 2.05.03 Multiple.Vulnerabilities HIGH" "formidable 2.0 Authenticated.Blind.SQL.Injection MEDIUM" "formidable 1.06.03 Arbitrary.File.Upload.via.ofc_upload_image.php CRITICAL" "file-gallery No.known.fix Reflected.Cross-Site.Scripting.via.post_id MEDIUM" "file-gallery 1.8.5.4 Contributor+.Stored.XSS MEDIUM" "front-editor 4.4.8 Admin+.Stored.XSS LOW" "front-editor 4.4.5 Admin+.Stored.XSS LOW" "front-editor 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "front-editor 3.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fullworks-ice-ide-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-ice-ide-integration No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "facebook-wall-and-social-integration 1.11 Admin+.Stored.Cross-Site.Scripting LOW" "full-customer 3.1.26 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "full-customer 3.1.23 Reflected.Cross-Site.Scripting MEDIUM" "full-customer 3.1.13 Unauthenticated.Stored.Cross-Site.Scripting.via.License.Plan.Parameter HIGH" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Arbitrary.Plugin.Installation HIGH" "full-customer 2.3 Customer.<.2.3.-.Subscriber+.Health.Check.Disclosure MEDIUM" "find-content-ids No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fraudlabs-pro-sms-verification 1.10.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "formafzar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "favicon-switcher No.known.fix Arbitrary.Settings.Change.via.CSRF MEDIUM" "flattr No.known.fix Admin+.Stored.XSS LOW" "free-comments-for-wordpress-vuukle 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "friendly-functions-for-welcart 1.2.5 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "faq-and-answers 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formget-contact-form No.known.fix Contributor+.Stored.XSS MEDIUM" "flexible-woocommerce-checkout-field-editor No.known.fix Missing.Authorization MEDIUM" "fixed-ip-logins 1.0 Reflected.Cross-Site.Scripting MEDIUM" "footer-flyout-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fat-services-booking No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fat-services-booking No.known.fix Unauthenticated.SQL.Injection HIGH" "font-awesome-more-icons No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "five-star-ratings-shortcode 1.2.48 Reflected.Cross-Site.Scripting MEDIUM" "five-star-ratings-shortcode 1.2.39 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flexible-wishlist 1.2.27 Cross-Site.Request.Forgery.to.Wishlist.Creation/Modification MEDIUM" "flexible-wishlist 1.2.26 Unauthenticated.Stored.Cross-Site.Scripting.via.wishlist_name.Parameter HIGH" "free-shipping-label 2.6.11 Reflected.Cross-Site.Scripting MEDIUM" "forumwp 2.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "forumwp 2.1.3 Reflected.Cross-Site.Scripting.via.url.Parameter HIGH" "forumwp 2.1.3 Reflected.Cross-Site.Scripting HIGH" "forumwp 2.1.0 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "flower-delivery-by-florist-one 3.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flower-delivery-by-florist-one No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "forget-about-shortcode-buttons 2.1.3 CSRF MEDIUM" "forget-about-shortcode-buttons 1.1.2 XSS MEDIUM" "featured-page-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedback-suite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedback-suite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "feedback-suite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "fp-rss-category-excluder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-captcha No.known.fix Contributor+.Stored.XSS MEDIUM" "fsflex-local-fonts No.known.fix Admin+.Stored.Cross-Site-Scripting LOW" "flying-press 3.9.7 Arbitrary.Settings.Update.to.Stored.XSS HIGH" "foxyshop 4.8.2 Reflected.Cross-Site.Scripting MEDIUM" "fediverse-embeds 1.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "facebook-conversion-pixel 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.4 Reflected.Cross-Site.Scripting MEDIUM" "facebook-conversion-pixel 2.6.2 CSRF.to.Stored.Cross-Site.Scripting HIGH" "facebook-conversion-pixel 2.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "freemage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freemage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "freemage No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "filedownload No.known.fix Multiple.Issues CRITICAL" "finale-woocommerce-sales-countdown-timer-discount 2.20.0 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Cross-Site.Request.Forgery MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.18.0 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "finale-woocommerce-sales-countdown-timer-discount 2.17.0 Unauthenticated.Arbitrary.File.Deletion HIGH" "feed-them-social 4.2.1 Cross-Site.Request.Forgery.via.review_nag_check LOW" "feed-them-social 4.0.0 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Settings.Update.via.CSRF MEDIUM" "feed-them-social 3.0.1 Subscriber+.Stored.XSS MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "feed-them-social 2.9.8.6 Unauthenticated.PHAR.Deserialisation MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery MEDIUM" "feed-them-social 2.8.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feed-them-social 1.7.0 XSS.&.Arbitrary.Shortcode.Execution CRITICAL" "favicon-generator 2.1 Arbitrary.File.Upload.via.CSRF HIGH" "favicon-generator 2.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion CRITICAL" "favicon-generator 2.1 Arbitrary.File.Deletion.via.CSRF HIGH" "font-awesome-integration No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "futurio-extra 2.0.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.header_size.tag MEDIUM" "futurio-extra 2.0.14 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "futurio-extra 2.0.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "futurio-extra 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Text.Block.Widget MEDIUM" "futurio-extra 1.9.1 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "futurio-extra 1.6.3 Subscriber+.User.Email.Address.Disclosure MEDIUM" "futurio-extra 1.6.3 Authenticated.SQL.Injection MEDIUM" "freshmail-integration No.known.fix Cross-Site.Request.Forgery MEDIUM" "freshmail-integration No.known.fix Reflected.XSS HIGH" "feedbackscout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedbackscout No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fancy-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusedesk 6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "files-download-delay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "files-download-delay 1.0.7 Subscriber+.Settings.Reset MEDIUM" "files-download-delay 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fifthsegment-whitelist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexidx-home-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "free-wp-booster-by-ads-pro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "file-manager 6.5.8 Authenticated.(Subscriber+).Limited.JavaScript.File.Upload MEDIUM" "file-manager 6.5.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager 6.5.6 6.5.5.-.Unauthenticated.Remote.Code.Execution.via.Race.Condition HIGH" "file-manager 6.3 Admin+.Arbitrary.OS.File/Folder.Access.+.Path.Traversal MEDIUM" "file-manager 5.2.3 Subscriber+.Arbitrary.File.Creation/Upload/Deletion CRITICAL" "file-manager 5.0.2 Information.Disclosure HIGH" "fast-custom-social-share-by-codebard No.known.fix Cross-Site.Request.Forgery MEDIUM" "fast-custom-social-share-by-codebard No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fast-custom-social-share-by-codebard 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "filester 1.8.7 Missing.Authorization.to.Authenticated.(Subscriber+).Filebird.Plugin.Installation MEDIUM" "filester 1.8.6 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "filester 1.8.7 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "filester 1.8.3 Authenticated.Plugin.Settings.Update HIGH" "filester 1.8.1 Admin+.Remote.Code.Execution MEDIUM" "filester 1.8.1 Admin+.Stored.Cross-Site.Scripting LOW" "filester 1.8 Remote.Code.Execution.via.CSRF CRITICAL" "frontend-registration-contact-form-7 No.known.fix Authenticated.(Editor+).Privilege.Escalation HIGH" "filled-in No.known.fix Stored.XSS.via.CSRF HIGH" "finance-calculator-with-application-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "filter-gallery 0.1.6 Admin+.Stored.XSS LOW" "filter-gallery 0.0.7 Unauthorised.AJAX.Calls HIGH" "fx-toc No.known.fix Contributor+.Stored.XSS MEDIUM" "flynsarmy-iframe-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "footer-putter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedwordpress 2024.0428 Unauthenticated.Draft.Access MEDIUM" "feedwordpress 2022.0123 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "feedwordpress 2015.0514 XSS.&.SQL-Injection MEDIUM" "final-tiles-grid-gallery-lite 3.6.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.6.0 Contributor+.Stored.XSS MEDIUM" "final-tiles-grid-gallery-lite 3.5.8 Reflected.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "final-tiles-grid-gallery-lite 3.5.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "final-tiles-grid-gallery-lite 3.4.19 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "final-tiles-grid-gallery-lite 3.3.57 Subscriber+.Arbitrary.Option.Update CRITICAL" "filebird-document-library 2.0.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "feed-comments-number No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "foopeople No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foopeople No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fs-shopping-cart No.known.fix Authenticated.SQL.Injection HIGH" "find-duplicates No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "floating-tiktok-button 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forms-ada-form-builder No.known.fix Unauthenticated.Reflected.XSS HIGH" "final-user-wp-frontend-user-profiles 1.2.2 Subscriber+.Privilege.Escalation CRITICAL" "fastly 1.2.26 Missing.Authorization MEDIUM" "fastly 1.2.26 Missing.Authorization.via.AJAX.actions MEDIUM" "featured-image-from-url 4.8.3 Missing.Authorization MEDIUM" "featured-image-from-url 4.8.2 Missing.Authorization MEDIUM" "featured-image-from-url 4.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fifu_input_url MEDIUM" "featured-image-from-url 4.5.4 Contributor+.Stored.XSS MEDIUM" "featured-image-from-url 4.0.0 Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "featured-image-from-url 4.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "fooevents 1.19.21 Improper.Authorization.to.(Contributor+).Arbitrary.File.Upload HIGH" "foobox-image-lightbox 2.7.32 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "foobox-image-lightbox 2.7.28 Admin+.Stored.XSS LOW" "foobox-image-lightbox 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox 2.7.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foobox-image-lightbox 2.6.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "facebook-comment-by-vivacity No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "feed-instagram-lite 1.0.0.29 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "frictionless No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "filebird 6.4.6 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "filebird 6.3.4 Missing.Authorization MEDIUM" "filebird 5.6.4 Author+.Users.Folder.Deletion LOW" "filebird 5.6.4 Author+.Stored.XSS MEDIUM" "filebird 5.6.1 Admin+.Stored.XSS MEDIUM" "filebird 4.7.4 Unauthenticated.SQL.Injection HIGH" "fontific No.known.fix Cross-Site.Request.Forgery.via.ajax_fontific_save_all HIGH" "forms-3rdparty-post-again No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "floating-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "first-comment-redirect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "forms-gutenberg No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "forms-gutenberg 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "fixed-html-toolbar 1.0.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "fast-index 1.10 Reflected.Cross-Site.Scripting MEDIUM" "featured-image-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-image-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-image-toolkit No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "float-to-top-button No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "featured-posts-scroll No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "frontend-checklist No.known.fix Admin+.Stored.XSS LOW" "frontend-checklist No.known.fix Admin+.Stored.XSS.via.Items LOW" "flat-preloader 1.5.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "flat-preloader 1.5.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "furnob-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "freesoul-deactivate-plugins 2.1.4 Cross-Site.Request.Forgery.via.eos_dp_pro_delete_transient MEDIUM" "fancy-elementor-flipbox 2.5.2 Contributor+.Stored.XSs.via.Fancy.Elementor.Flipbox.Widget MEDIUM" "fileviewer No.known.fix Arbitrary.File.Upload/Deletion.via.CSRF CRITICAL" "fullworks-anti-spam 1.3.10 Reflected.Cross-Site.Scripting MEDIUM" "fullworks-anti-spam 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fma-additional-registration-attributes No.known.fix Arbitrary.Field.Deletion.and.Form.Modification.via.CSRF HIGH" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "feedpress-generator 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "font-awesome-4-menus No.known.fix Contributor+.Stored.XSS MEDIUM" "font-awesome-4-menus No.known.fix Admin+.Stored.XSS LOW" "freshing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "freshing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fundpress 2.0.7 Unauthenticated.PHP.Object.Injection HIGH" "fareharbor 3.6.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fareharbor 3.6.7 Admin+.Stored.XSS LOW" "fancy-product-designer 6.4.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "fancy-product-designer 6.4.4 Unauthenticated.SQL.Injection HIGH" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting LOW" "fancy-product-designer 6.1.8 Reflected.Cross.Site.Scripting HIGH" "fancy-product-designer 6.1.81 Admin+.Cross.Site.Scripting.via.Product.Title LOW" "fancy-product-designer 6.1.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Site.Options.Modification HIGH" "fancy-product-designer 4.7.0 Subscriber+.Unauthorized.Access.and.Modification MEDIUM" "fancy-product-designer 4.7.6 Arbitrary.File.Upload.via.CSRF HIGH" "fancy-product-designer 4.7.5 Admin+.SQL.Injection MEDIUM" "fancy-product-designer 4.6.9 Unauthenticated.Arbitrary.File.Upload.and.RCE CRITICAL" "fancy-product-designer 4.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "furikake No.known.fix Unauthenticated.Open.Redirect MEDIUM" "floatbox-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "foundation-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "favorites 2.3.5 Admin+.Stored.XSS LOW" "favorites 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "favorites 2.3.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "formscrm 3.6 Reflected.Cross-Site.Scripting MEDIUM" "focus-on-reviews-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fluentform 5.2.7 Unauthenticated.Stored.XSS.via.Form.Subject HIGH" "fluentform 5.2.1 Admin+.Stored.XSS LOW" "fluentform 5.1.20 Form.Manager+.Stored.XSS LOW" "fluentform 5.1.19 .Missing.Authorization.to.Authenticated.(Subscriber+).Mailchimp.Integration.Modification MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.20 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Welcome.Screen.Fields MEDIUM" "fluentform 5.1.16 Contributor+.PHP.Object.Injection MEDIUM" "fluentform 5.1.17 Unauthenticated.Limited.Privilege.Escalation MEDIUM" "fluentform 5.1.14 Subscriber+.Stored.XSS MEDIUM" "fluentform 5.1.17 Unauthenticated.Settings.Update MEDIUM" "fluentform 5.1.17 Contributor+.Stored.XSS MEDIUM" "fluentform 5.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fluentform 5.1.7 Admin+.Stored.Cross-Site.Scripting.via.imported.form.title MEDIUM" "fluentform 5.0.9 Insecure.Direct.Object.Reference MEDIUM" "fluentform 5.0.0 SQL.Injection MEDIUM" "fluentform 4.3.25 Contributor+.Stored.XSS.via.Custom.HTML.Form.Field MEDIUM" "fluentform 4.3.13 CSV.Injection LOW" "fluentform 3.6.67 Cross-Site.Request.Forgery.(CSRF) HIGH" "full-picture-analytics-cookie-notice 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "full-picture-analytics-cookie-notice 3.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fotomoto No.known.fix Reflected.XSS HIGH" "font-organizer No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "fast-flow-dashboard 1.2.18 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "fast-flow-dashboard 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "fast-flow-dashboard 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "fotobook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "file-select-control-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "frontend-admin 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "frontend-admin 3.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "frontpage-manager No.known.fix Cross-Site.Request.Forgery.via.admin_page MEDIUM" "full-width-responsive-slider-wp 1.1.8 Reflected.XSS HIGH" "foogallery-premium 2.4.27 Authenticated.(Contributor+).Directory.Traversal HIGH" "foogallery-premium 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery-premium 2.4.6 Contributor+.Stored.XSS MEDIUM" "formidable-registration 2.12 Contributor+.Arbitrary.User.Password.Reset.To.Account.Takeover HIGH" "fusion-builder 3.11.14 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "fusion-builder 3.11.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "fusion-builder 3.11.13 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "fusion-builder 3.11.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fusion_button.Shortcode MEDIUM" "fusion-builder 3.11.2 Cross.Site.Scripting.(XSS).vulnerability.in.the.User.Register.element HIGH" "fusion-builder 3.6.2 Unauthenticated.SSRF HIGH" "front-end-pm 11.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "front-end-pm 11.3.8 Reflected.Cross-Site.Scripting MEDIUM" "front-end-pm 11.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "file-away No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "flowplayer6-video-player 1.0.5 Contributor+.Stored.XSS MEDIUM" "flickr-justified-gallery No.known.fix Cross-Site.Request.Forgery MEDIUM" "flickr-justified-gallery 3.4.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "facebook-pagelike-widget 6.4 Admin+.Stored.XSS LOW" "first-graders-toolbox 1.0.2 Plugins.Deactivation.via.CSRF MEDIUM" "fast-video-and-image-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "floating-action-buttons 1.0.1 Missing.Authorization MEDIUM" "fs-product-inquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "fs-product-inquiry No.known.fix Reflected.XSS HIGH" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "featured-posts-with-multiple-custom-groups-fpmcg No.known.fix Cross-Site.Request.Forgery MEDIUM" "free-event-banner No.known.fix Arbitrary.File.Upload.to.RCE CRITICAL" "floating-contact 2.8 Admin+.Stored.XSS LOW" "font-farsi No.known.fix Administrator+.Stored.Cross-Site.Scripting MEDIUM" "font-farsi No.known.fix Admin+.Stored.XSS.in.Settings LOW" "font-farsi No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fusionspan-impexium-single-sign-on No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flexible-coupons 1.10.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fat-event-lite No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "fat-event-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fat-event-lite No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "frontend-post-submission-manager-lite 1.2.3 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "food-store No.known.fix Reflected.Cross-Site.Scripting HIGH" "food-store 1.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "food-store 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "food-store 1.3.7 Unauthorised.AJAX.call.via.CSRF MEDIUM" "fetch-tweets No.known.fix Reflected.Cross-Site.Scripting HIGH" "forym No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "floating-awesome-button 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "floating-awesome-button 1.5.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fluentforms-pdf 1.1.8 Cross-Site.Scripting MEDIUM" "fusion 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feed-changer 0.3 Admin+.Stored.XSS LOW" "formaloo-form-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "form-maker 1.15.30 Admin+.Stored.XSS LOW" "form-maker 1.15.30 Admin+.Stored.XSS LOW" "form-maker 1.15.33 .Admin+.Stored.XSS LOW" "form-maker 1.15.33 Admin+.Stored.XSS.via.Theme.Title LOW" "form-maker 1.15.31 Admin+.Stored.XSS LOW" "form-maker 1.15.28 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "form-maker 1.15.31 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "form-maker 1.15.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.27 Reflected.Cross-Site.Scripting HIGH" "form-maker 1.15.26 Admin+.Stored.XSS MEDIUM" "form-maker 1.15.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.25 Authenticated.(Subscriber+).Stored.Self-Based.Cross-Site.Scripting MEDIUM" "form-maker 1.15.24 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.15.23 Sensitive.Information.Exposure MEDIUM" "form-maker 1.15.22 CSRF.to.limited.RCE MEDIUM" "form-maker 1.15.21 Captcha.Bypass HIGH" "form-maker 1.15.19 Unauthenticated.Stored.XSS HIGH" "form-maker 1.15.19 Reflected.XSS CRITICAL" "form-maker 1.15.20 Unauthenticated.Arbitrary.File.Upload MEDIUM" "form-maker 1.15.6 Admin+.SQLI LOW" "form-maker 1.14.12 Admin+.Stored.Cross-Site.Scripting MEDIUM" "form-maker 1.13.60 Authenticated.Stored.XSS HIGH" "form-maker 1.13.40 Authenticated.Reflected.XSS HIGH" "form-maker 1.13.36 Authenticated.SQL.Injection HIGH" "form-maker 1.13.3 Authenticated.SQL.Injection HIGH" "form-maker 1.13.5 Cross-Site.Request.Forgery.(CSRF).to.LFI MEDIUM" "form-maker 1.12.24 CSV.Injection MEDIUM" "featured-image-caption 0.8.11 Contributor+.Stored.XSS MEDIUM" "fwd-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fl3r-feelbox No.known.fix Unauthenticated.SQLi HIGH" "fl3r-feelbox No.known.fix Settings.Update.via.CSRF.to.Stored.XSS HIGH" "fl3r-feelbox No.known.fix Moods.Reset.via.CSRF MEDIUM" "fantastic-elasticsearch No.known.fix Reflected.XSS HIGH" "facebook-like-send-button 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "facebook-like-send-button 1.2 Admin+.Stored.XSS LOW" "flowpaper-lite-pdf-flipbook 2.0.4 Contributor+.Stored.XSS MEDIUM" "flowpaper-lite-pdf-flipbook 2.0.0 Contributor+.Stored.XSS MEDIUM" "football-leagues-by-anwppro 0.16.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "fullscreen-galleria 1.6.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "funnel-builder 3.9.1 Unauthenticated.Local.File.Inclusion CRITICAL" "funnel-builder 3.4.7 Missing.Authorization.to.Authenticated.(Contributor+).Settings.Update MEDIUM" "funnel-builder 3.4.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "funnel-builder 2.14.4 Authenticated(Administrator+).SQL.Injection MEDIUM" "faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "faqs No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fullworks-pricing-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-pricing-tables No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fusion-slider No.known.fix Authenticated.(Contributor+).PHP.Object.Injection MEDIUM" "finpose No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flo-forms 1.0.43 Missing.Authorization MEDIUM" "flo-forms 1.0.42 Subscriber+.Test.Email.Sending MEDIUM" "flo-forms 1.0.41 Admin+.Stored.XSS LOW" "flo-forms 1.0.36 Authenticated.Options.Change.to.Stored.XSS CRITICAL" "fd-elementor-button-plus No.known.fix Contributor+.Stored.XSS MEDIUM" "fluid-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "flipbox-builder No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "fg-drupal-to-wp 3.71.0 Sensitive.Information.Exposure MEDIUM" "fg-drupal-to-wp 3.68.0 Cross-Site.Request.Forgery.via.ajax_importer MEDIUM" "fontsy No.known.fix Multiple.Unauthenticated.SQLi HIGH" "foogallery 2.4.30 Insecure.Direct.Object.Reference.to.Authenticated.(Custom+).Arbitrary.Post/Page.Updates MEDIUM" "foogallery 2.4.30 Authenticated.(Custom+).Stored.Cross-Site.Scripting.via.Album.Title.Size MEDIUM" "foogallery 2.4.30 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.4.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Custom.URL MEDIUM" "foogallery 2.4.15 Author+.Stored.XSS MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "foogallery 2.4.15 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Attachment.Fields MEDIUM" "foogallery 2.4.9 Best.WordPress.Gallery.Plugin.–.FooGallery.<.2,4,9.-Admin+.Stored.Cross-Site.Scripting LOW" "foogallery 2.3.2 Reflected.XSS HIGH" "foogallery 2.3.2 Extensions.Mgt.via.CSRF MEDIUM" "foogallery 2.2.44 Reflected.Cross-Site.Scripting MEDIUM" "foogallery 2.2.41 Reflected.XSS HIGH" "foogallery 2.1.34 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "foogallery 2.0.35 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "foogallery 1.9.25 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "foogallery 1.6.17 Subscriber+.Arbitrary.Option.Update CRITICAL" "fileorganizer 1.1.5 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion HIGH" "fileorganizer 1.1.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "fileorganizer 1.0.8 Sensitive.Information.Exposure.via.Directory.Listing HIGH" "fileorganizer 1.0.7 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "fileorganizer 1.0.3 Admin+.Arbitrary.File.Access MEDIUM" "formcraft3 3.9.12 Premium.WordPress.Form.Builder.<.3.9.12.-.Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "formcraft3 3.9.12 Missing.Authorization.to.Plugin.Data.Export.in.formcraft-main.php MEDIUM" "formcraft3 3.8.28 Unauthenticated.SSRF MEDIUM" "formcraft3 3.4 Premium.WordPress.Form.Builder.<.3.4.-.Authenticated.Stored.XSS MEDIUM" "fare-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "forms-to-klaviyo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "facebook-fan-page-widget 2.1 Admin+.Stored.XSS LOW" "fast-search-powered-by-solr No.known.fix Settings.Update.via.CSRF MEDIUM" "fast-search-powered-by-solr No.known.fix Admin+.Stored.XSS LOW" "facilita-form-tracker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "file-manager-advanced 5.3.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "file-manager-advanced 5.2.14 5.2.13.-.Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.11 Subscriber+.Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.9 Authenticated.(Administrator+).Local.JavaScript.File.Inclusion.via.fma_locale MEDIUM" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "file-manager-advanced 5.2.9 Authenticated.(Subscriber+).Limited.File.Upload MEDIUM" "file-manager-advanced 5.2.5 Sensitive.Information.Exposure.via.Directory.Listing MEDIUM" "file-manager-advanced 5.1.1 Admin+.Arbitrary.File/Folder.Access MEDIUM" "file-manager-advanced-shortcode 2.5.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "file-manager-advanced-shortcode 2.4.1 Authenticated.(Contributor+).Directory.Traversal HIGH" "file-manager-advanced-shortcode No.known.fix Unauthenticated.Remote.Code.Execution.through.shortcode CRITICAL" "formforall No.known.fix Contributor+.Stored.XSS MEDIUM" "filter-portfolio-gallery No.known.fix Arbitrary.Gallery.Deletion.via.CSRF MEDIUM" "floating-cart-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "flexible-checkout-fields 4.1.3 Missing.Authorization MEDIUM" "fb-status-updater No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flash-album-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "flash-album-gallery 4.25 Full.Path.Disclosure MEDIUM" "flash-album-gallery 2.56 "gid".SQL.Injection HIGH" "flash-album-gallery No.known.fix admin/news.php.want2Read.Parameter.Traversal.Arbitrary.File.Access HIGH" "foogallery-captions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "floating-links 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "floating-links 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "friends 3.2.2 Missing.Authorization MEDIUM" "friends 2.8.6 Authenticated.(Admin+).Blind.Server-Side.Request.Forgery MEDIUM" "free-download-manager No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "fyrebox-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fv-descriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flightlog No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "famethemes-demo-importer 1.1.6 Cross-Site.Request.Forgery MEDIUM" "flexo-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frontend-uploader No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "floating-social-media-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "favicon-by-realfavicongenerator 1.3.23 Reflected.Cross-Site.Scripting MEDIUM" "favicon-by-realfavicongenerator 1.3.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "flying-twitter-birds No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "funnelforms-free No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "funnelforms-free 3.7.4.1 Authenticated.(Administrator+).Arbitrary.File.Deletion MEDIUM" "funnelforms-free 3.7.4.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Media.Upload MEDIUM" "funnelforms-free 3.4.2 Form.Deletion/Duplication.via.CSRF MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Post.Modification MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Enable/Disable.Dark.Mode MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Update MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Test.Email.Sending MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Category.Deletion MEDIUM" "funnelforms-free 3.4.2 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.Arbitrary.Post.Deletion MEDIUM" "funnelforms-free 3.4.2 Missing.Authorization.to.New.Category.Creation MEDIUM" "funnelforms-free 3.4 Funnelforms.Free.<.3,4.Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "funnelforms-free 3.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "flashcounter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "facebook-button-plugin 2.74 Unauthenticated.Password.Protected.Post.Read MEDIUM" "facebook-button-plugin 2.54 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "freshmail-newsletter 1.6 Unauthenticated.SQL.Injection HIGH" "flash-show-and-hide-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flat-ui-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.flatbtn.Shortcode MEDIUM" "floating-social-media-icon No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "faculty-weekly-schedule 1.2.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "florapress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "florapress 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "form-vibes 1.4.13 Missing.Authorization.in.Multiple.Functions MEDIUM" "form-vibes 1.4.11 Authenticated.(Subscriber+).SQL.Injection.via.fv_export_data HIGH" "form-vibes 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "form-vibes 1.4.6 Admin+.SQLi MEDIUM" "form-vibes 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formsite 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Plugin.Installation.via.CSRF MEDIUM" "feedburner-alternative-and-rss-redirect 3.8 Subscriber+.Plugin.Installation MEDIUM" "fullworks-slack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-slack No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "formzu-wp 1.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "formzu-wp 1.6.7 Contributor+.Stored.XSS.via.id MEDIUM" "formidablepro-2-pdf 3.11 Subscriber+.SQLi HIGH" "feedburner-optin-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flo-launch 2.4.1 Missing.Authentication.Allow.Full.Site.Takeover CRITICAL" "foobar-notifications-lite 2.1.32 Reflected.Cross-Site.Scripting MEDIUM" "foobar-notifications-lite 2.1.15 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "featured-image-generator 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Images.Upload MEDIUM" "flexible-shipping 4.24.16 Missing.Authorization MEDIUM" "flexible-shipping 4.11.9 Reflected.Cross-Site.Scripting MEDIUM" "frontend-dashboard 2.2.5 Authenticated.(Subscriber+).Arbitrary.Function.Call HIGH" "frontend-dashboard 2.2.4 Frontend.Dashboard.<.2,2,4.- MEDIUM" "frontend-dashboard 2.2.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fetch-jft 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "feedfocal 1.3.0 Unauthenticated.Tracking.Code.Update MEDIUM" "flexmls-idx 3.14.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexmls-idx 3.14.28 Unauthenticated.PHP.Object.Injection CRITICAL" "flexmls-idx 3.14.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.API.parameters MEDIUM" "flexmls-idx 3.14.23 Reflected.Cross-Site.Scripting MEDIUM" "fix-my-feed-rss-repair No.known.fix Cross-Site.Request.Forgery MEDIUM" "fluent-smtp 2.2.81 Cross-Site.Request.Forgery MEDIUM" "fluent-smtp 2.2.83 Unauthenticated.PHP.Object.Injection HIGH" "fluent-smtp 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "fluent-smtp 2.2.3 Stored.XSS.via.Email.Logs HIGH" "fluent-smtp 2.0.1 Authenticated.Stored.XSS LOW" "faltu-testimonial-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "featured-image-pro 5.15 Reflected.XSS HIGH" "flashnews-fading-effect-pearlbells No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "ferma-ru-net-checkout No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "flexible-blogtitle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "footer-text No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "featured-product-by-category-name No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flexi 4.20 Guest.Submit.<.4.20.-.Reflected.Cross-Site.Scripting MEDIUM" "fitness-trainer 1.4.1 Subscriber+.Privilege.Escalation CRITICAL" "flyzoo No.known.fix Admin+.Stored.XSS LOW" "fatal-error-notify 1.5.3 Subscriber+.Test.Error.Email.Sending MEDIUM" "fast-checkout-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-checkout-for-woocommerce 1.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fontawesomeio-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fin-accounting-for-woocommerce 4.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fma-products-tabs-pro No.known.fix Arbitrary.Tab.Deletion/Edition.via.CSRF HIGH" "feedzy-rss-feeds 4.4.8 Authenticated(Contributor+).Blind.Server-Side.Request.Forgery.(SSRF) MEDIUM" "feedzy-rss-feeds 4.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode.Error.Message MEDIUM" "feedzy-rss-feeds 4.4.3 Missing.Authorization.to.Arbitrary.Page.Creation.and.Publication MEDIUM" "feedzy-rss-feeds 4.4.3 Authenticated(Contributor+).SQL.Injection HIGH" "feedzy-rss-feeds 4.4.2 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Missing.Authorization MEDIUM" "feedzy-rss-feeds 4.3.3 Author+.Stored.Cross-Site.Scripting MEDIUM" "feedzy-rss-feeds 4.1.1 Contributor+.Stored.XSS MEDIUM" "feedzy-rss-feeds 3.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "feedzy-rss-feeds 3.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "free-google-fonts 3.0.1 Reflected.XSS HIGH" "fx-calculators 1.3.8 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "fx-calculators 1.3.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "fence-url No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "firework-videos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "fuse-social-floating-sidebar 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "fuse-social-floating-sidebar 5.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-wp-speed No.known.fix Reflected.XSS HIGH" "formatted-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "foobox-image-lightbox-premium 2.7.28 Admin+.Stored.XSS LOW" "fast-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-wp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fast-wp No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "fat-rat-collect 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "flatpm-wp 3.1.05 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flatpm-wp 3.0.13 Reflected.Cross-Site.Scripting HIGH" "fabrica-reusable-block-instances 1.0.9 Reflected.Cross-Site.Scripting HIGH" "fluent-security 1.0.2 Bypass.blocks.by.IP.Spoofing MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Missing.Authorization MEDIUM" "filter-custom-fields-taxonomies-light No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "flickr-rss No.known.fix XSS.and.CSRF HIGH" "for-the-visually-impaired No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "follow-me No.known.fix Stored.XSS.via.CSRF MEDIUM" "falcon 2.8.4 Missing.Authorization MEDIUM" "flexible-shipping-usps 1.10.0 Sensitive.Information.Exposure MEDIUM" "flexible-shipping-usps 1.9.3 Cross-Site.Request.Forgery MEDIUM" "front-end-only-users 3.2.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "front-end-only-users 3.2.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.forgot-password.Shortcode MEDIUM" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "front-end-only-users 3.2.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "front-end-only-users 3.2.25 Cross-Site.Request.Forgery MEDIUM" "file-renaming-on-upload 2.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "filr-protection 1.2.5 Editor+.Stored.XSS LOW" "filr-protection 1.2.3.6 Author+.RCE.via.file.upload.with.phar.ext CRITICAL" "filr-protection 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "filr-protection 1.2.2.1 Secure.Document.Library.<.1.2.2.1.-.Subscriber+.AJAX.Calls CRITICAL" "filr-protection 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flickr-picture-backup No.known.fix Unauthenticated.File.Upload CRITICAL" "form-to-json No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-forms No.known.fix Contact.Form.<=.1.2.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "frontend-group-restriction-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "frontend-group-restriction-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "faq-builder-ays 1.7.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "faq-builder-ays 1.3.6 Authenticated.Blind.SQL.Injections HIGH" "full-site-editing 3.79150 Contributor+.Stored.XSS MEDIUM" "foyer No.known.fix Content.Injection.via.Improper.Access.Control MEDIUM" "forminator 1.39.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "forminator 1.38.3 Reflected.XSS.via.Title.Parameter HIGH" "forminator 1.38.3 Admin+.Stored.XSS LOW" "forminator 1.36.1 Unauthenticated.Arbitrary.Quiz.Submissions.Update MEDIUM" "forminator 1.36.0 Missing.Authorization.to.Authenticated.(Contributor+).Form.Update.and.Creation HIGH" "forminator 1.36.0 Draft.Custom.Form.Creation.via.CSRF MEDIUM" "forminator 1.36.0 Draft.Quiz.Creation.via.CSRF MEDIUM" "forminator 1.34.1 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.2 HubSpot.Developer.API.Key.Sensitive.Information.Exposure HIGH" "forminator 1.29.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.29.3 Admin+.SQL.Injection MEDIUM" "forminator 1.15.4 Reflected.Cross-Site.Scripting MEDIUM" "forminator 1.29.3 Contributor+.Stored.Cross-Site.Scripting.via.forminator_form.Shortcode MEDIUM" "forminator 1.29.1 Unauthenticated.Stored.XSS HIGH" "forminator 1.29.1 Reflected.Cross-Site.Scripting HIGH" "forminator 1.28.0 Admin+.Arbitrary.File.Upload MEDIUM" "forminator 1.27.0 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.25.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "forminator 1.24.4 Reflected.XSS HIGH" "forminator 1.24.1 Unauthenticated.Race.Condition.on.poll.vote MEDIUM" "forminator 1.15.4 Admin+.Stored.Cross-Site.Scripting LOW" "forminator 1.14.12 Unauthenticated.Stored.XSS HIGH" "forminator 1.14.8.1 CSRF.Nonce.Bypasses MEDIUM" "forminator 1.13.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "forminator 1.6 Authenticated.Multiple.Vulnerabilities MEDIUM" "flipping-cards 1.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fwduvp No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "formcraft No.known.fix Arbitrary.File.Deletion CRITICAL" "fish-and-ships 1.6 Reflected.Cross-Site.Scripting MEDIUM" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flight-search-widget-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "flight-search-widget-blocks No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "fontmeister No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "football-pool 2.12.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.11.10 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.11.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "football-pool 2.6.5 Multiple.XSS MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make 0.99 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "fancy-user-listing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "facebook-for-woocommerce 1.9.15 CSRF.allowing.Option.Update HIGH" "feeds-for-youtube 2.2.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "feeds-for-youtube 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "feeds-for-youtube 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "fast-velocity-minify 2.7.7 Full.Path.Disclosure MEDIUM" "flaming-forms No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "flaming-forms No.known.fix Reflected.XSS HIGH" "flaming-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "find-your-reps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "fx-private-site No.known.fix Sensitive.Information.Exposure MEDIUM" "fancybox-for-wordpress 3.3.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fancybox-for-wordpress 3.3.4 3.3.3.-.Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "food-recipes 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "food-recipes 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fami-sales-popup No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "forms-to-zapier No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "forms-to-zapier 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "forms-to-zapier 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "form-to-sheet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "form-to-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fscf-sms 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "fattura24 6.2.8 Reflected.Cross-Site.Scripting HIGH" "fluent-crm 2.8.45 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fluent-crm 2.8.0 Marketing.Automation.For.WordPress..<.2.8.0.-.Unauthenticated.Subscriptions.Update MEDIUM" "fancy-facebook-comments 1.2.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "fancy-facebook-comments 1.2.15 Contributor+.Stored.XSS MEDIUM" "fancy-facebook-comments 1.2.11 Contributor+.Stored.XSS MEDIUM" "featured-content-gallery No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "float-menu 6.0.1 Menu.Deletion.via.CSRF MEDIUM" "float-menu 5.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "float-menu 5.0.2 Reflected.XSS MEDIUM" "float-menu 4.3.1 Arbitrary.Menu.Deletion.via.CSRF MEDIUM" "favicon-rotator 1.2.11 Reflected.Cross-Site.Scripting MEDIUM" "flash-video-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "fullworks-directory No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-directory No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "facebook-by-weblizar 2.8.5 CSRF.&.XSS HIGH" "formlift 7.5.18 Unauthenticated.SQL.Injection CRITICAL" "folders-pro 3.0.3 Directory.Traversal.via.handle_folders_file_upload MEDIUM" "folders-pro 3.0.3 Authenticated(Author+).Arbitrary.File.Upload.via.handle_folders_file_upload HIGH" "floating-button 6.0.1 Cross-Site.Request.Forgery.via.process_bulk_action MEDIUM" "floating-button 5.3.1 Reflected.XSS MEDIUM" "filestack-upload 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "formbuilder No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "formbuilder 1.08 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "formbuilder 1.0.8 Multiple.Authenticated.SQL.Injection MEDIUM" "fs-poster No.known.fix Cross-Site.Request.Forgery MEDIUM" "form-data-collector 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "file-icons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "folder-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fd-elementor-imagebox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fruitcake-horsemanager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "formello 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "feather-login-page 1.1.6 Cross-Site.Request.Forgery.via.saveData() MEDIUM" "feather-login-page 1.1.4 CSRF HIGH" "feather-login-page 1.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "feather-login-page 1.1.2 Missing.Authorization.to.Authentication.Bypass.and.Privilege.Escalation MEDIUM" "form-block 1.0.2 Form.Submission.via.CSRF MEDIUM" "font-awesome 4.3.2 Contributor+.Stored.XSS MEDIUM" "fw-integration-for-emailoctopus 1.0.8.2 Contributor+.Stored.XSS MEDIUM" "font-awesome-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flowfact-wp-connector 2.1.8 Reflected.XSS HIGH" "flexible-shipping-ups 3.0.0 Missing.Authorization.to.Plugin.API.key.reset MEDIUM" "flexible-shipping-ups 2.2.5 Cross-Site.Request.Forgery MEDIUM" "fws-ajax-contact-form No.known.fix Contributor+.Stored.XSS MEDIUM" "fastbook-responsive-appointment-booking-and-scheduling-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "find-any-think No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "fitness-calculators 2.0.9 Admin+.Stored.XSS LOW" "fitness-calculators 1.9.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.(XSS) HIGH" "file-upload-types 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "floating-action-button 1.2.2 Cross-Site.Request.Forgery MEDIUM" "facebook-messenger-customer-chat 1.6 Authenticated.Options.Change.to.Chat.Takeover HIGH" "facebook-messenger-customer-chat 1.3 CSRF HIGH" "flagged-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "formcraft-form-builder 1.2.11 Missing.Authorization MEDIUM" "formcraft-form-builder 1.2.8 Missing.Authorization.via.formcraft_nag_update MEDIUM" "formcraft-form-builder 1.2.7 Admin+.Stored.XSS LOW" "formcraft-form-builder 3.9.7 Admin+.SQLi MEDIUM" "formcraft-form-builder 1.2.10 Contributor+.Stored.XSS MEDIUM" "formcraft-form-builder 1.2.6 Admin+.Stored.Cross.Site.Scripting LOW" "formcraft-form-builder 1.2.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "formidable-sms 1.1.0 Cross-Site.Scripting.(XSS) MEDIUM" "featured-images-for-rss-feeds 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "featured-images-for-rss-feeds 1.5.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "form-to-chat 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flx-dashboard-groups No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "floating-div No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "forcefield 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "forcefield 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "forge No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "formassembly-web-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "formassembly-web-forms 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "find-and-replace-all No.known.fix Arbitrary.Replacement.via.CSRF HIGH" "find-and-replace-all 1.3 Reflected.Cross.Site.Scripting MEDIUM" "feature-comments 1.2.5 wp-admin/admin-ajax.php.Comment.Status.Manipulation.CSRF MEDIUM" "flexible-faqs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "flexible-faqs 0.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "first-order-discount-woocommerce 1.22 Discount.Update.via.CSRF MEDIUM" "ftp-access No.known.fix Subscriber+.Stored.XSS HIGH" "fast-image-adder No.known.fix Unauthenticated.Remote.File.Upload CRITICAL" "fg-prestashop-to-woocommerce 4.47.0 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "forms-to-sendinblue No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fm-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "formilla-live-chat 1.3.1 Admin+.Stored.XSS LOW" "facebook-likebox-widget-and-shortcode 1.2.1 Admin+.Stored.XSS LOW" "flog No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "fluid-responsive-slideshow 2.2.7 CSRF.&.XSS HIGH" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "faq-for-woocommerce 1.6.4 WooCommerce.Product.FAQ.<.1.6.4.-.Reflected.Cross-Site.Scripting MEDIUM" "faq-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "free-facebook-reviews-and-recommendations-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "flashfader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "funnel-builder-pro 3.5.0 Funnel.Kit.Funnel.Builder.PRO.<.3,5,0.Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.allow_iframe_tag_in_post MEDIUM" "forms-for-divi 8.1.3 Reflected.Cross-Site.Scripting MEDIUM" "fancier-author-box No.known.fix Admin+.Stored.XSS LOW" "favicon-my-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "f4-tree 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.15 Reflected.Cross-Site.Scripting MEDIUM" "f4-tree 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "fossura-tag-miner 1.1.5 Cross-Site.Request.Forgery.(CSRF).&.XSS HIGH" "find-my-blocks 3.4.0 Private.Post.Titles.Disclosure MEDIUM" "facebook-page-feed-graph-api 1.9.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "full-circle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "free-stock-photos-foter No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "floating-social-bar 1.1.7 Cross-Site.Scripting.(XSS) MEDIUM" "forty-four No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "fastdup 2.2 Directory.Listing.to.Account.Takeover.and.Sensitive.Data.Exposure HIGH" "fastdup 2.1.8 Sensitive.Information.Exposure.via.Log.File MEDIUM" "food-and-drink-menu 2.4.17 Missing.Authorization.to.Menu.Creation MEDIUM" "food-and-drink-menu 2.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "food-and-drink-menu 2.4.11 Unauthenticated.PHP.Object.Injection HIGH" "food-and-drink-menu 2.4.7 .Cross-Site.Request.Forgery MEDIUM" "food-and-drink-menu 2.2.1 Unauthenticated.PHP.Object.Injection HIGH" "fullworks-firewall No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullworks-firewall No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "float-block No.known.fix Admin+.Stored.XSS.via.Widget LOW" "flexi-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "frontier-post No.known.fix Cross-Site.Request.Forgery MEDIUM" "fg-joomla-to-wordpress 4.21.0 Sensitive.Information.Exposure MEDIUM" "floating-social-buttons No.known.fix Cross-Site.Request.Forgery MEDIUM" "fonto 1.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "forms-for-campaign-monitor 2.8.16 Unauthenticated.Full.Path.Disclosure MEDIUM" "forms-for-campaign-monitor 2.8.14 Reflected.Cross-Site.Scripting HIGH" "fast-tube No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fast-tube No.known.fix Reflected.XSS HIGH" "fluent-support 1.8.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "fluent-support 1.8.1 Insufficient.Authorization.on.Email.Verification MEDIUM" "fluent-support 1.8.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "fluent-support 1.7.7 Authenticated(Administrator+).SQL.Injection MEDIUM" "fluent-support 1.5.8 Admin+.SQLi MEDIUM" "freshdesk-support 2.4.0 Open.Redirect MEDIUM" "freshdesk-support 1.8 Open.Redirect MEDIUM" "falang 1.3.53 Missing.Authorization.to.Translation.Update.and.Information.Exposure MEDIUM" "falang 1.3.52 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.50 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "falang 1.3.48 Authenticated.(Administrator+).SQL.Injection HIGH" "falang 1.3.40 Cross-Site.Request.Forgery MEDIUM" "falang 1.3.18 Reflected.Cross-Site.Scripting HIGH" "flamix-bitrix24-and-contact-forms-7-integrations 3.2.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "fv-wordpress-flowplayer 7.5.48.7212 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "fv-wordpress-flowplayer 7.5.47.7212 Authenticated.(Subscriber+).SQL.Injection.via.exclude.Parameter HIGH" "fv-wordpress-flowplayer 7.5.46.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Subscriber+).Server-side.Request.Forgery MEDIUM" "fv-wordpress-flowplayer 7.5.45.7212 Authenticated.(Contributor+).Arbitrary.Redirect MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Reflected.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.44.7212 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.39.7212 Insufficient.Input.Validation.to.Unauthenticated.Stored.Cross-Site.Scripting.and.Arbitrary.Usermeta.Update MEDIUM" "fv-wordpress-flowplayer 7.5.35.7212 Reflected.XSS HIGH" "fv-wordpress-flowplayer 7.5.31.7212 Settings.Toggle.via.CSRF MEDIUM" "fv-wordpress-flowplayer 7.5.19.727 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "fv-wordpress-flowplayer 7.5.18.727 Author+.SQLi HIGH" "fv-wordpress-flowplayer 7.5.3.727 Reflected.Cross-Site.Scripting HIGH" "fv-wordpress-flowplayer 7.4.38.727 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "fv-wordpress-flowplayer 7.3.19.727 SQL.Injection CRITICAL" "fv-wordpress-flowplayer 7.3.15.727 CSV.Export CRITICAL" "fv-wordpress-flowplayer 7.3.15.727 SQL.Injection MEDIUM" "fv-wordpress-flowplayer 7.3.14.727 Unauthenticated.Stored.XSS MEDIUM" "fwdmsp 8.0 Unauthenticated.Arbitrary.File.Read/Download HIGH" "gallery-for-ultimate-member 1.1.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "gallery-for-ultimate-member 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "gallery-for-ultimate-member 1.1.1 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "google-analytics-opt-out 2.3.5 Admin+.Stored.XSS LOW" "gift-up 2.22 Settings.Update.via.CSRF MEDIUM" "gift-up 2.20.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gou-wc-account-tabs 1.0.1.9 Missing.Authorization MEDIUM" "g-business-reviews-rating 5.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gosign-posts-slider-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "global-meta-keyword-and-description No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gtg-advanced-blocks No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gravitate-qa-tracker No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "google-captcha 1.79 CAPTCHA.Bypass MEDIUM" "google-captcha 1.28 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "giga-messenger-bots No.known.fix Reflected.XSS HIGH" "googledrive-folder-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "global-notification-bar No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gseor No.known.fix Authenticated.SQL.Injection MEDIUM" "getyourguide-ticketing 1.0.4 Admin+.Stored.XSS LOW" "gf-zendesk 1.0.8 Reflected.Cross-Site.Scripting HIGH" "graceful-email-obfuscation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-map-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goodlayers-core 2.1.3 Subscriber+.Stored.XSS.via.SVG.Upload HIGH" "goodlayers-core 2.0.10 Contributor+.Stored.XSS MEDIUM" "goodlayers-core 2.0.8 Reflected.Cross-Site.Scripting.via.'font-family' MEDIUM" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "generate-pdf-using-contact-form-7 4.1.3 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "generate-pdf-using-contact-form-7 3.6 Admin+.Stored.Cross-Site.Scripting LOW" "generic-elements-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gf-salesforce-crmperks 1.2.6 Reflected.Cross-Site.Scripting HIGH" "gf-excel-import 1.18.1 Reflected.Cross-Site.Scripting HIGH" "gsheetconnector-ninja-forms-pro 1.5.2 Reflected.XSS HIGH" "gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce 4.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "googl-url-shorter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-places-reviews 2.0.0 Admin+.Stored.Cross.Site.Scripting LOW" "google-map-on-postpage No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "generate-dummy-posts No.known.fix Missing.Authorization MEDIUM" "gourl-bitcoin-payment-gateway-paid-downloads-membership 1.4.14 Shell.Upload HIGH" "gf-freshdesk 1.2.9 Reflected.Cross-Site.Scripting HIGH" "gt3-photo-video-gallery 2.7.7.25 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.25.-.Reflected.Cross-Site.Scripting MEDIUM" "gt3-photo-video-gallery 2.7.7.22 GT3.Image.Gallery.&.Gutenberg.Block.Gallery.<.2.7.7.22.-.Authenticated.(Author+).Cross-Site.Scripting MEDIUM" "gg-woo-feed 1.2.7 Missing.Authorization MEDIUM" "gg-woo-feed No.known.fix Unauthenticated.Settings.Update MEDIUM" "gallery-photo-gallery 5.7.1 Administrator+.HTML.Injection MEDIUM" "gallery-photo-gallery 5.5.3 Reflected.Cross-Site.Scripting MEDIUM" "gallery-photo-gallery 5.2.7 CSRF MEDIUM" "gallery-photo-gallery 5.1.4 Reflected.XSS HIGH" "gallery-photo-gallery 5.1.7 Reflected.XSS MEDIUM" "gallery-photo-gallery 4.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "gallery-photo-gallery 4.4.4 Responsive.Image.Gallery.<.4.4.4.-.Authenticated.Blind.SQL.Injections HIGH" "gallery-photo-gallery 1.0.1 SQL.Injection CRITICAL" "g-meta-keywords No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gboy-custom-google-map No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "gallery-from-files No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gallery-from-files No.known.fix Unauthenticated.RCE CRITICAL" "gutenverse 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenverse 1.9.1 Contributor+.Stored.XSS MEDIUM" "guestofy-restaurant-reservations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guestofy-restaurant-reservations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "graphcomment-comment-system 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "gs-pinterest-portfolio 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-pinterest-portfolio 1.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shorcode MEDIUM" "gs-pinterest-portfolio 1.8.1 Missing.Authorization.via._update_shortcode MEDIUM" "gs-behance-portfolio 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-sms-notifications 2.4.0 Cross-Site.Scripting.(XSS) MEDIUM" "gpx-viewer 2.2.12 Editor+.Path.Traversal LOW" "gpx-viewer 2.2.10 Subscriber+.Arbitrary.File.Creation HIGH" "grand-media 1.20.0 Admin+.Stored.Cross-Site.Scripting LOW" "grand-media 1.18.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "goqsmile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-bank 4.0.19 Reflected.Cross-Site.Scripting MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Gallery.Description MEDIUM" "gallery-bank No.known.fix Author+.Stored.XSS.via.Media.Upload.Module MEDIUM" "gallery-bank 3.0.330 Authenticated.Blind.SQL.Injection MEDIUM" "google-maps-widget 4.25 Admin+.Stored.XSS LOW" "gAppointments No.known.fix Admin+.Stored.XSS LOW" "gAppointments 1.10.0 Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.2.0 Multiple.Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "grid-kit-premium 2.1.2 Reflected.Cross-Site.Scripting HIGH" "google-plus-share-and-plusone-button No.known.fix Cross-Site.Request.Forgery MEDIUM" "google-analytics-for-wordpress 8.22.0 Missing.Authorization MEDIUM" "google-analytics-for-wordpress 8.14.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.12.1 Contributor+.Stored.XSS MEDIUM" "google-analytics-for-wordpress 8.9.1 Stored.Cross-Site.Scripting.via.Google.Analytics MEDIUM" "greencon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goods-catalog No.known.fix Contributor+.Stored.XSS MEDIUM" "gf-dynamics-crm 1.0.8 Reflected.Cross-Site.Scripting HIGH" "genesis-simple-love No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gallery-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "globe-gateway-e4 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "gc-testimonials No.known.fix Contributor+.Stored.XSS MEDIUM" "go-viral No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "go-viral 1.8.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "google-distance-calculator 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gm-woo-product-list-widget No.known.fix Reflected.XSS HIGH" "goodlayers-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gamipress-button 1.0.8 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gf-constant-contact 1.0.6 Reflected.Cross-Site.Scripting HIGH" "google-document-embedder No.known.fix Authenticated.(Contributor+).Blind.Server.Side.Request.Forgery MEDIUM" "google-document-embedder 2.6.2 CSRF.&.XSS MEDIUM" "google-document-embedder 2.6.1 XSS MEDIUM" "gp-unique-id 1.5.6 Unauthenticated.Form.Submission.Unique.ID.Modification LOW" "go-fetch-jobs-jobengine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "go-fetch-jobs-jobengine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gf-insightly 1.0.7 Reflected.Cross-Site.Scripting HIGH" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.9.4 Admin+.Stored.XSS LOW" "gmap-embed 1.8.4 Arbitrary.Post.Deletion.and.Plugin's.Settings.Update.via.CSRF MEDIUM" "gmap-embed 1.8.1 Subscriber+.Map.Creation/Update/Deletion MEDIUM" "gmap-embed 1.8.1 Subscriber+.Arbitrary.Post.Deletion.and.Plugin's.Settings.Update MEDIUM" "gmap-embed 1.7.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "grey-owl-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-site-kit 1.8.0 Privilege.Escalation.to.gain.Search.Console.Access CRITICAL" "gaxx-keywords No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting HIGH" "gap-hub-user-role No.known.fix Cross-Site.Request.Forgery MEDIUM" "gd-security-headers 1.7.1 Admin+.SQLi MEDIUM" "gd-security-headers 1.7 Reflected.XSS HIGH" "gdpr-consent-manager 1.0.1 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "good-bad-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "googleanalytics 3.2.2 Missing.Authorization.to.Unauthenticated.Feature.Deactivation MEDIUM" "googleanalytics 2.5.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "guten-post-layout 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "giveaway No.known.fix Authenticated.SQL.Injection HIGH" "g-auto-hyperlink No.known.fix Admin+.SQL.Injection MEDIUM" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.9 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.9 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.15.7 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-cookie-compliance 4.15.7 Admin+.Stored.XSS LOW" "gdpr-cookie-compliance 4.12.5 License.Update/Deactivation.via.CSRF MEDIUM" "galleria No.known.fix Cross-Site.Request.Forgery MEDIUM" "gianism 5.2.1 Admin+.Stored.XSS LOW" "gtbabel 6.6.9 Unauthenticated.Admin.Account.Takeover HIGH" "gdpr-data-request-form 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "great-quotes No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gumlet-video 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gamipress-link 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-pagespeed-insights 4.0.7 Multiple.CSRF MEDIUM" "google-pagespeed-insights 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "google-analytics-dashboard-for-wp 8.2.0 Missing.Authorization MEDIUM" "google-analytics-dashboard-for-wp 7.14.2 Contributor+.Stored.XSS MEDIUM" "google-analytics-dashboard-for-wp 7.12.1 Contributor+.Stored.XSS MEDIUM" "giphypress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutenium No.known.fix Contributor+.Stored.XSS MEDIUM" "gn-publisher 1.5.6 Reflected.XSS HIGH" "goal-tracker-ga 1.0.11 Reflected.Cross-Site.Scripting MEDIUM" "greenshiftquery 3.9.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "goauth No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goauth 2.20 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gd-mylist No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gravity-file-ajax-upload-free No.known.fix Arbitrary.File.Upload CRITICAL" "gs-coach 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-gravity-forms 1.3.5 Access.Code.Update.via.CSRF MEDIUM" "gracemedia-media-player No.known.fix Local.File.Inclusion.(LFI) CRITICAL" "gallery-plugin 4.7.4 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "gallery-plugin 4.7.0 Author+.SQL.Injection MEDIUM" "gallery-plugin 4.7.0 Author+.Stored.Cross-Site.Scripting MEDIUM" "gallery-plugin 4.5.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "geoportail-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geoportail-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "glomex-oembed 0.9.2 Contributor+.Stored.XSS MEDIUM" "get-post-content-shortcode No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.post_content.Shortcode MEDIUM" "gregs-high-performance-seo 1.6.2 Reflected.XSS MEDIUM" "geo-targetly-geo-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "global-gallery 9.1.6 WordPress.Responsive.Gallery.<.9.1.6.-.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "game-server-status No.known.fix Admin+.SQL.Injection MEDIUM" "game-server-status No.known.fix Contributor+.SQL.Injection HIGH" "game-server-status No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_delete_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_unset_default_card MEDIUM" "gestpay-for-woocommerce 20240307 Cross-Site.Request.Forgery.(CSRF).via.ajax_set_default_card MEDIUM" "gf-multi-uploader No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "get-directions 2.16.2 Reflected.Cross-Site.Scripting MEDIUM" "get-directions 2.15.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gtpayment-donation No.known.fix Stored.XSS.via.CSRF HIGH" "goftino 1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "gs-woo-variation-swatches 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "guruwalk-affiliates No.known.fix Admin+.Stored.XSS LOW" "gd-bbpress-attachments 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "gd-bbpress-attachments 4.4 Admin+.Stored.XSS LOW" "goodlms 2.1.5 Unauthenticated.SQL.Injection CRITICAL" "gdpr-cookie-consent 3.6.6 Missing.Authorization.to.Authenticated.(Subscriber+).Whitelist.Script MEDIUM" "gdpr-cookie-consent 3.3.0 Unauthenticated.Stored.Cross-Site.Scripting.via.Client-IP.header HIGH" "gdpr-cookie-consent 3.1.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "gift-message-for-woocommerce 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "gift-message-for-woocommerce 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geocache-stat-bar-widget No.known.fix Admin+.Stored.XSS LOW" "gf-hubspot 1.0.9 Reflected.Cross-Site.Scripting HIGH" "gallery-factory-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "gold-price-chart-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "graph-lite No.known.fix Missing.Authorization MEDIUM" "garden-gnome-package 2.4.0 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "garden-gnome-package 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "garden-gnome-package 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "google-news-sitemap No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "grid-plus No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution.via.grid_plus_load_by_category HIGH" "grid-plus 1.3.3 Subscriber+.Grid.Layout.Creation/Deletion/Update MEDIUM" "grid-plus 1.3.4 Subscriber+.Local.File.Inclusion MEDIUM" "grid-plus 1.3.5 Reflected.XSS HIGH" "good-url-preview-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gumroad No.known.fix Contributor+.Stored.XSS MEDIUM" "gallery-videos 2.4.3 Authenticated.(Administrator+).SQL.Injection HIGH" "gallery-videos 2.4.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-videos 2.2.6 Admin+.SQLi MEDIUM" "gallery-videos 1.7.7 Admin+.Stored.XSS LOW" "global-income-stats-from-freemius No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "global-income-stats-from-freemius No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "global-income-stats-from-freemius No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "guest-author 2.4 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "guest-author 2.4 Contributor+.Stored.XSS MEDIUM" "gym-management 67.2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gym-management 67.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "genoo 6.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-by-supsystic 1.15.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gallery-by-supsystic 1.15.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Arbitrary.Image.Adding.via.CSRF MEDIUM" "gallery-by-supsystic 1.8.6 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "googmonify No.known.fix CSRF.&.XSS MEDIUM" "greek-namedays-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "gallery-album No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-album No.known.fix Unauthenticated.Stored.XSS HIGH" "gallery-album No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "gallery-album No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "gallery-album 2.0.2 Reflected.XSS HIGH" "gallery-album 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "gallery-album 1.2.1 Admin+.SQLi MEDIUM" "greenshift-animation-and-page-builder-blocks 10.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 9.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Server-Side.Request.Forgery.and.Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 9.9.9.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "greenshift-animation-and-page-builder-blocks 9.8 Missing.Authorization MEDIUM" "greenshift-animation-and-page-builder-blocks 9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 8.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 7.6.3 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "greenshift-animation-and-page-builder-blocks 4.3 Reflected.Cross-Site.Scripting MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0.0 Author+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 5.0 Contributor+.Stored.XSS MEDIUM" "greenshift-animation-and-page-builder-blocks 4.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "greenshift-animation-and-page-builder-blocks 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gift-cards-for-woocommerce-pro 2.9.2 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "gs-woo-brands 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "glossary-by-codeat 2.2.27 Unauthenticated.Full.Path.Disclosure MEDIUM" "glossary-by-codeat 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "glossary-by-codeat 2.1.28 Contributor+.Stored.XSS MEDIUM" "glossary-by-codeat 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gs-instagram-portfolio No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Injection MEDIUM" "gs-instagram-portfolio 1.4.5 Contributor+.Stored.XSS MEDIUM" "glofox-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goon-plugin-control 1.2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "goon-plugin-control 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "getresponse 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "gestion-pymes No.known.fix Admin+.Stored.XSS LOW" "graphina-elementor-charts-and-graphs 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "graphina-elementor-charts-and-graphs 1.8.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "googlemapper-2 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gs-books-showcase 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-books-showcase 1.3.1 Contributor+.Stored.XSS MEDIUM" "git-sync No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "gf-zoho 1.1.6 Reflected.Cross-Site.Scripting HIGH" "go-sphinx No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gs-woocommerce-products-slider 1.5.9 Contributor+.Stored.XSS MEDIUM" "gallery-images 2.0.6 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "glorious-services-support 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "glorious-services-support 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "guten-free-options No.known.fix Reflected.XSS HIGH" "guten-free-options No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "genki-announcement No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gd-mail-queue 4.4 CVE-2025-24608 MEDIUM" "gd-mail-queue 4.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "goolytics-simple-google-analytics 1.1.2 Simple.Google.Analytics.<.1.1.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "grid-view-gallery No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "google-shortlink 1.5.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "geo-request No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-request No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "greenshiftwoo 1.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "gotmls 4.23.56 Unauthenticated.Remote.Code.Execution CRITICAL" "gotmls 4.21.83 Reflected.Cross-Site.Scripting MEDIUM" "gotmls 4.20.96 Reflected.Cross-Site.Scripting LOW" "gotmls 4.20.94 Admin+.Reflected.Cross-Site.Scripting LOW" "geotagged-media No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "geotagged-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "godaddy-email-marketing-sign-up-forms 1.1.4 Cross-Site.Request.Forgery.(CSRF) HIGH" "gwp-histats No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-portfolio 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-portfolio 1.6.1 Contributor+.Stored.XSS MEDIUM" "gtmetrix-for-wordpress 0.4.8 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "gtmetrix-for-wordpress 0.4.6 Reflected.Cross-Site.Scripting HIGH" "gtmetrix-for-wordpress 0.4.6 Reflected.XSS HIGH" "gmap-point-list No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "go-dash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gdreseller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gdreseller No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-org-chart No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-compliance-cookie-consent 1.3 CSRF MEDIUM" "getresponse-integration No.known.fix Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.32 Contributor+.Stored.XSS MEDIUM" "getresponse-integration 5.5.21 API.Key.Update.via.CSRF MEDIUM" "google-language-translator 6.0.12 Google.Language.Translator.<.6.0.12.-.Admin+.Stored.Cross-Site.Scripting LOW" "google-language-translator 6.0.10 Authenticated.Cross-Site.Scripting.(XSS) LOW" "google-language-translator 6.0.10 Authenticated.(author+).Cross-Site.Scripting.(XSS) MEDIUM" "google-language-translator 5.0.06 XSS MEDIUM" "gallery-and-lightbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gps-plotter No.known.fix Admin+.Stored.XSS LOW" "gs-envato-portfolio 1.4.0 Contributor+.Stored.XSS MEDIUM" "geounit-maps 0.0.7 Reflected.Cross-Site.Scripting MEDIUM" "google-map-shortcode No.known.fix Settings.Update.via.CSRF MEDIUM" "google-map-shortcode No.known.fix Reflected.XSS HIGH" "google-map-shortcode No.known.fix Contributor+.Stored.XSS HIGH" "google-maps-travel-route No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "geodirectory 2.8.98 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Display_name.Parameter MEDIUM" "geodirectory 2.3.85 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geodirectory 2.3.71 Missing.Authorization.via.geodirectory_rated() MEDIUM" "geodirectory 2.3.62 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "geodirectory 2.3.49 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'gd_single_tabs'.Shortcode MEDIUM" "geodirectory 2.3.29 Authenticated(Administrator+).SQL.Injection MEDIUM" "geodirectory 2.3.29 Authenticated.(Administrator+).SQL.Injection.via.orderby HIGH" "geodirectory 2.2.24 Admin+.SQLi MEDIUM" "geodirectory 2.2.22 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "geodirectory 2.1.1.3 Authenticated.(admin+).Stored.Cross-Site.Scripting.(XSS) MEDIUM" "google-apps-login 3.4.5 Admin+.Stored.XSS LOW" "gdy-modular-content 0.9.93 Reflected.Cross-Site.Scripting MEDIUM" "google-docs-rsvp-guestlist No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "good-reviews-wp 2.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Review.URL MEDIUM" "golf-tracker No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "ganohrs-toggle-shortcode 0.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "get-a-quote-button-for-woocommerce 1.5 Unauthenticated.Arbitrary.Shortcode.Execution.via.fire_contact_form HIGH" "google-cse No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "google-cse No.known.fix Admin+.Stored.XSS LOW" "gloria-assistant-by-webtronic-labs No.known.fix Cross-Site.Request.Forgery MEDIUM" "gsheetconnector-gravityforms-pro 4.3.6 Access.Code.Update.via.CSRF MEDIUM" "greenwallet-gateway 1.0.2 Reflected.Cross.Site.Scripting.in.checkout.page MEDIUM" "google-sitemap-plugin 3.0.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "google-adsense-and-hotel-booking No.known.fix Open.Proxy CRITICAL" "green-wp-telegram-bot-by-teplitsa No.known.fix Telegram.Bot.for.WP.<=.1.3.-.Telegram.Bot.Token.Disclosure HIGH" "glance-that No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gmo-social-connection No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "google-mobile-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "groundhogg 3.7.3.6 Authenticated.(Author+).Arbitrary.File.Upload.via.gh_big_file_upload.Function HIGH" "groundhogg 3.7.3.4 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "groundhogg 3.4.3 Cross-Site.Request.Forgery MEDIUM" "groundhogg 2.7.11.11 Admin+.Stored.XSS LOW" "groundhogg 2.7.11.1 Admin+.SQLi MEDIUM" "groundhogg 2.7.11.1 CSRF MEDIUM" "groundhogg 2.7.10 Contributor+.Stored.XSS MEDIUM" "groundhogg 2.7.10 Privilege.Escalation.via.CSRF HIGH" "groundhogg 2.7.10 Disable.All.Plugins.via.CSRF MEDIUM" "groundhogg 2.7.10 Ticket.Creation.via.CSRF MEDIUM" "groundhogg 2.7.10 Lack.of.Authorization.for.Non-Arbitrary.File.upload MEDIUM" "groundhogg 2.7.9.4 Admin+.SQLi MEDIUM" "groundhogg 2.0.9.11 Authenticated.Reflected.XSS HIGH" "gwa-autoresponder No.known.fix Unauthenticated.SQL.Injection HIGH" "google-sitemap-generator 4.1.3 Admin+.Stored.Cross-Site.Scripting LOW" "google-sitemap-generator 4.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gwyns-imagemap-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-with-thumbnail-slider 6.1 Contributor+.Stored.XSS MEDIUM" "gallery-styles 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-my-wp 4.5.1 Missing.Authorization.via.get_field_options_ajax MEDIUM" "geo-my-wp 4.5 Admin+.Arbitrary.File.Upload MEDIUM" "geo-my-wp 4.5.0.4 Reflected.Cross-Site.Scripting MEDIUM" "geo-my-wp 4.5.0.2 Unauthenticated.LFI.to.RCE/PHAR.Deserialization CRITICAL" "geo-my-wp 4.2 Cross-Site.Request.Forgery MEDIUM" "geo-my-wp 4.0.3 Authenticated(Administrator+).SQL.Injection MEDIUM" "geo-my-wp 4.0.1 Contributor+.Stored.XSS MEDIUM" "gift-certificate-creator 1.1 Stored.XSS MEDIUM" "giveasap 2.46.1 CSRF MEDIUM" "giveasap 2.46.1 Reflected.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.Cross-Site.Scripting LOW" "giveasap 2.45.1 Admin+.Stored.XSS LOW" "giveasap 2.45.1 Editor+.Stored.Cross-Site.Scripting MEDIUM" "giveasap 2.42.1 Unauthorised.AJAX.Calls.via.Freemius HIGH" "giveasap 2.36.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "gatormail-smart-forms 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gnu-mailman-integration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-image-sitemap No.known.fix Map.generation.through.CSRF MEDIUM" "group-category-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glorious-sites-installer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "glorious-sites-installer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gf-infusionsoft 1.1.5 Reflected.Cross-Site.Scripting HIGH" "google-typography No.known.fix Missing.Authorization MEDIUM" "gixaw-chat No.known.fix Stored.XSS.via.CSRF HIGH" "gdpr-framework 2.2.0 Admin+.Stored.XSS LOW" "gotowp No.known.fix Contributor+.Stored.XSS MEDIUM" "gfirem-action-after No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-action-after No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "goldstar No.known.fix Missing.Authorization MEDIUM" "gold-addons-for-elementor No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).License.Activation/Deactivation MEDIUM" "gold-addons-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "get-bookings-wp No.known.fix Appointments.&.Bookings.Plugin.Basic.Version.<=.1.1.27.-.Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "google-maps-v3-shortcode No.known.fix Contributor+.XSS MEDIUM" "gradient-text-widget-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gamipress-vimeo-integration 1.0.9 Contributor+.Stored.XSS MEDIUM" "gocodes No.known.fix Authenticated.XSS.&.Blind.SQL.Injection HIGH" "gwolle-gb 4.7.2 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "gwolle-gb 2.5.4 Cross-Site.Scripting.(XSS) MEDIUM" "gwolle-gb 2.1.1 Cross-Site.Request.Forgery.(CSRF) CRITICAL" "gravatarlocalcache No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "genie-wp-favicon No.known.fix Arbitrary.Favicon.Change.via.CSRF MEDIUM" "global-elementor-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.button.link MEDIUM" "gsheetconnector-wpforms 3.4.6 Reflected.XSS HIGH" "gantry No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-picasa-albums-viewer 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "gtranslate 3.0.4 Admin+.Stored.XSS LOW" "gtranslate 2.9.9 CSRF.to.Account.Takeover HIGH" "gtranslate 2.9.7 Reflected.Cross-Site.Scripting LOW" "gtranslate 2.8.65 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "gtranslate 2.8.52 Unauthenticated.Reflected.Cross.Site.Scripting.(XSS) MEDIUM" "gallery-lightbox-slider 1.0.0.41 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-advanced No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "gfirem-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-advance-search No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "google-maps-anywhere No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "gsheetconnector-caldera-forms 1.3 Access.Code.Update.via.CSRF MEDIUM" "gravityforms 2.9.2 Unauthenticated.Stored.Cross-Site.Scripting.via.'alt'.parameter HIGH" "gravityforms 2.9.2 2.9.1.3.-.Unauthenticated.Stored.Cross-Site.Scripting.via.'style_settings'.parameter MEDIUM" "gravityforms 2.7.5 Reflected.XSS HIGH" "gravityforms 2.7.4 Unauthenticated.PHP.Object.Injection HIGH" "gravityforms 2.4.9 Hashed.Password.Leakage LOW" "gtm-server-side 2.1.20 Reflected.Cross-Site.Scripting MEDIUM" "google-transliteration No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gutenkit-blocks-addon 2.1.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "grid-shortcodes 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "grid-shortcodes 1.1.1 Contributor+.Stored.XSS MEDIUM" "gplus-comments No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-wpforms-pro 2.5.7 Reflected.XSS HIGH" "gum-elementor-addon 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.6 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "gum-elementor-addon 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Price.Table.and.Post.Slider.Widgets MEDIUM" "gum-elementor-addon 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta.Widget MEDIUM" "genesis-columns-advanced 2.0.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "genesis-blocks 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sharing.Block.Attributes MEDIUM" "genesis-blocks 3.1.4 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "genesis-blocks 3.1.3 Contributor+.Stored.XSS MEDIUM" "gp-premium 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "gamipress-reset-user 1.0.1 Reset.User.<=.1.0.0.-.GamiPress.User.Data.Removal.via.CSRF MEDIUM" "gmace No.known.fix Arbitrary.File.Creation/Deletion/Update.via.CSRF HIGH" "gmace No.known.fix Admin+.Path.Traversal MEDIUM" "gwebpro-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gwebpro-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "giveaway-boost No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "gmb-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_do_shortcode().Function HIGH" "gamipress 7.2.2 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_ajax_get_logs.Function HIGH" "gamipress 7.2.2 Unauthenticated.SQL.Injection.via.orderby.Parameter HIGH" "gamipress 7.1.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.gamipress_get_user_earnings HIGH" "gamipress 6.8.9 Broken.Access.Control LOW" "gamipress 6.8.6 Cross-Site.Request.Forgery MEDIUM" "gamipress 6.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "gamipress 6.8.7 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "gamipress 2.5.7.1 Unauthenticated.SQLi HIGH" "gallery-images-ape No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallery-images-ape No.known.fix Contributor+.Stored.XSS MEDIUM" "gallery-metabox No.known.fix Subscriber+.Unauthorized.Data.Access MEDIUM" "gallery-metabox No.known.fix Gallery.Removal.via.CSRF MEDIUM" "gs-facebook-comments 1.7.4 Missing.Authorization.via.wpfc_allow_comments() MEDIUM" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection LOW" "google-analyticator 6.5.6 Admin+.PHP.Object.Injection MEDIUM" "google-analyticator 6.4.9.6 Multiple.Cross-Site.Scripting.(XSS) HIGH" "google-analyticator 6.4.9.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "goanimate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "giveaways-contests-by-promosimple No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-for-elementor-forms-pro 1.0.5 Reflected.XSS HIGH" "gravity-forms-sticky-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gravity-forms-sticky-list No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravity-forms-sticky-list No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "greeklish-permalink 3.5 Unauthenticated.Post.Slug.Update MEDIUM" "giveaways-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "giveaways-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "gsearch-plus No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "geoflickr 1.4 Reflected.Cross-Site.Scripting MEDIUM" "gnucommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gnucommerce 1.4.2 XSS MEDIUM" "gnucommerce 0.5.7-beta XSS MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_ai_forms HIGH" "gpt3-ai-content-generator 1.8.97 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "gpt3-ai-content-generator 1.8.97 Authenticated.(Admin+).PHP.Object.Injection.via.wpaicg_export_prompts HIGH" "gpt3-ai-content-generator 1.8.90 Unauthenticated.Arbitrary.File.Upload CRITICAL" "gpt3-ai-content-generator 1.8.67 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.8.3 Missing.Authorization.to.Sensitive.Data.Exposure MEDIUM" "gpt3-ai-content-generator 1.8.13 Cross-Site.Request.Forgery MEDIUM" "gpt3-ai-content-generator 1.7.38 Reflected.Cross-Site.Scripting MEDIUM" "gpt3-ai-content-generator 1.4.38 Subscriber+.Arbitrary.Post.Content.Update MEDIUM" "gulri-slider 3.5.9 Reflected.Cross-Site.Scripting MEDIUM" "gd-rating-system 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.extra_class.Parameter MEDIUM" "gd-rating-system 3.6.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "gd-rating-system 3.5.1 Unauthenticated.Stored.Cross-Site.Scripting.via.IP MEDIUM" "gd-rating-system 2.3.1 Multiple.Vulnerabilities HIGH" "gd-rating-system 2.1 XSS MEDIUM" "getwid 2.1.12 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "getwid 2.0.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "getwid 2.0.11 Missing.Authentication.to.MailChimp.API.key.update MEDIUM" "getwid 2.0.11 Missing.Authorization.to.Google.API.key.update MEDIUM" "getwid 2.0.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'Countdown' MEDIUM" "getwid 2.0.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Block.Content MEDIUM" "getwid 2.0.5 Missing.Authorization.to.Recaptcha.API.Key.Modification MEDIUM" "getwid 2.0.5 Captcha.Bypass MEDIUM" "getwid 2.0.3 Unauthenticated.Arbitrary.Email.Sending.to.Admin MEDIUM" "getwid 1.8.4 Subscriber+.SSRF MEDIUM" "glossy No.known.fix Reflected.XSS HIGH" "genesis-style-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gallery-image-gallery-photo 1.1.6 Grid.Gallery.<.1.1.6.-.Admin+.Stored.Cross-Site.Scripting LOW" "global-multisite-search No.known.fix CSRF.Bypass MEDIUM" "geodigs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gigpress No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "gigpress No.known.fix Subscriber+.SQLi HIGH" "gigpress 2.3.28 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "gigpress 2.3.11 Authenticated.XSS.&.Blind.SQLi HIGH" "gecka-terms-thumbnails No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "get-your-number No.known.fix Admin+.Stored.XSS LOW" "gf-custom-style No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "google-calendar-events 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "google-calendar-events 3.2.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "google-calendar-events 3.2.5 Cross-Site.Request.Forgery.via.duplicate_feed MEDIUM" "google-calendar-events 3.2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "gutensee 1.0.7 Contributor+.Stored.XSS MEDIUM" "gyta-buyback 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "gyta-buyback 1.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gravity-forms-multiple-form-instances 1.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "give 3.22.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Earning.Reports.Disclosure.via.give_reports_earnings.Function MEDIUM" "give 3.20.0 Unauthenticated.PHP.Object.Injection CRITICAL" "give 3.19.3 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.4 Unauthenticated.PHP.Object.Injection HIGH" "give 3.19.0 Reflected.XSS HIGH" "give 3.16.4 Unauthenticated.PHP.Object.Injection.to.Remote.Code.Execution CRITICAL" "give 3.16.2 Unauthenticated.PHP.Object.Injection CRITICAL" "give 3.16.2 Authenticated.(GiveWP.Manager+).SQL.Injection.via.order.Parameter MEDIUM" "give 3.16.0 Cross-Site.Request.Forgery MEDIUM" "give 3.16.0 Unauthenticated.Full.Path.Disclosure MEDIUM" "give 3.14.0 Missing.Authorization.to.Limited.Information.Exposure MEDIUM" "give 3.14.2 Unauthenticated.PHP.Object.Injection.to.RCE CRITICAL" "give 3.14.2 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.File.Deletion MEDIUM" "give 3.14.0 Missing.Authorization.to.Unauthenticated.Event.Settings.Update MEDIUM" "give 3.14.0 Insecure.Direct.Object.Reference.to.Authenticated.(GiveWP.Worker+).Arbitrary.Post.Actions MEDIUM" "give 3.12.1 Reflected.Cross-Site.Scripting MEDIUM" "give 3.11.0 Contributor+.Stored.XSS MEDIUM" "give 3.5.0 Authenticated.(GiveWP.Manager+).PHP.Object.Injection HIGH" "give 3.7.0 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "give 3.6.0 Contributor+.Stored.XSS MEDIUM" "give 3.4.0 Reflected.Cross-Site.Scripting HIGH" "give 3.3.0 Contributor+.Stored.XSS MEDIUM" "give 2.33.2 Missing.Authorization.via.handleBeforeGateway MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.deactivation MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.plugin.installation MEDIUM" "give 2.33.4 Cross-Site.Request.Forgery.to.Stripe.Integration.Deletion MEDIUM" "give 2.33.1 Donation.Plugin.<.2.33.1.-.Authenticated(Give.Manager+).Privilege.Escalation HIGH" "give 2.25.3 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Cross-Site.Request.Forgery MEDIUM" "give 2.25.2 Author+.Stored.Cross-Site.Scripting MEDIUM" "give 2.25.2 Contributor+.Arbitrary.Content.Deletion MEDIUM" "give 2.25.2 Contributor+.Stored.XSS MEDIUM" "give 2.25.2 Admin+.Server-Side.Request.Forgery MEDIUM" "give 2.24.0 Contributor+.Stored.XSS MEDIUM" "give 2.24.1 Unauthenticated.SQLi HIGH" "give 2.21.0 Manager+.Arbitrary.File.Creation.via.Export HIGH" "give 2.21.0 Manager+.Arbitrary.File.Access.via.Export MEDIUM" "give 2.21.3 Admin+.Stored.Cross-Site.Scripting LOW" "give 2.21.3 DoS.via.CSRF LOW" "give 2.21.0 Reflected.Cross-Site.Scripting MEDIUM" "give 2.21.0 Donor.Information.Disclosure MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Import.Tool MEDIUM" "give 2.17.3 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "give 2.17.3 Reflected.Cross-Site.Scripting.via.Donation.Forms.Dashboard HIGH" "give 2.12.0 Admin+.Stored.XSS MEDIUM" "give 2.10.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "give 2.10.0 Reflected.Cross.Site.Scripting.(XSS) HIGH" "give 2.5.10 Multiple.Issues HIGH" "give 2.5.5 Authentication.Bypass HIGH" "give 2.5.1 SQL.Injection CRITICAL" "give 2.4.7 Stored.XSS MEDIUM" "give 2.3.1 Cross-Site.Scripting.(XSS) MEDIUM" "google-analytics-top-posts-widget 1.5.7 Reflected.XSS MEDIUM" "gs-logo-slider 3.7.1 Settings.Update.via.Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.6.9 Admin+.Stored.XSS LOW" "gs-logo-slider 3.5.2 Cross-Site.Request.Forgery MEDIUM" "gs-logo-slider 3.3.8 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "gs-projects 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ga-for-wp 2.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ga-for-wp 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "generatepress-premium 2.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Meta MEDIUM" "gmap-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "get-post-custom-taxonomy-term-shortcode No.known.fix CSRF.Bypass NONE" "glass No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "google-visualization-charts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gsheetconnector-forminator 1.0.13 Reflected.XSS HIGH" "gallerio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gallerio No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "gravity-forms-toolbar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "globalquran No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "gfirem-fields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gfirem-fields No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gfirem-fields No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "google-listings-and-ads 2.8.7 Information.Disclosure.via.Publicly.Accessible.PHP.Info.File MEDIUM" "gettext-override-translations 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "grid-accordion-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-personal-data-reports No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutentor 3.4.7 Admin+.SQL.Injection MEDIUM" "gutentor 3.4.4 Contributor+.Stored.XSS MEDIUM" "gutentor 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "gutentor 3.3.6 Gutenberg.Blocks.-.Page.Builder.for.Gutenberg.Editor.<.3.3.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gutentor 3.3.6 Contributor+.Stored.XSS MEDIUM" "gutentor 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "google-one 1.3.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "gs-dribbble-portfolio 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "guild-armory-roster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "google-earth-tours No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ghactivity No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.geo_mashup_visible_posts_list.Shortcode MEDIUM" "geo-mashup 1.13.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.12 Reflected.Cross-Site.Scripting MEDIUM" "geo-mashup 1.13.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geo-mashup 1.10.4 Unspecified.Cross-Site.Scripting.(XSS) CRITICAL" "gerryworks-post-by-mail No.known.fix Contributor+.Privilege.Escalation HIGH" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "gm-woocommerce-quote-popup 3.1 Arbitrary.Enquiry.Deletion.via.CSRF MEDIUM" "gm-woocommerce-quote-popup 3.1 Admin+.Stored.XSS LOW" "gm-woocommerce-quote-popup 3.1 Cross-Site.Request.Forgery MEDIUM" "gm-woocommerce-quote-popup 3.1 Unauthenticated.Stored.XSS HIGH" "gm-woocommerce-quote-popup 3.2 Reflected.XSS HIGH" "guest-author-name 4.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gistpress 3.0.2 Authenticated.Stored.XSS MEDIUM" "graphicsly No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "google-maps-for-wordpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-wp-job-manager 1.8.4.5 Reflected.Cross-Site.Scripting MEDIUM" "go-fetch-jobs-wp-job-manager 1.7.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "genki-pre-publish-reminder No.known.fix Stored.XSS.&.RCE.via.CSRF HIGH" "gallery 2.2.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "gutenslider 5.10.2 Reflected.Cross-Site.Scripting MEDIUM" "gutenslider 5.7.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gutenslider 5.2.0 Contributor+.Stored.XSS MEDIUM" "gravity-forms-pdf-extended 6.3.1 Reflected.Cross-Site.Scripting MEDIUM" "glasses-for-woocommerce No.known.fix Reflected.Cross-Site.Scipting MEDIUM" "google-maps-gpx-viewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-easy-digital-downloads 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-easy-digital-downloads 1.6.6 Access.Code.Update.via.CSRF MEDIUM" "gsheetconnector-easy-digital-downloads 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "geodatasource-country-region-dropdown 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gdpr-compliance-by-supsystic No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "generate-child-theme 2.0.1 Cross-Site.Request.Forgery.via.process_create_form() MEDIUM" "generate-child-theme 1.6 Unauthorised.Plugin's.Setting.Change MEDIUM" "gift-voucher 4.5.0 Missing.Authorization.to.Unauthenticated.Price,.Date,.and.Note.Updates MEDIUM" "gift-voucher 4.4.5 Author+.Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "gift-voucher 4.4.1 Cross-Site.Request.Forgery MEDIUM" "gift-voucher 4.3.3 Subscriber+.SQLi HIGH" "gift-voucher 4.1.8 Unauthenticated.Blind.SQL.Injection HIGH" "gallery-voting 1.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "give-donation-modules-for-divi 2.0.1 Sensitive.Information.Dislcosure MEDIUM" "guardgiant No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "guardgiant 2.2.6 Admin+.SQLi MEDIUM" "generateblocks 2.0.0 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.'get_image_description' MEDIUM" "generateblocks 1.8.3 Contributor+.Arbitrary.Draft/Private.Post.Access LOW" "generateblocks 1.4.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "google-drive-wp-media No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "get-custom-field-values 4.1 Admin+.Stored.XSS LOW" "get-custom-field-values 4.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "get-custom-field-values 4.0 Contributors+.Arbitrary.Post.Metadata.Access MEDIUM" "goqmieruca No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gf-block-ips 1.0.2 Cross-Site.Request.Forgery MEDIUM" "geolocator No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "get-a-quote-for-woocommerce No.known.fix Unauthenticated.Quote.PDF.and.CSV.Download MEDIUM" "get-site-to-phone-by-qr-code No.known.fix Stored.XSS.via.CSRF MEDIUM" "good-old-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "google-map-professional No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "google-map-professional No.known.fix Reflected.XSS HIGH" "genealogical-tree 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "genealogical-tree 2.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gsheetconnector-for-elementor-forms 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-for-elementor-forms 1.0.7 Reflected.XSS HIGH" "get-cash 3.2 Reflected.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "google-maps-easy 1.11.12 Cross-Site.Request.Forgery MEDIUM" "google-maps-easy 1.11.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "google-maps-easy 1.10.1 Admin+.Stored.Cross-Site.Scripting LOW" "google-maps-easy 1.9.32 Reflected.Cross-Site.Scripting MEDIUM" "google-website-translator 1.4.14 Admin+.Stored.XSS LOW" "google-website-translator 1.4.14 Admin+.Stored.XSS LOW" "google-website-translator 1.4.12 Google.Website.Translator.<.1.4.12.-.Authenticated.(Admin+).PHP.Object.Injection CRITICAL" "gs-testimonial 3.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gs-testimonial 1.9.7 Contributor+.Stored.XSS MEDIUM" "gs-testimonial 1.9.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "gmaps-for-visual-composer-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "goodbarber 1.0.24 Settings.Update.via.CSRF MEDIUM" "gsheetconnector-ninja-forms 1.2.8 Reflected.Cross-Site.Scripting MEDIUM" "gsheetconnector-ninja-forms 1.2.7 Reflected.XSS HIGH" "gsheetconnector-ninja-forms 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gallery-categories 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "go-social No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "gs-team-members 2.2.4 Contributor+.Stored.XSS MEDIUM" "gs-team-members 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "gs-team-members 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gmw-premium-settings 3.1 Admin+.Arbitrary.File.Upload MEDIUM" "gamepress No.known.fix Reflected.Cross-Site.Scripting HIGH" "guest-author-affiliate 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "guest-author-affiliate 1.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "gdpr-compliance No.known.fix Authenticated.(Subscriber+).Information.Exposure MEDIUM" "gutenify 1.4.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ghost 1.5.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ghost 0.5.6 Unrestricted.Export.Download MEDIUM" "gutenberg 18.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Template.Part.Block MEDIUM" "gutenberg 18.01 18.0.0.-.Unauthenticated.&.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Avatar.Block MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS MEDIUM" "gutenberg 16.8.1 Contributor+.Stored.XSS.via.Navigation.Links.Block MEDIUM" "gutenberg 14.3.1 Multiple.Stored.XSS LOW" "gutenberg 12.7.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "gutenberg 12.7.2 Prototype.Pollution.via.Gutenberg’s.wordpress/url.package MEDIUM" "hide-links No.known.fix Unauthenticated.Shortcode.Execution MEDIUM" "hestia-nginx-cache 2.4.1 Missing.Authorization MEDIUM" "hungarian-pickup-points-for-woocommerce 1.9.0.3 Multiple.CSRF MEDIUM" "html5-mp3-player-with-mp3-folder-feedburner-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "host-analyticsjs-local 4.7.15 Unauthenticated.Settings.Update MEDIUM" "host-analyticsjs-local 4.1.9 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "horoscope-and-tarot 1.3.1 Contributor+.Stored.XSS MEDIUM" "hostel 1.1.5.3 Reflected.XSS HIGH" "hostel 1.1.5.4 Cross-Site.Request.Forgery MEDIUM" "hostel 1.1.5.2 Admin+.Stored.XSS LOW" "hostel 1.1.4 Unauthenticated.Stored.XSS MEDIUM" "helpdeskwp No.known.fix Editor+.Stored.XSS LOW" "help-scout No.known.fix Missing.Authorization MEDIUM" "http-https-remover 3.2.4 Plugin.Installation.via.CSRF MEDIUM" "http-https-remover 3.2.4 Subscriber+.Plugin.Installation MEDIUM" "hide-admin-bar-based-on-user-roles 3.5.0 Reflected.Cross-Site.Scripting MEDIUM" "hide-admin-bar-based-on-user-roles 3.0.0 Subscriber+.Settings.Update MEDIUM" "hide-admin-bar-based-on-user-roles 3.1.0 Settings.Update.via.CSRF MEDIUM" "hire-me-widget 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "hire-me-widget 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hide-my-site No.known.fix Unauthenticated.Information.Exposure MEDIUM" "hueman-addons No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "hms-testimonials 2.0.11 XSS MEDIUM" "horizontal-line-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons-pro 2.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons-pro 2.8.1 Reflected.XSS HIGH" "happy-elementor-addons-pro 1.17.0 Contributor+.Stored.XSS MEDIUM" "hm-logo-showcase 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "hm-logo-showcase 1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Arbitrary.Settings.Update.via.CSRF MEDIUM" "hc-custom-wp-admin-url No.known.fix Unauthenticated.Secret.URL.Disclosure MEDIUM" "horizontal-scrolling-announcement No.known.fix Horizontal.scrolling.announcement.for.WordPress.<=.9,2.Contributor+.Stored.XSS MEDIUM" "horizontal-scrolling-announcement No.known.fix Authenticated.(subscriber+).Blind.SQL.Injection HIGH" "hercules-core 6.7 Missing.Authorization.to.Settings.Update MEDIUM" "hercules-core 6.5 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "hyperlink-group-block 1.17.6 Contributor+.Stored.XSS MEDIUM" "heateor-social-comments 1.6.2 Contributor+.Stored.XSS MEDIUM" "hitpay-payment-gateway No.known.fix Information.Exposure.via.Log.Files MEDIUM" "https-links-in-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hypercomments No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "heateor-social-login 1.1.36 Authentication.Bypass HIGH" "heateor-social-login 1.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.33 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "heateor-social-login 1.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "heateor-social-login 1.1.31 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "heat-trackr 1.01 XSS MEDIUM" "hs-brand-logo-slider No.known.fix Authenticated.Arbitrary.File.Upload CRITICAL" "hal 2.2 Admin+.Stored.Cross-Site.Scripting LOW" "hash-form 1.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Form.Style.Creation MEDIUM" "hash-form 1.2.0 Drag.&.Drop.Form.Builder.<.1.2.0.-.Unauthenticated.Limited.File.Upload MEDIUM" "hash-form 1.1.1 Unauthenticated.PHP.Object.Injection HIGH" "hash-form 1.1.1 Unauthenticated.Arbitrary.File.Upload.to.Remote.Code.Execution CRITICAL" "headline-analyzer 1.3.4 Cross-Site.Request.Forgery MEDIUM" "headline-analyzer 1.3.2 Missing.Authorization.via.REST.APIs MEDIUM" "ht-mega-for-elementor 2.8.3 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget HIGH" "ht-mega-for-elementor 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.block_css.and.inner_css MEDIUM" "ht-mega-for-elementor 2.6.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.template_id MEDIUM" "ht-mega-for-elementor 2.5.8 Authenticated.(Contributor+).JSON.File.Directory.Traversal MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ht-mega-for-elementor 2.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Player.Widget.Settings MEDIUM" "ht-mega-for-elementor 2.5.3 Subscriber+.Options.Update HIGH" "ht-mega-for-elementor 2.5.3 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.&.Popover.Widget MEDIUM" "ht-mega-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Justify MEDIUM" "ht-mega-for-elementor 2.4.8 Missing.Authorization.to.Information.Exposure MEDIUM" "ht-mega-for-elementor 2.4.7 Unauthenticated.Order.Data.Disclosure HIGH" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Image.Grid.Widget MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.size MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Stored.XSS.via.Lightbox.Widget MEDIUM" "ht-mega-for-elementor 2.5.0 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "ht-mega-for-elementor 2.4.9 Contributor+.Stored.XSS.via.Accordion/FAQ MEDIUM" "ht-mega-for-elementor 2.4.4 Contributor+.Stored.XSS MEDIUM" "ht-mega-for-elementor 2.4.7 Contributor+.Directory.Traversal HIGH" "ht-mega-for-elementor 2.4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleTag MEDIUM" "ht-mega-for-elementor 2.4.5 Contributor+.Stored.Cross-Site.Scripting.via.Post.Carousel.Widget MEDIUM" "ht-mega-for-elementor 2.3.4 Arbitrary.Plugin/Theme.Activation.via.CSRF MEDIUM" "ht-mega-for-elementor 2.3.9 Reflected.Cross-Site.Scripting HIGH" "ht-mega-for-elementor 1.5.7 Absolute.Addons.for.Elementor.Page.Builder.<.1.5.7.-.Contributor+.Stored.XSS MEDIUM" "hd-quiz 2.0.0 Editor+.Stored.XSS LOW" "hd-quiz 1.8.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "hd-quiz 1.8.4 Authenticated.Stored.XSS MEDIUM" "house-manager No.known.fix Reflected.XSS HIGH" "htaccess 1.8.2 CSRF.to.edit..htaccess HIGH" "htaccess 1.7.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "hive-support 1.1.7 Missing.Authorization MEDIUM" "hive-support 1.1.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hive-support 1.1.3 Cross-Site.Request.Forgery MEDIUM" "hive-support 1.1.2 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "helpie-faq 1.28 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "helpie-faq 1.9.9 Reflected.XSS MEDIUM" "helpie-faq 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "helpie-faq 0.7.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "host-webfonts-local 5.7.10 Unauthenticated.Directory.Deletion.&.Stored.XSS HIGH" "host-webfonts-local 4.5.12 Admin+.Arbitrary.Folder.Deletion.via.Path.Traversal MEDIUM" "host-webfonts-local 4.5.4 Unauthenticated.Path.Traversal.in.REST.API MEDIUM" "host-webfonts-local 4.5.4 Subscriber+.Arbitrary.File/Folder.Deletion CRITICAL" "homepage-pop-up No.known.fix CSRF MEDIUM" "homepage-pop-up No.known.fix Admin+.Stored.XSS LOW" "html5-virtual-classroom No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ht-easy-google-analytics 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ht-easy-google-analytics 1.2.0 Missing.Authorization.to.Unauthenticated.GA4.Email.Update MEDIUM" "ht-easy-google-analytics 1.0.7 Plugin.Activation.via.CSRF MEDIUM" "history-log-by-click5 1.0.13 Admin+.Time-Based.Blind.SQL.Injection MEDIUM" "homepage-product-organizer-for-woocommerce No.known.fix Subscriber+.SQLi HIGH" "hm-testimonial 1.5 Reflected.Cross-Site.Scripting MEDIUM" "hm-testimonial 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hello-world 2.2.0 Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "helloprint 2.1.0 Subscriber+.Arbitrary.File.Deletion HIGH" "helloprint 2.1.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "helloprint 2.0.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "helloprint 1.4.7 Reflected.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "hashbar-wp-notification-bar 1.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "hostinger 1.9.8 Unauthenticated.Maintenance.Mode.Toggle MEDIUM" "hostfact-bestelformulier-integratie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "http-headers 1.19.0 Admin+.SSRF MEDIUM" "http-headers 1.19.0 Admin+.Stored.XSS LOW" "http-headers 1.18.11 Admin+.Remote.Code.Execution MEDIUM" "http-headers 1.18.8 Admin+.SQL.Injection MEDIUM" "hotjar 1.0.16 Admin+.Stored.XSS MEDIUM" "happy-scss-compiler No.known.fix Compile.SCSS.to.CSS.automatically.<=.1.3.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.11 Missing.Authorization.to.Authenticated.(Contributor+).Limited.Options.Update MEDIUM" "helloasso 1.1.11 Missing.Authorization MEDIUM" "helloasso 1.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "helloasso 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hotscot-contact-form 1.3 Admin+.SQL.Injection MEDIUM" "html5-audio-player 2.2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "html5-audio-player 2.2.22 Best.WordPress.Audio.Player.Plugin.<.2.2.22.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "html5-audio-player 2.1.12 Contributor+.Stored.XSS MEDIUM" "html5-audio-player 2.1.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "hyp3rl0cal-city-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hide-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "htaccess-redirect No.known.fix Reflected.Cross-Site.Scripting HIGH" "hide-category-by-user-role-for-woocommerce 2.2 Subscriber+.Arbitrary.Content.Deletion MEDIUM" "hello-in-all-languages No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hash-elements 1.5.1 Contributor+.Stored.XSS MEDIUM" "hash-elements 1.4.8 Missing.Authorization.to.Unauthenticated.Draft.Post.Title.Exposure MEDIUM" "hash-elements 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter.in.Multiple.Widgets MEDIUM" "hash-elements 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hyve-lite 1.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "hide-my-wp 5.4.02 Unauthenticated.Limited.File.Read MEDIUM" "hide-my-wp 5.4.01 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.3.02 Reflected.Cross-Site.Scripting.via.URL MEDIUM" "hide-my-wp 5.2.02 Hidden.Login.Page.Disclosure MEDIUM" "hide-my-wp 5.0.20 IP.Address.Spoofing MEDIUM" "huurkalender-wp 1.6.0 Contributor+.Stored.XSS MEDIUM" "html5-responsive-faq No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "header-footer-code-manager 1.1.35 Snippets.Activation/Deactivation/Deletion.via.CSRF MEDIUM" "header-footer-code-manager 1.1.24 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.17 Reflected.Cross-Site.Scripting MEDIUM" "header-footer-code-manager 1.1.14 Admin+.SQL.Injections MEDIUM" "hrm 2.2.6 Multiple.Issues HIGH" "hybrid-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hd-quiz-save-results-light 0.6 Missing.Authorization MEDIUM" "ht-menu-lite 1.2.2 Cross-Site.Request.Forgery MEDIUM" "hack-info 3.18 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hl-twitter No.known.fix Admin+.Stored.XSS.via.Widget LOW" "hl-twitter No.known.fix Settings.Update.via.CSRF MEDIUM" "hl-twitter No.known.fix Unlink.Twitter.Account.via.CSRF MEDIUM" "html5-maps 1.7.1.5 Arbitrary.Settings.Update.via.CSRF MEDIUM" "html5-maps 1.6.5.7 CSRF.&.XSS HIGH" "html5-video-player 2.5.36 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.heading.Parameter MEDIUM" "html5-video-player 2.5.35 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "html5-video-player 2.5.33 Missing.Authorization.in.multiple.functions.via.h5vp_ajax_handler MEDIUM" "html5-video-player 2.5.31 Missing.Authorization MEDIUM" "html5-video-player 2.5.32 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "html5-video-player 2.5.27 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.25 Unauthenticated.SQLi HIGH" "html5-video-player 2.5.19 Subscriber+.Stored.XSS HIGH" "hits-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.IP.Spoofing MEDIUM" "hkdev-maintenance-mode 3.0.2 Unauthenticated.Post/Page.Content.Disclosure MEDIUM" "hm-cool-author-box-widget 2.9.5 Reflected.Cross-Site.Scripting MEDIUM" "hcaptcha-for-forms-and-more 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.cf7-hcaptcha.Shortcode MEDIUM" "html5-chat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-team-member 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.htteamember.Shortcode MEDIUM" "horizontal-scroll-image-slideshow No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "houzez-property-feed 2.4.22 Cross-Site.Request.Forgery.to.Property.Feed.Export.Deletion MEDIUM" "header-footer 3.3.1 Authenticated.(Administrator+).PHP.Code.Injection.in.Multisite.Environments MEDIUM" "history-collection No.known.fix Arbitraty.File.Download HIGH" "hpbtool No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "happy-elementor-addons 3.15.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Comparison MEDIUM" "happy-elementor-addons 3.12.4 Missing.Authorization MEDIUM" "happy-elementor-addons 3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.12.3 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "happy-elementor-addons 3.11.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.PDF.View.Widget MEDIUM" "happy-elementor-addons 3.11.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gradient.Heading.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Navigation.Widget MEDIUM" "happy-elementor-addons 3.11.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Accordion MEDIUM" "happy-elementor-addons 3.10.9 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Event.Calendar.Widget MEDIUM" "happy-elementor-addons 3.10.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Stack.Group.Widget MEDIUM" "happy-elementor-addons 3.10.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.5 Contributor+.Stored.XSS MEDIUM" "happy-elementor-addons 3.10.6 Contributor+.Stored.XSS.via.HTML.Tags MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Calendy MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Photo.Stack.Widget MEDIUM" "happy-elementor-addons 3.10.5 Incorrect.Authorization.to.Information.Exposure MEDIUM" "happy-elementor-addons 3.10.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Page.Title.HTML.Tag MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Archive.Title.Widget MEDIUM" "happy-elementor-addons 3.10.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Meta.Widget MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.2 Missing.Authorization.via.add_row_actions MEDIUM" "happy-elementor-addons 3.10.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "happy-elementor-addons 3.10.0 Reflected.Cross-Site.Scripting HIGH" "happy-elementor-addons 3.10.0 Contributor+.SSRF LOW" "happy-elementor-addons 3.8.3 Cross-Site.Request.Forgery MEDIUM" "happy-elementor-addons 2.24.0 Contributor+.Stored.XSS MEDIUM" "hack-me-if-you-can No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hummingbird-performance 3.9.2 Missing.Authorization MEDIUM" "hummingbird-performance 3.9.2 Cross-Site.Request.Forgery MEDIUM" "hummingbird-performance 3.7.4 Missing.Authorization MEDIUM" "hummingbird-performance 3.4.2 Unauthenticated.Path.Traversal HIGH" "hummingbird-performance 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "h5p 1.15.8 Contributor+.Stored.XSS MEDIUM" "header-footer-elementor 1.6.47 Contributor+.Stored.XSS.via.Page.Title.Widget MEDIUM" "header-footer-elementor 1.6.46 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "header-footer-elementor 1.6.44 Authenticated.(Contributor+).Information.Disclosure.via.Shortcode MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Site.Title.Widget MEDIUM" "header-footer-elementor 1.6.26.1 Contributor+.Stored.XSS MEDIUM" "header-footer-elementor 1.6.27 Authenticated.(Author+).HTML.Injection MEDIUM" "header-footer-elementor 1.6.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.6.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "header-footer-elementor 1.5.8 Header,.Footer.&.Blocks.Template.<.1.5.8.-.Contributor+.Stored.XSS MEDIUM" "hmapsprem No.known.fix Customizable.Google.Maps.Plugin.<=.2.3.9.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmapsprem 2.2.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "highlight-focus No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "houzez-theme-functionality 3.2.3 Functionality.<.3.2.3.-.Authenticated.(Seller+).SQL.Injection HIGH" "heart-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hoo-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hermit No.known.fix Subscriber+.SQLi HIGH" "hermit No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "hermit No.known.fix Unauthenticated.SQLi HIGH" "hermit No.known.fix Arbitrary.Cache/Source.Deletion.&.Source.Creation.via.CSRF MEDIUM" "header-footer-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hero-maps-pro No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hesabfa-accounting 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "highlight 2.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "highlight 0.9.3 Authenticated.Stored.Cross-Site.Scripting LOW" "hurrakify 8.0.1 Unauthenticated.Server-Side.Request.Forgery HIGH" "how-to-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "holler-box 2.3.3 Admin+.Stored.XSS LOW" "holler-box 2.1.4 Admin+.SQL.Injection MEDIUM" "hunk-companion 1.9.0 Unauthenticated.Plugin.Installation CRITICAL" "hunk-companion 1.8.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "hb-audio-gallery No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "hslide No.known.fix WordPress.Slider.Plugin.<=.1.3.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "ht-contactform 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-contactform 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "highlight-search-terms-results 1.04 Reflected.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-instagram 1.2.8 Cross-Site.Request.Forgery MEDIUM" "h5p-css-editor No.known.fix Reflected.Cross-Site.Scripting HIGH" "happyforms 1.26.3 Admin+.Stored.XSS LOW" "happyforms 1.26.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "happyforms 1.25.11 Missing.Authorization MEDIUM" "happyforms 1.25.10 Reflected.Cross-Site.Scripting MEDIUM" "happyforms 1.22.0 Contributor+.Stored.XSS MEDIUM" "hotlink2watermark No.known.fix Cross-Site.Request.Forgery MEDIUM" "hover-image No.known.fix CSRF MEDIUM" "hacklog-downloadmanager No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "hola-free-video-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hurrytimer 2.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Name MEDIUM" "hurrytimer 2.11.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Post.Publication MEDIUM" "hurrytimer 2.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hot-random-image 1.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hls-player 1.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "handsome-testimonials 2.1.1 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "ht-portfolio 1.1.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "hashthemes-demo-importer 1.1.2 Improper.Access.Control.to.Blog.Reset HIGH" "ht-slider-for-elementor 1.4.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "html-forms 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "html-forms 1.3.34 Bulk.Delete.via.CSRF MEDIUM" "html-forms 1.3.33 Admin+.Stored.XSS LOW" "html-forms 1.3.30 Admin+.Stored.XSS LOW" "html-forms 1.3.25 Admin+.SQLi MEDIUM" "host-php-info No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Disclosure HIGH" "header-enhancement 1.5 Unauthorised.Plugin's.Setting.Change MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Reflected.Cross-Site.Scripting MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Directory.Deletion MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Reflected.Cross-Site.Scripting MEDIUM" "hmenu No.known.fix Responsive.WordPress.Menu.Plugin.<=.1.16.5.-.Authenticated.(Subscriber+).SQL.Injection MEDIUM" "hr-management 1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "heureka 1.1.0 Cross-Site.Request.Forgery MEDIUM" "halfdata-optin-downloads No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "htaccess-file-editor 1.0.20 Unauthenticated.Information.Exposure MEDIUM" "htaccess-file-editor 1.0.19 Missing.Authorization MEDIUM" "ht-event No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.HT.Event:.Sponsor MEDIUM" "ht-event 1.4.6 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "happiness-reports-for-help-scout No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "horizontal-scrolling-announcements 2.5 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "hotjar-connecticator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hotjar-connecticator No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "honeypot 2.1.14 Reflected.XSS HIGH" "honeypot 1.5.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "houzez-login-register 3.3.0 Subscriber+.Privilege.Escalation.via.Account.Takeover HIGH" "htaccess-login-block No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "html5-lyrics-karaoke-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hello-event-widgets-for-elementor 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "honeypot-for-wp-comment No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "honeypot-for-wp-comment No.known.fix Directory.Traversal.to.Unauthenticated.Arbitrary.File.Deletion CRITICAL" "hitsteps-visitor-manager 5.87 Admin+.Stored.XSS LOW" "hitsteps-visitor-manager 5.87 Arbitrary.Settings.Update.via.CSRF MEDIUM" "html5-soundcloud-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injection HIGH" "health-check 1.6.0 CSRF MEDIUM" "health-check 1.2.4 Missing.Authorization.Checks MEDIUM" "hdw-player-video-player-video-gallery No.known.fix Cross-Site.Scripting MEDIUM" "hq-rental-software No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "hq60-fidelity-card No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hover-video-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ht-builder 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hebrewdates 2.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "hide-shipping-method-for-woocommerce 1.5.2 Missing.Authorization MEDIUM" "hide-shipping-method-for-woocommerce 1.3.3 Reflected.Cross-Site.Scripting MEDIUM" "hide-shipping-method-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hub2word No.known.fix Subscriber+.Arbitrary.Options.Update CRITICAL" "header-images-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "hm-multiple-roles 1.9 Reflected.Cross-Site.Scripting MEDIUM" "hm-multiple-roles 1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hm-multiple-roles 1.3 Arbitrary.Role.Change CRITICAL" "html2wp No.known.fix Subscriber+.Arbitrary.File.Deletion HIGH" "html2wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "html2wp No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "hss-embed-streaming-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "header-image-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hana-flv-player No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "hover-effects 2.1.1 Admin+.LFI MEDIUM" "hk-filter-and-search No.known.fix Contributor+.Local.File.Inclusion HIGH" "hk-filter-and-search 2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "hreflang-manager-lite 1.07 Cross-Site.Request.Forgery MEDIUM" "hiweb-migration-simple No.known.fix hiWeb.Migration.Simple.<=.2,0,0,1.Reflected.Cross-Site.Scripting HIGH" "header-footer-code 1.2 Admin+.Stored.XSS LOW" "header-footer-code 1.2 Admin+.Stored.XSS.via.CSS.Styles LOW" "helpful 4.5.26 Information.Disclosure MEDIUM" "helpful 4.5.15 Votes.Tampering MEDIUM" "helpful 4.4.59 Admin+.Stored.Cross-Site.Scripting LOW" "hqtheme-extra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hqtheme-extra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "homey-login-register No.known.fix Unauthenticated.Privilege.Escalation.in.homey_register CRITICAL" "homey-login-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "hot-linked-image-cacher No.known.fix Image.upload/cache.abuse.via.CSRF LOW" "hotel-listing 1.3.7 Subscriber+.Privilege.Escalation CRITICAL" "hotel-listing 1.3.3 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "heartland-management-terminal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "houzez-crm 1.4.3 Authenticated.(Seller+).SQL.Injection HIGH" "handl-utm-grabber 2.6.5 Authenticated.Option.Change.via.CSRF HIGH" "hotspots No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "http-auth 1.0.0 Settings.Update.via.CSRF MEDIUM" "haxcan No.known.fix CSRF.Bypass MEDIUM" "haxcan No.known.fix Arbitrary.File.Access MEDIUM" "html5-mp3-player-with-playlist No.known.fix Authenticated.(Author+).PHP.Object.Injecton HIGH" "html5-mp3-player-with-playlist 2.8.0 Full.Path.Disclosure.(FPD) MEDIUM" "hero-banner-ultimate No.known.fix Author+.Local.File.Inclusion HIGH" "hero-banner-ultimate 1.4 Contributor+.Stored.XSS MEDIUM" "hover-image-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hooked-editable-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hooked-editable-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hdw-tube No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "hipaatizer 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "history-timeline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hm-portfolio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "indeed-membership-pro 12.8 Reflected.Cross-Site.Scripting HIGH" "indeed-membership-pro 12.8 Unauthenticated.PHP.Object.Injection HIGH" "indeed-membership-pro 12.8 Unauthenticated.Privilege.Escalation CRITICAL" "import-spreadsheets-from-microsoft-excel 10.1.5 Authenticated.(Editor+).Arbitrary.File.Upload CRITICAL" "import-spreadsheets-from-microsoft-excel 10.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-optimizer-wd 1.0.27 Admin+.Path.Traversal MEDIUM" "image-optimizer-wd 1.0.27 Reflected.Cross-Site.Scripting HIGH" "include-lottie-animation-for-elementor 1.10.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "if-so 1.9.2.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "if-so 1.8.0.4 Admin+.Stored.XSS LOW" "if-so 1.8.0.4 Reflected.XSS MEDIUM" "if-so 1.8.0.3 Contributor+.Shortcode.Stored.XSS MEDIUM" "if-so 1.7.1.1 Missing.Authorization MEDIUM" "if-so 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iamport-for-woocommerce 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "import-legacy-media No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "instagram-feed 2.9.2 Reflected.Cross-Site.Scripting MEDIUM" "inspirational-quote-rotator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "iframe-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "include-fussball-de-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iframe-to-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ithemes No.known.fix New-Password.Requirements.Not.Enforced.Until.second.Login HIGH" "import-xml-feed 2.1.6 Authenticated.(Administrator+).Arbitrary.File.Upload CRITICAL" "import-xml-feed 2.1.4 Admin+.Arbitrary.File.Upload MEDIUM" "import-xml-feed 2.1.5 Unauthenticated.RCE CRITICAL" "import-xml-feed 2.0.3 Authenticated.Server-side.Request.Forgery.(SSRF) MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.4 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.2 Missing.Authorization MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.8.1 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "ipanorama-360-virtual-tour-builder-lite 1.8.0 Authenticated.(Admin+).SQL.injection HIGH" "ipanorama-360-virtual-tour-builder-lite 1.6.30 Contributor+.Stored.XSS MEDIUM" "ipanorama-360-virtual-tour-builder-lite 1.6.22 Reflected.Cross-Site.Scripting HIGH" "iteras 1.8.1 Stored.XSSS.via.CSRF HIGH" "if-menu 0.19.2 Missing.Authorization.to.License.Key.Update MEDIUM" "imagements No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "igniteup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "igniteup 3.4.1 Multiple.Issues HIGH" "indieweb-post-kinds 1.3.1.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "ibtana-visual-editor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ibtana-visual-editor 1.2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "ibtana-visual-editor 1.2.3.4 WordPress.Website.Builder.<.1.2.3.4.-.Unauthenticated.reCAPTCHA.Settings.Update MEDIUM" "ibtana-visual-editor 1.2.2.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "ibtana-visual-editor 1.1.8.8 Contributor+.Stored.XSS.via.Shortcode HIGH" "ibtana-visual-editor 1.1.4.9 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "instagram-for-wordpress No.known.fix Contributor+.Stored.XSS MEDIUM" "integration-of-capsule-crm-for-contact-form-7 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "integration-of-capsule-crm-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "images-asynchronous-load 1.06 Reflected.Cross-Site.Scripting MEDIUM" "image-classify No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "intelliwidget-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intelly-posts-footer-manager 2.2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "inpost-gallery 2.1.4.3 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.inpost_gallery_get_shortcode_template MEDIUM" "inpost-gallery 2.1.4.2 Reflected.XSS HIGH" "inpost-gallery 2.1.4.1 Unauthenticated.LFI.to.RCE CRITICAL" "instagrate-to-wordpress 1.3.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "icdsoft-reseller-store 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "internallink-audit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "icons-font-loader 1.1.5 Authenticated(Administrator+).Arbitrary.File.Upload MEDIUM" "icons-font-loader 1.1.2.1 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "itempropwp No.known.fix Admin+.Stored.XSS LOW" "internal-link-flow-topical-authority-topical-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "image-vertical-reel-scroll-slideshow 9.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "image-vertical-reel-scroll-slideshow No.known.fix Admin+.Stored.XSS LOW" "iframe 5.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "iframe 5.1 Contributor+.Stored.XSS MEDIUM" "iframe 4.9 Contributor+.Stored.XSS LOW" "iframe 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'iframe'.Shortcode MEDIUM" "iframe 4.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "icalendrier 1.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instantio 1.2.6 CSRF.Bypass MEDIUM" "infunding No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.5 Authenticated.(Author+).Stored.Cross-Site.Scritping.via.Bookmark.URL MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Bookmarks MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.15.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.13.3 Contributor+.Stored.XSS MEDIUM" "interactive-3d-flipbook-powered-physics-engine 1.12.1 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "icons-with-links-widget No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "information-for-help 0.0.3 Reflected.Cross-Site.Scripting MEDIUM" "inline-svg-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "iconic-woothumbs 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "image-widget 4.4.11 Admin+.Stored.XSS LOW" "inbound-brew No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inbound-brew No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inbound-brew No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "iphone-webclip-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "icegram-rainmaker 1.3.15 Missing.Authorization MEDIUM" "icegram-rainmaker 1.3.9 Contributor+.Stored.XSS MEDIUM" "imageboss 3.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "internal-links 2.24.4 Cross-Site.Request.Forgery MEDIUM" "internal-links 2.23.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "internal-links 2.23.3 Reflected.Cross-Site.Scripting MEDIUM" "internal-links 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "inline-call-to-action-builder-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ip-blacklist-cloud No.known.fix Admin+.SQLi MEDIUM" "ip-blacklist-cloud No.known.fix Admin+.Stored.XSS LOW" "ip-blacklist-cloud 3.43 Admin+.Arbitrary.File.Disclosure MEDIUM" "intuitive-custom-post-order 3.1.5 Admin+.SQLi LOW" "intuitive-custom-post-order 3.1.4 Arbitrary.Menu.Order.Update.via.CSRF MEDIUM" "intuitive-custom-post-order 3.1.4 Subscriber+.Arbitrary.Menu.Order.Update MEDIUM" "integration-for-szamlazz-hu-gravity-forms 1.2.7 Multiple.CSRF MEDIUM" "ia-map-analytics-basic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instant-appointment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "instant-appointment No.known.fix Unauthenticated.SQL.Injection HIGH" "iframe-popup No.known.fix Admin+.Stored.XSS LOW" "images-optimizer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "inline-footnotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-uk-map 3.4.9 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "interactive-world-map 3.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-world-map 3.4.4 Reflected.Cross-Site.Scripting HIGH" "interactive-world-map 3.4.4 CSRF MEDIUM" "inlocation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "iframe-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "internal-link-builder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "importify 1.0.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "include-me 1.2.2 Authenticated.Remote.Code.Execution.(RCE).via.LFI.log.poisoning HIGH" "image-watermark 1.7.4 Missing.Authorization.to.Authenticated.(Subscriber+).Watermark.Modification MEDIUM" "imageseo 3.1.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "imageseo 2.0.8 Settings.Update.via.CSRF LOW" "improved-sale-badges-free-version No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "imdb-info-box No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "integration-for-szamlazzhu-woocommerce 5.6.3.3 Multiple.CSRF MEDIUM" "independent-analytics 1.25.1 Reflected.Cross-Site.Scripting MEDIUM" "indeed-job-importer No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "idbbee No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects-visual-composer-extension 5.0 Contributor+.Stored.XSS MEDIUM" "import-eventbrite-events 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "inactive-user-deleter 1.60 Cross-Site.Request.Forgery MEDIUM" "internal-link-building-plugin No.known.fix CSRF MEDIUM" "internal-link-building-plugin No.known.fix Admin+.Stored.XSS LOW" "ipblocklist No.known.fix CSRF MEDIUM" "image-protector No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "images-to-webp 1.9 Multiple.Cross.Site.Request.Forgery.(CSRF) MEDIUM" "images-to-webp 1.9 Authenticated.Local.File.Inclusion LOW" "interactive-page-hierarchy No.known.fix Missing.Authorization MEDIUM" "ipages-flipbook 1.5.2 Missing.Authorization MEDIUM" "ipages-flipbook 1.5.0 Authenticated.(Administrator+).SQL.Injection HIGH" "ipages-flipbook 1.4.7 Contributor+.Stored.XSS MEDIUM" "ipages-flipbook 1.4.3 Reflected.Cross-Site.Scripting HIGH" "implied-cookie-consent No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integrate-firebase 0.10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-image-map-builder 1.1 Admin+.Stored.XSS LOW" "inactive-logout 3.2.3 Cross-Site.Request.Forgery MEDIUM" "inactive-logout 3.2.3 Missing.Authorization MEDIUM" "icon-widget 1.4.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "icon-widget 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icon 1.0.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "instagram-widget-by-wpzoom 2.1.14 Missing.Authorization.to.Authenticated.(Subscriber+).Instagram.Image.Deletion MEDIUM" "integrate-automate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integrate-automate 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "indeed-learning-pro No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "icon-list-block 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "incredible-font-awesome No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "invitation-based-registrations No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "integrate-google-drive 1.3.94 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.91 Missing.Authorization MEDIUM" "integrate-google-drive 1.3.9 Missing.Authorization.to.Unauthenticated.Settings.Modification.and.Export CRITICAL" "integrate-google-drive 1.3.4 Subscriber+.Settings.Update MEDIUM" "integrate-google-drive 1.3.5 Cross-Site.Request.Forgery MEDIUM" "integrate-google-drive 1.3.3 Open.Redirect.via.state MEDIUM" "integrate-google-drive 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "integrate-google-drive 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "images-optimize-and-upload-cf7 No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "image-source-control-isc 2.28.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.29.1 Reflected.Cross-Site.Scripting MEDIUM" "image-source-control-isc 2.17.1 Sensitive.Information.Exposure.via.Log.File MEDIUM" "image-source-control-isc 2.3.1 Contributor+.Arbitrary.Post.Meta.Value.Change MEDIUM" "icegram 3.1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.32 Author+.Stored.XSS MEDIUM" "icegram 3.1.32 Admin+.Stored.XSS LOW" "icegram 3.1.32 Admin+.Stored.XSS LOW" "icegram 3.1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "icegram 3.1.25 Missing.Authorization MEDIUM" "icegram 3.1.25 Missing.Authorization.to.Unauthenticated.Message.Duplication MEDIUM" "icegram 3.1.22 Contributor+.Campaign.Status.Toggle./.Duplication LOW" "icegram 3.1.19 Cross-Site.Request.Forgery.via.save_campaign_preview MEDIUM" "icegram 3.1.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Campaign.Message MEDIUM" "icegram 3.1.12 Reflected.XSS HIGH" "icegram 2.1.8 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "icegram 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "icegram 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "icegram 1.10.29 CSRF.to.Stored.XSS MEDIUM" "icegram 1.9.19 Cross-Site.Request.Forgery.(CSRF).&.XSS MEDIUM" "index-wp-mysql-for-speed 1.4.18 Admin+.Reflected.XSS HIGH" "inlinkz-scripter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idpay-contact-form-7 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "icon-widget-with-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "invite-anyone 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "invite-anyone 1.3.19 Unauthenticated.PHP.Object.Injection CRITICAL" "invite-anyone 1.3.16 Multiple.Issues MEDIUM" "iamport-payment No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intelligent-importer 5.1.4 Reflected.Cross-Site.Scripting MEDIUM" "ithemes-sync 3.0.1 Stored.Cross-Site.Scripting.via.packages MEDIUM" "ithemes-sync 2.1.14 Cross-Site.Request.Forgery.and.Missing.Authorization.via.'hide_authenticate_notice' MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000024 Author+.Arbitrary.File.Upload CRITICAL" "insert-or-embed-articulate-content-into-wordpress No.known.fix Iframe.Injection LOW" "insert-or-embed-articulate-content-into-wordpress No.known.fix Author+.Upload.to.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.3000000023 Contributor+.Stored.XSS MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000021 Reflected.Cross-Site.Scripting MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.3000000016 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.29991 Authenticated.Arbitrary.Folder.Deletion.and.Rename MEDIUM" "insert-or-embed-articulate-content-into-wordpress 4.2999 Unauthenticated.RCE CRITICAL" "insert-or-embed-articulate-content-into-wordpress 4.2997 Subscriber+.Arbitrary.Option.Update CRITICAL" "interact-quiz-embed 3.1 Contributor+.Stored.XSS MEDIUM" "ics-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "impreza 8.18 Reflected.Cross-Site.Scripting MEDIUM" "integration-for-gravity-forms-and-pipedrive 1.0.7 Reflected.Cross-Site.Scripting HIGH" "ithemes-security-pro 6.8.4 Hide.Backend.Bypass MEDIUM" "iloveimg 1.0.6 iLoveIMG.<.1.0.6.-.Admin+.PHP.Object.Injection HIGH" "institutions-directory 1.3.1 Subscriber+.Privilege.Escalation CRITICAL" "indexisto No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "image-slider-widget 1.1.127 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "image-slider-widget 1.1.123 Arbitrary.Post.Duplication.via.CSRF MEDIUM" "insert-php-code-snippet 1.3.7 Cross-Site.Request.Forgery.to.Code.Snippet.Activate/Deactivate/Deletion MEDIUM" "insert-php-code-snippet 1.3.5 Admin+.Stored.XSS LOW" "invoicing 2.8.12 Missing.Authorization.via.column_subscription() MEDIUM" "invoicing 2.3.4 Authenticated.Stored.XSS HIGH" "import-users-to-mailchimp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ichart 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "image-hover-effects-css3 No.known.fix Admin+.Stored.XSS LOW" "insert-estimated-reading-time No.known.fix Admin+.Stored.XSS LOW" "ithemes-mobile 1.2.8 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "idealien-category-enhancements No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects-ultimate-visual-composer 2.6.1 Authenticated.Arbitrary.Options.Update HIGH" "ipages-flipbook-pro 1.4.3 Reflected.Cross-Site.Scripting HIGH" "imdb-widget 1.0.9 Local.File.Inclusion.(LFI) HIGH" "imagerecycle-pdf-image-compression 3.1.17 Reflected.Cross-Site.Scripting MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.15 Cross-Site.Request.in.Several.AJAX.Actions MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.disableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Plugin.Data.Removal.in.reinitialize MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.stopOptimizeAll MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Cross-Site.Request.Forgery.to.Settings.Update.in.optimizeAllOn MEDIUM" "imagerecycle-pdf-image-compression 3.1.14 Missing.Authorization.to.Settings.Update.in.enableOptimization MEDIUM" "imagerecycle-pdf-image-compression 3.1.12 Reflected.XSS HIGH" "imagerecycle-pdf-image-compression 3.1.11 Reflected.XSS HIGH" "image-over-image-vc-extension 3.0 Contributor+.Stored.XSS MEDIUM" "import-shopify-to-woocommerce 1.1.13 Import.Shopify.to.WooCommerce.<.1.1.13.-.Admin+.Arbitrary.File.Access MEDIUM" "indeed-wp-superbackup 2.4 Reflected.Cross-Site.Scripting MEDIUM" "indeed-wp-superbackup 2.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "indeed-wp-superbackup 2.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "indeed-wp-superbackup 2.4 Missing.Authorization MEDIUM" "indeed-wp-superbackup 2.4 Missing.Authorization.to.Unauthenticated.Back-Up.File.Download HIGH" "indeed-wp-superbackup 2.4 Migrate.for.WordPress.<.2.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "i-plant-a-tree 1.7.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "i-plant-a-tree No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "interactive-polish-map 1.2.1 Admin+.Stored.XSS LOW" "import-csv-files No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "inet-webkit 1.2.3 Missing.Authorization MEDIUM" "iflychat No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iflychat 4.7.0 Admin+.Stored.Cross-Site.Scripting.(XSS) LOW" "inline-tweet-sharer 2.6 Admin+.Stored.XSS LOW" "imagelinks-pro 1.5.3 Reflected.Cross-Site.Scripting HIGH" "icons-enricher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ilab-media-tools 4.5.25 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ilab-media-tools 4.5.21 Reflected.Cross-Site.Scripting MEDIUM" "ilab-media-tools 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "idonate 2.0.0 Admin+.Stored.XSS LOW" "iq-block-country 1.2.20 Protection.Bypass.due.to.IP.Spoofing MEDIUM" "iq-block-country 1.2.13 Admin+.Arbitrary.File.Deletion.via.Zip.Slip MEDIUM" "iq-block-country 1.2.12 Admin+.Stored.Cross-Site.Scripting LOW" "iq-block-country 1.1.20 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "ignitiondeck 1.10.0 Missing.Authorization MEDIUM" "iq-testimonials No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "intelligence No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "info-cards 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "inpost-for-woocommerce 1.4.5 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "intelly-related-posts 3.8.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.7.0 Reflected.XSS HIGH" "intelly-related-posts 3.4.0 Tracking.Toggle.via.CSRF MEDIUM" "intelly-related-posts 3.6.0 Subscriber+.Password.Protected.Post.Read MEDIUM" "intelly-related-posts 3.5.0 Admin+.Stored.XSS LOW" "intelly-related-posts 3.0.5 Admin+.Cross-Site.Scripting LOW" "imagemapper No.known.fix Subscriber+.Arbitrary.Post.Deletion MEDIUM" "imagemapper No.known.fix Stored.XSS.via.CSRF HIGH" "imagemapper No.known.fix Contributor+.Stored.XSS MEDIUM" "imagemapper No.known.fix Settings.Update.via.CSRF MEDIUM" "ink-official No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "ider-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instant-css 1.2.2 Theme/CSS/Minify/Preprocessor.Data.Update.via.CSRF MEDIUM" "instant-css 1.1.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "invitation-code-content-access 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "iks-menu 1.11.2 Reflected.Cross-Site.Scripting MEDIUM" "iks-menu 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "interactive-geo-maps 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "interactive-geo-maps 1.5.11 Editor+.Stored.XSS LOW" "interactive-geo-maps 1.5.9 Contributor+.Stored.XSS MEDIUM" "interactive-geo-maps 1.5.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "image-hover-effects-ultimate 9.8.5 Admin+.Stored.XSS LOW" "image-hover-effects-ultimate 9.7.2 Authenticated.Arbitrary.Options.Change HIGH" "image-hover-effects-ultimate 9.8.0 Authenticated.Stored.XSS MEDIUM" "image-hover-effects-ultimate 9.7.2 Reflected.Cross-Site.Scripting MEDIUM" "image-hover-effects-ultimate 9.7.1 Reflected.Cross-Site.Scripting HIGH" "image-hover-effects-ultimate 9.7.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "i-recommend-this 3.9.0 Admin+.Stored.XSS LOW" "i-recommend-this 3.9.1 CSRF MEDIUM" "i-recommend-this 3.8.2 Authenticated.SQL.Injection HIGH" "interactive-medical-drawing-of-human-body 2.6 Admin+.Stored.XSS LOW" "improved-sale-badges 4.4.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "imagelinks-interactive-image-builder-lite 1.6.0 Admin+.SQLi MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.4 Contributor+.Stored.XSS MEDIUM" "imagelinks-interactive-image-builder-lite 1.5.3 Reflected.Cross-Site.Scripting HIGH" "ibtana-ecommerce-product-addons 0.2.4 Ecommerce.Product.Addons.<.0.2.4.-.Reflected.Cross-Site.Scripting HIGH" "image-carousel-for-divi 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "image-carousel-for-divi 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "infolinks-ad-wrap No.known.fix Settings.Update.via.CSRF MEDIUM" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Plugin.Settings MEDIUM" "image-gallery 1.3.0 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "image-gallery 1.3.0 Image.Gallery.<.1.3.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Post.Title.Update MEDIUM" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-switcher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "increase-sociability No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "infusionsoft-web-tracker No.known.fix Cross-Site.Request.Forgery MEDIUM" "import-users-from-csv-with-meta 1.27.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "import-users-from-csv-with-meta 1.27.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.9 Unauthenticated.Information.Exposure MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "import-users-from-csv-with-meta 1.26.6 Missing.Authorization MEDIUM" "import-users-from-csv-with-meta 1.26.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "import-users-from-csv-with-meta 1.24.7 Missing.Authorization.via.fire_cron.REST.endpoint MEDIUM" "import-users-from-csv-with-meta 1.24.4 Contributor+.Stored.XSS MEDIUM" "import-users-from-csv-with-meta 1.24.3 Admin+.Arbitrary.File.Read/Deletion MEDIUM" "import-users-from-csv-with-meta 1.20.5 Subscriber+.CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.19.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "import-users-from-csv-with-meta 1.16.3.6 CSV.Injection MEDIUM" "import-users-from-csv-with-meta 1.15.0.1 Unauthorised.Authenticated.Users.Export LOW" "import-users-from-csv-with-meta 1.14.2.2 CSRF.leading.to.attachment.deletion.&.Path.Traversal HIGH" "import-users-from-csv-with-meta 1.14.1.3 XSS MEDIUM" "import-users-from-csv-with-meta 1.14.0.3 XSS.and.CSRF HIGH" "import-users-from-csv-with-meta 1.12.1 Import.Cross-Site.Scripting.(XSS) MEDIUM" "internal-comments No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "internal-comments 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "iva-business-hours-pro No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "icestats No.known.fix Cross-Site.Request.Forgery MEDIUM" "inquiry-cart No.known.fix Stored.XSS.via.CSRF HIGH" "inventorypress No.known.fix Author+.Stored.XSS MEDIUM" "indeed-api No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "imagenius No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "iworks-pwa 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "interactive-world-maps 2.5 Reflected.Cross-Site.Scripting MEDIUM" "image-map-pro-lite No.known.fix Subscriber+.Stored.XSS MEDIUM" "image-map-pro-lite No.known.fix CSRF.to.Stored.XSS MEDIUM" "ip-loc8 No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "image-magnify No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instant-images 6.1.1 Author+.Arbitrary.Options.Update HIGH" "instant-images 5.2.0 Author+.SSRF LOW" "instant-images 4.4.0.1 Authenticated.Stored.XSS.&.XFS MEDIUM" "insert-pages 3.7.5 Contributor+.Stored.XSS MEDIUM" "insert-pages 3.7.0 Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "insert-pages 3.7.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "insert-pages 3.2.4 Directory.Traversal CRITICAL" "ithemeland-bulk-posts-editing-lite 4.2.4 Cross-Site.Request.Forgery MEDIUM" "ithemeland-bulk-posts-editing-lite 4.2.4 Authenticated.(Subscriber+).Missing.Authorization MEDIUM" "imagemagick-sharpen-resized-images No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "igumbi-online-booking 1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "insert-php 2.5.1 Woody.code.snippets.–.Insert.Header.Footer.Code,.AdSense.Ads.<.2,5,1.-Authenticated.(Contributor+).Remote.Code.Execution CRITICAL" "insert-php 2.5.1 Admin+.Stored.XSS MEDIUM" "insert-php 2.4.6 Reflected.Cross-Site.Scripting MEDIUM" "insert-php 2.3.10 Arbitrary.Settings.Update.via.CSRF MEDIUM" "insert-php 2.3.10 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "insert-php 2.2.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "insert-php 2.2.6 Arbitrary.Post.Deletion MEDIUM" "insert-php 2.2.5 Multiple.issues.leading.to.RCE HIGH" "ithemelandco-woo-report 1.5.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "ithemelandco-woo-report 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "image-upload-for-bbpress 1.1.19 Cross-Site.Request.Forgery.via.hm_bbpui_admin_page MEDIUM" "intergeo-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "intergeo-maps 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.2.1 Cross-Site.Request.Forgery MEDIUM" "integration-for-contact-form-7-and-pipedrive 1.1.1 Reflected.Cross-Site.Scripting HIGH" "import-holded-products-woocommerce 2.0 Reflected.Cross-Site.Scripting MEDIUM" "import-holded-products-woocommerce 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "insta-gallery 4.4.0 Missing.Authorization MEDIUM" "insta-gallery 2.4.8 CSRF.&.Missing.Authorisation.Checks HIGH" "incoming-links 0.9.10b referrers.php.XSS MEDIUM" "ilc-thickbox No.known.fix Settings.update.via.CSRF MEDIUM" "instant-chat-wp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "image-export No.known.fix Directory.Traversal CRITICAL" "inline-google-spreadsheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "image-hover-effects-addon-for-elementor 1.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.eihe_link.Parameter MEDIUM" "image-hover-effects-addon-for-elementor 1.4.2 Elementor.Addon.<.1.4.2.-.Authenticated(Contributor+).DOM-based.Stored.Cross-Site.Scripting.via.Image.Hover.Effects.Widget MEDIUM" "image-hover-effects-addon-for-elementor 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'eihe_align' MEDIUM" "image-hover-effects-addon-for-elementor 1.3.4 Elementor.Addon.<.1.3.4.-.Contributor+.Stored.XSS MEDIUM" "ie-css3-support No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "infusionsoft-official-opt-in-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infusionsoft-official-opt-in-forms No.known.fix Admin+.Stored.XSS LOW" "instagram-slider-widget 2.2.9 Admin+.Stored.XSS LOW" "instagram-slider-widget 2.2.9 Admin+.Stored.XSS.via.Widgets LOW" "instagram-slider-widget 2.2.5 Missing.Authorization MEDIUM" "instagram-slider-widget 2.0.7 Admin+.Stored.XSS.via.Feeds LOW" "instagram-slider-widget 2.0.6 Admin+.Stored.XSS.via.API.Key LOW" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.Feed.Deletion MEDIUM" "instagram-slider-widget 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "instagram-slider-widget 2.0.5 Subscriber+.Stored.XSS.via.Feeds HIGH" "instagram-slider-widget 2.0.5 Subscriber+.Arbitrary.API.Key.Update.to.Stored.XSS HIGH" "instagram-slider-widget 1.8.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "iws-geo-form-fields No.known.fix Geo.Form.Fields.<=.1.0.-.Unauthenticated.SQLi HIGH" "imagemeta No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ip-based-login 2.4.1 Log.Deletion.via.CSRF MEDIUM" "ip-based-login 2.4.1 Admin+.Stored.XSS LOW" "iwp-client 1.13.1 Unauthenticated.Limited.Directory.Traversal.to.Arbitrary..txt.File.Reading MEDIUM" "iwp-client 1.12.3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "iwp-client 1.12.1 Unauthenticated.Sensitive.Information.Exposure HIGH" "iwp-client 1.9.4.5 Authentication.Bypass CRITICAL" "ideapush 8.73 Missing.Authorization MEDIUM" "ideapush 8.72 Missing.Authorization.to.Board.Term.Deletion MEDIUM" "ideapush 8.71 Cross-Site.Request.Forgery MEDIUM" "ideapush 8.69 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.66 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ideapush 8.61 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "ideapush 8.58 Subscriber+.Memory.Tab/Routine/Taxonomy.Creation MEDIUM" "ideapush 8.53 Admin+.Stored.XSS LOW" "image-mapper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "icustomizer 1.5.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "indigitall-web-push-notifications 3.2.3 Admin+.Stored.XSS LOW" "ip2location-redirection 1.33.4 Missing.Authorization.to.Unauthenticated.Settings.Export MEDIUM" "internal-links-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "integrar-getnet-con-woo 0.0.5 Unauthenticated.Authorization.Bypass HIGH" "innovs-hr-manager No.known.fix Employee.Creation.via.CSRF MEDIUM" "innovs-hr-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "iksweb 3.8 Admin+.Stored.XSS LOW" "infility-global 2.9.9 Reflected.XSS HIGH" "infility-global 2.9.9 Reflected.XSS.via.set_type.Parameter HIGH" "infility-global 2.9.9 Subscriber+.Plugin.Settings.Update MEDIUM" "internal-link-shortcode No.known.fix Unauthenticated.SQL.Injection HIGH" "intimate-io-cryptocurrency-payments No.known.fix CSRF.Bypass MEDIUM" "ibuildapp No.known.fix Reflected.XSS HIGH" "improved-include-page No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "instabot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects-with-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id,.oxi_addons_f_title_tag,.and.content_description_tag.Parameters MEDIUM" "image-hover-effects-with-carousel 3.0 Reflected.XSS HIGH" "infusionsoft 1.5.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "infusionsoft 1.5.10 1.5.10.Arbitrary.File.Upload MEDIUM" "ip-vault-wp-firewall 2.1 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "ip-vault-wp-firewall 2.1 WP.Firewall.<.2.1.-.Admin+.Stored.XSS LOW" "idx-broker-platinum 3.2.3 Contributor+.Stored.XSS MEDIUM" "idx-broker-platinum 3.0.6 Reflected.Cross-Site.Scripting HIGH" "idx-broker-platinum 2.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).via.unprotected.'idx_update_recaptcha_key'.AJAX MEDIUM" "idx-broker-platinum 2.6.2 Authenticated.Post.Creation,.Modification,.and.Deletion MEDIUM" "insight-core No.known.fix Subscriber+.PHP.Object.Injection.&.Stored.XSS MEDIUM" "ip2location-country-blocker 2.38.9 Unauthenticated.Information.Disclosure MEDIUM" "ip2location-country-blocker 2.38.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ip2location-country-blocker 2.34.3 Cross-Site.Request.Forgery MEDIUM" "ip2location-country-blocker 2.33.4 Unauthenticated.Sensitive.Information.Exposure.via.Debug.Log.File MEDIUM" "ip2location-country-blocker 2.26.9 Admin+.Stored.Cross-Site.Scripting LOW" "ip2location-country-blocker 2.26.5 Subscriber+.Arbitrary.Country.Ban MEDIUM" "ip2location-country-blocker 2.26.6 Arbitrary.Country.Ban.via.CSRF MEDIUM" "ip2location-country-blocker 2.26.5 Ban.Bypass MEDIUM" "instawp-connect 0.1.0.84 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "instawp-connect 0.1.0.45 Authentication.Bypass.to.Admin CRITICAL" "instawp-connect 0.1.0.39 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.39 Missing.Authorization.to.Unauthenticated.API.setup/Arbitrary.Options.Update/Administrative.User.Creation CRITICAL" "instawp-connect 0.1.0.25 Missing.Authorization MEDIUM" "instawp-connect 0.1.0.23 Unauthenticated.Arbitrary.File.Upload CRITICAL" "instawp-connect 0.1.0.9 Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "instawp-connect 0.1.0.10 Missing.Authorization.to.Sensitive.Information.Dislcosure MEDIUM" "instawp-connect 0.1.0.10 Authenticated.(Subscriber+).SQL.Injection HIGH" "instawp-connect 0.1.0.9 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "instawp-connect 0.1.0.9 Cross-Site.Request.Forgery.via.create_file_db_manager MEDIUM" "instawp-connect 0.0.9.19 Unauthenticated.Data.Modification CRITICAL" "infusionsoft-landing-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "image-gallery-with-slideshow No.known.fix Multiple.XSS.and.SQL.Injection CRITICAL" "insert-headers-and-footers 2.0.13.1 Reflected.XSS HIGH" "insert-headers-and-footers 2.0.9 Arbitrary.Log.File.Deletion.via.CSRF MEDIUM" "insert-headers-and-footers 2.0.7 Contributor+.WPCode.Library.Auth.Key.Update/Deletion LOW" "image-alt-text 3.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Image.Alt.Text.Update MEDIUM" "iconize No.known.fix Authenticated.(Admin+).Remote.Code.Execution HIGH" "ipushpull 2.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "inline-tweets No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "indeed-affiliate-pro 4.0 Authenticated.Stored.XSS MEDIUM" "infogram No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-hover-effects 5.6 Caption.Settings.Update.via.CSRF MEDIUM" "image-hover-effects 5.5 Admin+.Stored.XSS LOW" "import-export-for-woocommerce No.known.fix Subscriber+.Arbitrary.File.Upload CRITICAL" "improved-variable-product-attributes 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "image-carousel-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "increase-upload-file-size-maximum-execution-time-limit 3.0 Reflected.Cross-Site.Scripting MEDIUM" "integration-dynamics 1.3.24 Contributor+.RCE.and.Arbitrary.File.Read CRITICAL" "integration-dynamics 1.3.18 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "information-reel 10.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "inline-click-to-tweet No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "immotoolbox-connect 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "invoice-payment-for-woocommerce 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "i2-pro-cons No.known.fix Contributor+.Stored.XSS MEDIUM" "insertify No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "ifeature-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "ithemes-exchange 1.12.0 XSS.via.add_query_arg().and.remove_query_arg() MEDIUM" "integracao-rd-station 5.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "integracao-rd-station 5.2.1 Multiple.CSRF MEDIUM" "ics-calendar 10.12.0.2 Authenticated(Contributor+).Directory.Traversal.via._url_get_contents MEDIUM" "ipanorama-pro 1.6.22 Reflected.Cross-Site.Scripting HIGH" "infinite-scroll No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "ip-address-blocker No.known.fix IP.Spoofing MEDIUM" "ip-address-blocker No.known.fix Cross-Site.Request.Forgery MEDIUM" "integration-for-billingo-gravity-forms 1.0.4 Multiple.CSRF MEDIUM" "insert-post-ads No.known.fix Missing.Authorization MEDIUM" "image-map-pro 6.0.21 Missing.Authorization.to.Authenticated.(Contributor+).Map.Project.Add/Update/Delete MEDIUM" "image-map-pro 6.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-map-pro 5.6.9 Cross-Site.Scripting HIGH" "image-map-pro 5.6.9 Cross-Site.Request.Forgery MEDIUM" "image-gallery-box-by-crudlab No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "image-hover-effects-elementor-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ifolders 1.5.1 Admin+.XSS MEDIUM" "import-users-from-csv 1.3 Authenticated.(Admin+).PHP.Object.Injection HIGH" "ideal-interactive-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "instalinker 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ims-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idcrm-contacts-companies 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "infinite-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "image-regenerate-select-crop 7.3.1 Sensitive.Information.Exposure MEDIUM" "idsk-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "idsk-toolkit No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ibryl-switch-user No.known.fix Authenticated.(Subscriber+).Privilege.Escalation.via.Account.Takeover HIGH" "ip-metaboxes No.known.fix Admin+.Stored.XSS LOW" "ip-metaboxes No.known.fix Unauthenticated.Reflected.XSS HIGH" "isee-products-extractor 2.1.4 .Reflected.Cross-Site.Scripting HIGH" "imagemagick-engine 1.7.11 Administrator+.OS.Command.Injection MEDIUM" "imagemagick-engine 1.7.6 PHAR.Deserialization.via.CSRF HIGH" "imagemagick-engine 1.7.6 Command.Injection.via.CSRF HIGH" "inavii-social-feed-for-elementor 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "image-tag-manager No.known.fix Reflected.Cross-Site.Scripting.via.default_class MEDIUM" "issuu-panel No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload' HIGH" "imgspider 2.3.11 Authenticated.(Contributor+).Arbitrary.File.Upload.via.'upload_img_file' HIGH" "include-mastodon-feed 1.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "include-mastodon-feed 1.9.6 Contributor+.Stored.XSS MEDIUM" "import-external-images No.known.fix CSRF MEDIUM" "issues-tracker 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "issues-tracker 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "infographic-and-list-builder-ilist 5.0.0 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "infographic-and-list-builder-ilist 4.7.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Title.Update MEDIUM" "infographic-and-list-builder-ilist 4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infographic-and-list-builder-ilist 4.3.8 iList.<.4.3.8.-.Unauthenticated.SQL.Injection HIGH" "iubenda-cookie-law-solution 3.3.3 Subscriber+.Privileges.Escalation.to.Admin HIGH" "imbachat-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "image-horizontal-reel-scroll-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "image-horizontal-reel-scroll-slideshow 13.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "image-horizontal-reel-scroll-slideshow 13.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "iwjob No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "import-social-statistics 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "import-social-statistics No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "import-social-statistics No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "jlayer-parallax-slider-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jh-404-logger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "jazzcash-woocommerce-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "jigoshop-store-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jreviews No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "job-board-light 1.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "just-writing-statistics 4.8 Authenticated.(Administrator+).SQL.Injection MEDIUM" "just-writing-statistics 4.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "jw-player-7-for-wp No.known.fix Missing.Authorization MEDIUM" "juicer 1.11 Contributor+.Stored.XSS MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.via.AJAX.actions MEDIUM" "just-custom-fields No.known.fix Cross-Site.Request.Forgery.on.AJAX.Actions MEDIUM" "just-custom-fields No.known.fix Missing.Authorization.on.AJAX.Actions MEDIUM" "job-manager No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "job-manager No.known.fix .Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "job-manager 0.7.25 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jcarousel-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "jalbum-bridge 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ar.Parameter MEDIUM" "jetpack-boost 3.4.8 Contributor+.Stored.XSS MEDIUM" "jetpack-boost 3.4.7 Admin+.SSRF MEDIUM" "jivochat 1.3.5.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "joomdev-wp-pros-cons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jsm-show-post-meta 4.6.1 Missing.Authorization MEDIUM" "joan 5.6.3 Authenticated.Stored.Cross-Site.Scripting LOW" "joan 5.6.2 Reflected.Cross-Site.Scripting HIGH" "joan 5.6.2 Arbitrary.Plugin's.Settings.Update.via.CSRF MEDIUM" "jiangqie-official-website-mini-program 1.1.1 Authenticated.SQL.Injection CRITICAL" "justified-image-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "javascript-logic No.known.fix CSRF.to.Stored.XSS HIGH" "joomsport-sports-league-results-management 5.6.18 Reflected.Cross-Site.Scripting.via.page HIGH" "joomsport-sports-league-results-management 5.6.4 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.5.7 Missing.Authorization MEDIUM" "joomsport-sports-league-results-management 5.2.8 Unauthenticated.SQLi HIGH" "joomsport-sports-league-results-management 5.2.6 Admin+.SQLi MEDIUM" "joomsport-sports-league-results-management 5.1.8 Unauthenticated.PHP.Object.Injection MEDIUM" "joomsport-sports-league-results-management 3.4 SQL.Injection CRITICAL" "jetpackcrm-ext-woo-connect 2.13 Unauthorized.Invoice.Disclosure LOW" "javo-core 3.0.0.266 Unauthenticated.Privilege.Escalation.in.ajax_signup CRITICAL" "jet-theme-core 2.2.1 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "jupiterx-core 4.8.8 Authenticated.(Contributor+).SVG.Upload.to.Local.File.Inclusion.(Remote.Code.Execution) HIGH" "jupiterx-core 4.8.8 Authenticated.(Contributor+).Arbitrary.File.Read MEDIUM" "jupiterx-core 4.8.6 Missing.Authorization.to.Unauthenticated.Popup.Template.Export MEDIUM" "jupiterx-core 4.8.6 Missing.Authorization.to.Authenticated.Library.Sync MEDIUM" "jupiterx-core 4.7.8 Limited.Unauthenticated.Authentication.Bypass.to.Account.Takeover HIGH" "jupiterx-core 4.6.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 3.3.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jupiterx-core 3.4.3 Unauthenticated.Privilege.Escalation CRITICAL" "jupiterx-core 4.6.9 Unauthenticated.Arbitrary.File.Download HIGH" "jupiterx-core 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "jupiterx-core 2.0.8 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiterx-core 2.0.7 Information.Disclosure,.Modification,.and.Denial.of.Service MEDIUM" "jetformbuilder 3.3.4.2 Authenticated.(Administrator+).Privilege.Escalation HIGH" "jetformbuilder 3.1.5 Unauthenticated.Content.Injection MEDIUM" "jetformbuilder 3.0.7 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "jungbillig-portfolio-gallery No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "jwp-a11y No.known.fix Admin+.Stored.XSS LOW" "jet-engine 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.list_tag.Parameter MEDIUM" "jet-engine 3.2.5 Missing.Authorization HIGH" "jet-engine 3.2.5 Authenticated.(Contributor+).Privilege.Escalation HIGH" "jet-engine 3.1.3.1 Author+.Remote.Code.Execution HIGH" "jc-ajax-search-for-woocommerce 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "jch-optimize 4.2.1 Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "jch-optimize 3.2.3 Admin+.Stored.XSS LOW" "jquery-tagline-rotator No.known.fix Reflected.Cross-Site.Scripting HIGH" "json-api-user 3.9.4 Unauthenticated.Privilege.Escalation CRITICAL" "jquery-vertical-accordion-menu No.known.fix Contributor+.Stored.XSS MEDIUM" "judgeme-product-reviews-woocommerce 1.3.21 Contributor+.Stored.XSS MEDIUM" "jekyll-exporter 2.2.1 Unauthenticated.RCE.via.PHPUnit CRITICAL" "jobwp 2.2 Sensitive.Information.Exposure HIGH" "jobwp 2.0 Reflected.Cross-Site.Scripting MEDIUM" "jet-elements 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-elements 2.6.20.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jet-elements 2.6.13.1 Missing.Authorization.to.Unauthenticated.Arbitrary.Attachment.Download MEDIUM" "jb-horizontal-scroller-news-ticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "journey-analytics 1.0.13 Unauthorised.AJAX.call.via.CSRF MEDIUM" "job-manager-career 1.4.5 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "job-manager-career 1.4.4 Directory.listing.to.Sensitive.Data.Exposure HIGH" "jsfiddle-shortcode 1.1.3 Contributor+.XSS.via.Shortcode MEDIUM" "jp-staticpagex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "job-postings 2.7.11 Contributor+.Stored.XSS MEDIUM" "job-postings 2.7.8 Contributor+.Stored.XSS MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting.via.job-search MEDIUM" "job-postings 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "job-postings 2.7.4 Contributor+.Stored.XSS MEDIUM" "job-postings 2.5.11 Admin+.Stored.XSS LOW" "job-postings 2.6.0 Author+.Stored.XSS MEDIUM" "jet-footer-code No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "joli-clear-lightbox 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "js-support-ticket 2.8.9 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "js-support-ticket 2.8.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "js-support-ticket 2.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "js-support-ticket 2.8.7 Unauthenticated.PHP.Code.Injection.to.Remote.Code.Execution CRITICAL" "js-support-ticket 2.8.4 Missing.Authorization MEDIUM" "js-support-ticket 2.8.2 Unauthenticated.SQL.Injection.via.email.and.trackingid CRITICAL" "js-support-ticket 2.7.8 Best.Help.Desk.&.Support.<.2.7.8.-.Subscriber+.Ticket.Manipulation.via.IDOR MEDIUM" "js-support-ticket 2.7.2 CSRF MEDIUM" "js-support-ticket 2.0.6 CSRF HIGH" "job-board-vanilla No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jeeng-push-notifications 2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "js-twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "joli-table-of-contents 2.0.10 Reflected.Cross-Site.Scripting MEDIUM" "joli-table-of-contents 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "js-vehicle-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "jetwoo-widgets-for-elementor 1.1.8 Authenticated.(Contributor+).Limited.Local.File.Inclusion HIGH" "jk-html-to-pdf No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "jsp-store-locator No.known.fix Deletion.via.Missing.CSRF MEDIUM" "jsp-store-locator No.known.fix Contributor+.SQL.Injection HIGH" "job-board-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "job-board-manager 2.1.60 Cross-Site.Request.Forgery MEDIUM" "job-board-manager No.known.fix Missing.Authorization MEDIUM" "job-board-manager 2.1.59 Subscriber+.Stored.XSS HIGH" "joy-of-text No.known.fix Missing.Authorization MEDIUM" "joy-of-text No.known.fix Settings.Update.via.CSRF MEDIUM" "joy-of-text 2.3.1 Unauthenticated.SQLi HIGH" "jet-skinner-for-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "json-content-importer 1.6.0 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "json-content-importer 1.5.4 Reflected.XSS HIGH" "json-content-importer 1.3.16 Admin+.Stored.XSS LOW" "jiangqie-free-mini-program No.known.fix Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "jet-blocks 1.3.12.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jet-blocks 1.3.8.1 Reflected.Cross.Site.Scripting MEDIUM" "just-wp-variables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jds-portfolio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jma-youtube-playlists-with-schema No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jigoshop-exporter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "justified-image-grid No.known.fix Unauthenticated.Server-Side.Request.Forgery MEDIUM" "jquery-t-countdown-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tminus.Shortcode MEDIUM" "jquery-t-countdown-widget 2.3.24 Contributor+.Stored.XSS MEDIUM" "jquery-reply-to-comment No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "jobboardwp 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "jobboardwp 1.2.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "jobboardwp 1.1.0 Admin+.Stored.Cross-Site.Scripting LOW" "jquery-validation-for-contact-form-7 5.3 Arbitrary.Options.Update.via.CSRF HIGH" "just-tables 1.5.0 Cross-Site.Request.Forgery MEDIUM" "joli-faq-seo 1.3.3 Cross-Site.Request.Forgery MEDIUM" "joli-faq-seo 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "joli-faq-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jemployee No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "jf3-maintenance-mode 2.1.0 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "js-jobs 2.0.1 Multiple.CSRF MEDIUM" "js-jobs 2.0.1 Missing.Authorization MEDIUM" "js-jobs 2.0.1 Subscriber+.Stored.XSS HIGH" "js-jobs 1.1.9 Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "js-jobs 1.0.7 CSRF HIGH" "justified-gallery 1.8.0b1 Reflected.Cross-Site.Scripting MEDIUM" "justified-gallery 1.7.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "justified-gallery 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "jet-search 3.5.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jazz-popups No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting HIGH" "jonradio-private-site 3.1.0 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "jonradio-private-site 3.0.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "jquery-news-ticker 3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-news-ticker 3.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "jvm-rich-text-icons 1.2.7 Subscriber+.Arbitrary.File.Deletion HIGH" "jvm-rich-text-icons 1.2.4 Subscriber+.Arbitrary.File.Upload HIGH" "jsmol2wp No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "jsmol2wp No.known.fix Unauthenticated.Server.Side.Request.Forgery.(SSRF) HIGH" "jeg-elementor-kit 2.6.12 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Countdown.and.Off-Canvas MEDIUM" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.sg_content_template MEDIUM" "jeg-elementor-kit 2.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.6.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "jeg-elementor-kit 2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Tabs.and.JKit.-.Accordion.Widgets MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Countdown.Widget MEDIUM" "jeg-elementor-kit 2.6.5 Contributor+.Stored.XSS.via.Elementor.Widget.URL.Custom.Attributes MEDIUM" "jeg-elementor-kit 2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.JKit.-.Banner MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box MEDIUM" "jeg-elementor-kit 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonial MEDIUM" "jeg-elementor-kit 2.6.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "jeg-elementor-kit 2.5.7 Subscriber+.Authorization.Bypass MEDIUM" "jeg-elementor-kit 2.5.7 Unauthenticated.Settings.Update MEDIUM" "jibu-pro No.known.fix Stored.XSS MEDIUM" "justrows-free No.known.fix Reflected.XSS HIGH" "jm-twitter-cards 14.1.0 Password.Protected.Post.Access MEDIUM" "jetwidgets-for-elementor 1.0.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "jetwidgets-for-elementor 1.0.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_type.and.id.Parameters MEDIUM" "jetwidgets-for-elementor 1.0.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Button.URL MEDIUM" "jetwidgets-for-elementor 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Animated.Box.Widget MEDIUM" "jetwidgets-for-elementor 1.0.13 Settings.Update.via.CSRF MEDIUM" "jetwidgets-for-elementor 1.0.14 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "jetwidgets-for-elementor 1.0.9 Contributor+.Stored.XSS MEDIUM" "job-portal No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "jetgridbuilder 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "job-board 1.1.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "job-board 1.0.1 Admin+.Stored.XSS LOW" "jetpack 14.1-a.1 Unauthenticated.DOM-XSS MEDIUM" "jetpack 6.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.9.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.7.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.4.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.0.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.7.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.7.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.5.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 3.9.10 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.8.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.2.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.8.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.5.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.1.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.5.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.3.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.0.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.6.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.2.6 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.3.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.0.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.4.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.8.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.5.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.8.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.6.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.0.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.2.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.3.7 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.3.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.6.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.0.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.6.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.2.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.6.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.1.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.7.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.1.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.7.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.3.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 6.7.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.2.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 12.4.1 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 10.8.2 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.4.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.0.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 7.4.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 8.1.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 5.9.4 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 4.3.5 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 11.5.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 9.9.3 Subscriber+.Arbitrary.Feedback.Access MEDIUM" "jetpack 13.8 Contributor+.Stored.XSS MEDIUM" "jetpack 13.8 Unauthenticated.Arbitrary.Block.&.Shortcode.Execution MEDIUM" "jetpack 13.4 Contributor+.Stored.Cross-Site.Scripting.via.wpvideo.Shortcode MEDIUM" "jetpack 13.2.1 Contributor+.Stored.XSS MEDIUM" "jetpack 12.8-a.3 Contributor+.Stored.XSS.via.block.attribute MEDIUM" "jetpack 12.7 Authenticated(Contributor+).Clickjacking.via.Iframe.Injection MEDIUM" "jetpack 12.7 Improper.Authorization.via.WPCom.External.Media.REST.endpoints MEDIUM" "jetpack 12.1.1 Author+.Arbitrary.File.Manipulation.via.API HIGH" "jetpack 9.8 Carousel.Module.Non-Published.Page/Post.Attachment.Comment.Leak MEDIUM" "jetpack 7.9.1 Vulnerability.in.Shortcode.Embed.Code MEDIUM" "jetpack 6.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "jetpack 4.0.4 Multiple.Vulnerabilities MEDIUM" "jquery-accordion-slideshow 8.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "js-css-script-optimizer No.known.fix Cross-Site.Request.Forgery MEDIUM" "jtrt-responsive-tables No.known.fix Cross-Site.Request.Forgery MEDIUM" "jtrt-responsive-tables 4.1.2 JTRT.Responsive.Tables.<.4,1,2.–.Authenticated.SQL.Injection HIGH" "jet-tabs 2.2.3.1 Authenticated.(Contributor+).Arbitrary.Local.File.Inclusion HIGH" "jquery-collapse-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic 1.8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "jquery-collapse-o-matic No.known.fix Contributor+.Stored.XSS MEDIUM" "jquery-collapse-o-matic 1.8.3 Contributor+.Stored.XSS MEDIUM" "jt-express 2.0.15 Reflected.Cross-Site.Scripting.via.[placeholder] MEDIUM" "jc-importer 2.14.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "jc-importer 2.13.1 Admin+.Server-side.Request.Forgery MEDIUM" "jc-importer 2.4.6 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "jayj-quicktag 1.3.2 CSRF HIGH" "koalendar-free-booking-widget 1.0.3 Contributor+.Stored.XSS.via.height.Parameter MEDIUM" "kiwi-social-share 2.1.8 Information.Disclosure MEDIUM" "kiwi-social-share 2.1.3 Kiwi.2.1.0.-.Unauthenticated.Arbitrary.WordPress.Options.Update.and.Read CRITICAL" "kiwi-social-share 2.0.11 Kiwi.<.2.0.11.-.Arbitrary.WordPress.Options.Update CRITICAL" "kodex-posts-likes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kodex-posts-likes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kodex-posts-likes 2.5.0 Settings.Update.via.CSRF MEDIUM" "kraken-image-optimizer 2.6.6 Settings.Update.via.CSRF MEDIUM" "klarna-checkout-for-woocommerce 2.0.10 Authenticated.Arbitrary.Plugin.Deactivation,.Activation.and.Installation CRITICAL" "keymaster-chord-notation-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting.via.'add_query_arg' MEDIUM" "kudos-donations 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "kudos-donations 3.1.2 Arbitrary.Items.Deletion.via.CSRF HIGH" "kitestudio-core 2.3.1 Reflected.Cross-Site-Scripting MEDIUM" "kumihimo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kaswara No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "kn-fix-your No.known.fix Authenticated.Stored.XSS LOW" "kundgenerator 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "knight-lab-timelinejs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "knight-lab-timelinejs 3.9.3.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "knight-lab-timelinejs 3.7.0.0 Outdated.TimelineJS.library.could.Lead.to.Stored.XSS MEDIUM" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Blind.SQLi HIGH" "ketchup-restaurant-reservations No.known.fix Unauthenticated.Stored.XSS HIGH" "kiwi-logo-carousel 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "king-ie No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "keep-backup-daily 2.1.1 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "keep-backup-daily No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "keep-backup-daily 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "kv-send-email-from-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kona-instagram-feed-for-gutenberg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kona-instagram-feed-for-gutenberg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kalender-digital 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kadence-woocommerce-email-designer 1.5.12 CSRF MEDIUM" "kadence-woocommerce-email-designer 1.5.7 Admin+.PHP.Objection.Injection MEDIUM" "kineticpay-for-woocommerce 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "keydatas 2.6.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "kkprogressbar No.known.fix Progress.Bar.Deletion.via.CSRF MEDIUM" "kkprogressbar No.known.fix Admin+.SQL.Injection MEDIUM" "kkprogressbar No.known.fix Stored.XSS.via.CSRF HIGH" "kadence-blocks 3.4.10 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.3.2 Missing.Authorization MEDIUM" "kadence-blocks 3.4.3 Authenticated.(contributor+).Stored.Cross-Site.Scripting.via.Button.Link MEDIUM" "kadence-blocks 3.2.54 Admin+.Stored.XSS LOW" "kadence-blocks 3.2.54 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Icon.Widget MEDIUM" "kadence-blocks 3.2.53 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.46 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.HTML.Data.Attributes MEDIUM" "kadence-blocks 3.2.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Google.Maps.Widget MEDIUM" "kadence-blocks 3.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.titleFont.Parameter MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting.via.Typer.Effect MEDIUM" "kadence-blocks 3.2.38 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "kadence-blocks 3.2.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Timer MEDIUM" "kadence-blocks 3.2.37 Contributor+.Stored.Cross-Site.Scripting.via.Block.Link MEDIUM" "kadence-blocks 3.2.35 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.12 Contributor+.Server-Side.Request.Forgery HIGH" "kadence-blocks 3.2.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.and.CountUp.Widget MEDIUM" "kadence-blocks 3.2.18 Authenticated(Editor+).Stored.Cross-Site.Scripting.via.Contact.Form.Message.Settings MEDIUM" "kadence-blocks 3.2.26 Authenticated.(Author+).Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.20 Contributor+.Server-Side.Request.Forgery MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.26 Contributor+.Stored.XSS MEDIUM" "kadence-blocks 3.2.24 Contributor+.Stored.XSS MEDIUM" "kubio 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "kubio 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "koko-analytics 1.3.13 Reflected.Cross-Site.Scripting MEDIUM" "krsp-frontend-file-upload No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "krsp-frontend-file-upload No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "kvcore-idx No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "korea-for-woocommerce 1.1.12 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "knowledgebase 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kivicare-clinic-management-system 3.6.8 Authenticated.(Doctor+).SQL.Injection.via.'u_id'.Parameter MEDIUM" "kivicare-clinic-management-system 3.6.5 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.5 Authenticated.(Doctor/Receptionist+).SQL.Injection MEDIUM" "kivicare-clinic-management-system 3.6.5 Unauthenticated.SQL.Injection HIGH" "kivicare-clinic-management-system 3.6.7 Patient+.Insecure.Direct.Object.Reference MEDIUM" "kivicare-clinic-management-system 3.2.1 Multiple.CSRF HIGH" "kivicare-clinic-management-system 3.2.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "kivicare-clinic-management-system 3.2.1 Subscriber+.Unauthorised.AJAX.Calls HIGH" "kivicare-clinic-management-system 3.2.1 Reflected.Cross-Site.Scripting HIGH" "kivicare-clinic-management-system 2.3.9 Unauthenticated.SQLi HIGH" "kwayy-html-sitemap 4.0 Admin+.Stored.XSS LOW" "kanzu-support-desk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanzu-support-desk No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kanzu-support-desk No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "kama-spamblock 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "knr-author-list-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "knr-author-list-widget 3.0.0 Unauthenticated.SQL.Injection CRITICAL" "kenta-companion 1.1.9 Reflected.Cross-Site.Scripting MEDIUM" "kings-tab-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kjm-admin-notices No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kush-micro-news No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "kikfyre-events-calendar-tickets No.known.fix Missing.Authorization MEDIUM" "kapost-byline No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kevins-plugin No.known.fix Cross-Site.Request.Forgery MEDIUM" "kanban No.known.fix Missing.Authorization MEDIUM" "kanban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban 2.5.21 Admin+.Stored.XSS LOW" "kanban No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "kopa-nictitate-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kd-coming-soon No.known.fix Unauthenticated.PHP.Object.Injection.via.cetitle HIGH" "kb-support 1.6.8 Unauthenticated.Open.Redirect MEDIUM" "kb-support 1.6.7 Unauthenticated.Ticket.Reply.Exposure MEDIUM" "kb-support 1.6.7 Subscriber+.Multiple.Administrator.Actions HIGH" "kb-support 1.6.1 Missing.Authorization MEDIUM" "kb-support 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "kontxt-semantic-engine No.known.fix CSRF.Bypass MEDIUM" "kadence-starter-templates 1.2.17 Admin+.PHP.Object.Injection MEDIUM" "kh-easy-user-settings No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "kvoucher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kvoucher No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kodo-qiniu 1.5.1 Cross-Site.Request.Forgery MEDIUM" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ketchup-shortcodes-pack 0.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kangu 2.2.10 Reflected.XSS HIGH" "konnichiwa No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "killer-theme-options No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "kata-plus 1.5.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "kata-plus 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "korea-sns 1.6.5 Settings.Update.via.CSRF MEDIUM" "kaya-qr-code-generator 1.5.3 Contributor+.Stored.XSS MEDIUM" "klaviyo 3.0.10 Admin+.Stored.XSS LOW" "klaviyo 3.0.8 Admin+.Stored.XSS LOW" "kento-post-view-counter No.known.fix CSRF.&.multiple.XSS HIGH" "kingcomposer No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "kingcomposer No.known.fix Open.Redirect MEDIUM" "kingcomposer 2.9.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "kingcomposer 2.9.4 Multiple.Critical.Issues CRITICAL" "kingcomposer 2.8.2 Authenticated.Stored.XSS HIGH" "kingcomposer 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "kintpv-connect No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "keyword-meta No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "kali-forms 2.3.42 Missing.Authorization.to.Arbitrary.Plugin.Deactivation HIGH" "kali-forms 2.3.42 Missing.Authorization MEDIUM" "kali-forms 2.3.37 Kali.Forms.<.2.3.37.-.Insecure.Direct.Object.Reference MEDIUM" "kali-forms 2.3.28 Kali.Forms.<.2.3.28.-.Missing.Authorization.via.Contact.Form MEDIUM" "kali-forms 2.3.29 Kali.Forms.<.2.3.29.-.Missing.Authorization.via.get_log MEDIUM" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Unauthenticated.Arbitrary.Post.Deletion HIGH" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Multiple.CSRF.Bypass.Issues MEDIUM" "kali-forms 2.1.2 Form.builder.by.Kali.Forms.<.2.1.2.-.Authenticated.Plugin's.Settings.Change HIGH" "kbucket 4.2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "kbucket 4.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "kbucket 4.1.5 Reflected.XSS MEDIUM" "kbucket 4.1.6 Admin+.Stored.XSS LOW" "kenta-blocks 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kenta-blocks 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "kama-clic-counter 3.5.0 XSS MEDIUM" "kama-clic-counter 3.5.0 Authenticated.Blind.SQL.Injection HIGH" "kk-star-ratings 5.4.10.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "kk-star-ratings 5.4.6 Rating.Tampering.via.Race.Condition LOW" "kk-star-ratings 5.4.6 Missing.Authorization MEDIUM" "kk-star-ratings 5.4.5 Reflected.Cross-Site.Scripting MEDIUM" "kk-star-ratings 5.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "kattene 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ksher-payment 1.1.3 Missing.Authorization MEDIUM" "ksher-payment 1.1.2 Missing.Authorization MEDIUM" "kau-boys-backend-localization No.known.fix Settings.Update.via.CSRF MEDIUM" "kunze-law 2.1 Admin+.Stored.Cross-Site.Scripting LOW" "kredeum-nfts 1.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kv-tinymce-editor-fonts No.known.fix Font.List.Update.via.CSRF MEDIUM" "kadence-blocks-pro 2.3.8 Contributor+.Arbitrary.Option.Access MEDIUM" "k-elements 5.4.0 Authentication.Bypass CRITICAL" "kopatheme No.known.fix Cross-Site.Request.Forgery MEDIUM" "kento-ads-rotator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ko-fi-button 1.3.3 Admin+.Stored.XSS LOW" "kimili-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "kimili-flash-embed No.known.fix Cross-Site.Request.Forgery MEDIUM" "kp-fastest-tawk-to-chat No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "kioken-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "klarna-payments-for-woocommerce 3.3.0 Missing.Authorization MEDIUM" "lktags-linkedin-insight-tags 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "list-category-posts 0.90.3 Author+.Stored.XSS LOW" "list-category-posts 0.89.7 Contributor+.Stored.XSS MEDIUM" "list-category-posts 0.89.4 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "letterpress No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "letterpress No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "lazy-blocks 3.8.3 Reflected.XSS HIGH" "login-logout-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.class.Parameter MEDIUM" "likebtn-like-button 2.6.54 Cross-Site.Request.Forgery MEDIUM" "likebtn-like-button 2.6.45 Arbitrary.e-mail.Sending MEDIUM" "likebtn-like-button 2.6.38 Unauthorised.Vote.Export.to.Email.&.IP.Addresses.Disclosure HIGH" "likebtn-like-button 2.6.32 Unauthenticated.Full-Read.SSRF HIGH" "likebtn-like-button 2.5.4 Unauthenticated.Arbitrary.Blog.Settings.Change HIGH" "lh-qr-codes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "legull No.known.fix Reflected.XSS HIGH" "lbstopattack 1.1.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "linkedin-login 1.1 Reflected.Cross-Site.Scripting MEDIUM" "login-designer 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "login-with-vipps 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "limit-login-attempts No.known.fix Subscriber+.Stored.XSS HIGH" "limit-login-attempts 1.7.2 Unauthenticated.Stored.XSS HIGH" "limit-login-attempts 1.7.1 Auth.Cookies.Brute.Force.Bypass LOW" "login-sidebar-widget No.known.fix Open.Redirect MEDIUM" "lsd-google-maps-embedder No.known.fix Cross-Site.Request.Forgery.Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "linkpreview No.known.fix Cross-Site.Request.Forgery MEDIUM" "library-bookshelves 5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "library-bookshelves 5.9 Reflected.Cross-Site.Scripting MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Unauthenticated.SQLi HIGH" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "letsrecover-woocommerce-abandoned-cart 1.2.0 Admin+.SQLi MEDIUM" "livestream-notice 1.3.0 Admin+.Stored.XSS LOW" "link-optimizer-lite No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "live-search-xforwc 2.1.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "list-all-posts-by-authors-nested-categories-and-titles 2.8.3 CSRF MEDIUM" "lemonade-sna-pinterest-edition No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lead-form-builder 1.9.8 Admin+.Stored.XSS LOW" "lead-form-builder 1.9.2 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "lead-form-builder No.known.fix Admin+.Stored.XSS LOW" "lead-form-builder 1.9.0 Missing.Authorization MEDIUM" "lead-form-builder 1.9.0 Cross-Site.Request.Forgery MEDIUM" "lead-form-builder 1.7.4 Multiple.Subscriber+.Settings.Update MEDIUM" "lead-form-builder 1.7.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "lead-form-builder 1.6.8 Subscriber+.Arbitrary.Lead.Deletion MEDIUM" "lead-form-builder 1.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ltl-freight-quotes-worldwide-express-edition 5.0.22 Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Worldwide.Express.Edition.<.5.0.21.-.Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-worldwide-express-edition 5.0.21 Unauthenticated.SQL.Injection HIGH" "leader No.known.fix Missing.Authorization MEDIUM" "library-management-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "library-management-system No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Missing.Authorization MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-unishippers-edition 2.5.9 Unauthenticated.SQL.Injection HIGH" "layerslider 7.11.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ls_search_form.Shortcode MEDIUM" "layerslider 7.10.1 7.10.0.-.Unauthenticated.SQL.Injection CRITICAL" "layerslider 7.7.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "layerslider 7.7.10 Cross-Site.Request.Forgery MEDIUM" "left-right-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "login-rebuilder 2.8.1 Admin+.Stored.XSS LOW" "livesync No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "like-dislike-plus-counter No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "linkmyposts No.known.fix Reflected.XSS HIGH" "legalweb-cloud 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loginpress-pro 3.0.0 Captcha.Bypass MEDIUM" "loginpress-pro 3.0.0 Unauthenticated.License.Activation/Deactivation MEDIUM" "login-watchdog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-logo-editor-by-oizuled No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.5 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "learnpress-import-export 4.0.4 Authenticated.(Administrator+).SQL.Injection CRITICAL" "learnpress-import-export 4.0.3 Reflected.XSS HIGH" "location-piker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-flight-radar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lazyload-background-images No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Update MEDIUM" "lh-copy-media-file 1.09 Reflected.Cross-Site.Scripting MEDIUM" "login-form-recaptcha No.known.fix Admin+.Stored.XSS LOW" "lana-email-logger 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "logwpmail No.known.fix Email.Logs.Publicly.Accessible HIGH" "lifterlms 7.8.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "lifterlms 8.0.1 Reflected.XSS HIGH" "lifterlms 7.7.6 Authenticated.(Admin+).SQL.Injection HIGH" "lifterlms 7.6.3 Authenticated.(Contributor+).SQL.Injection.via.Shortcode CRITICAL" "lifterlms 7.5.1 Cross-Site.Request.Forgery MEDIUM" "lifterlms 7.5.2 Missing.Authorization.via.process_review MEDIUM" "lifterlms 7.5.0 Authenticated(Administrator+).Directory.Traversal.to.Arbitrary.CSV.File.Deletion LOW" "lifterlms 4.21.2 Access.Other.Student.Grades/Answers.via.IDOR MEDIUM" "lifterlms 4.21.1 Authenticated.Stored.XSS.in.Edit.Profile HIGH" "lifterlms 4.21.1 Reflected.Cross-Site.Scripting.(XSS).via.Coupon.Code.in.Checkout MEDIUM" "lifterlms 3.37.15 Arbitrary.File.Writing CRITICAL" "lifterlms 3.35.1 Unauthenticated.Options.Import CRITICAL" "listdom 3.7.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode.Parameter MEDIUM" "lets-box 1.13.3 Reflected.Cross-Site.Scripting MEDIUM" "link-to-url-post No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "ldap-wp-login-integration-with-active-directory 3.0.2 Unauthenticated.Settings.Update.to.Auth.Bypass CRITICAL" "ldap-wp-login-integration-with-active-directory 3.0.2 Reflected.Cross-Site.Scripting MEDIUM" "label-grid-tools 1.3.59 Reflected.Cross-Site.Scripting MEDIUM" "lock-user-account No.known.fix User.Lock.Bypass MEDIUM" "lock-user-account 1.0.4 Arbitrary.Account.Lock/Unlock.via.CSRF MEDIUM" "local-shipping-labels-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.4.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "lastudio-element-kit 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.9.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.3.9.2 Contributor+.Stored.XSS MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion.via.'progress_type' MEDIUM" "lastudio-element-kit 1.3.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lastudio-element-kit 1.3.7.4 Missing.Authorization MEDIUM" "lastudio-element-kit 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "lastudio-element-kit 1.3.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.LaStudioKit.Post.Author.Widget MEDIUM" "lastudio-element-kit 1.3.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lastudio-element-kit 1.1.6 Missing.Authorization MEDIUM" "localize-my-post No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "libsyn-podcasting No.known.fix Cross-Site.Request.Forgery MEDIUM" "libsyn-podcasting No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "libsyn-podcasting No.known.fix Reflected.XSS HIGH" "libsyn-podcasting No.known.fix Sensitive.Information.Exposure MEDIUM" "lordicon-interactive-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leyka 3.31.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leyka 3.31.7 Missing.Authorization MEDIUM" "leyka 3.31.2 Missing.Authorization MEDIUM" "leyka 3.30.7.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "leyka 3.30.4 Admin+.Stored.XSS LOW" "leyka 3.30.3 Reflected.XSS HIGH" "leyka 3.30.3 Subscriber+.Privilege.Escalation HIGH" "leyka 3.30.2 Reflected.XSS HIGH" "leyka 3.30 Unauthenticated.Stored.XSS HIGH" "listings-for-appfolio 1.2.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "locateandfilter 1.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "localize-remote-images No.known.fix Settings.Update.via.CSRF MEDIUM" "logo-slider No.known.fix Admin+.SQLi MEDIUM" "link-list-manager No.known.fix Reflected.Cross-Site.Scripting HIGH" "local-delivery-drivers-for-woocommerce 1.9.1 Missing.Authorization.to.Driver.Account.Takeover HIGH" "local-delivery-drivers-for-woocommerce 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "local-delivery-drivers-for-woocommerce 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-attempts-limit-wp No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "login-attempts-limit-wp No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "luckywp-scripts-control 1.2.2 Missing.Authorization MEDIUM" "luckywp-scripts-control 1.2.2 CSRF.via.multiple.AJAX.actions LOW" "learn-manager 1.1.5 Unauthenticated.Arbitrary.User.Field.Edition/Creation MEDIUM" "learn-manager 1.1.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "livechat-woocommerce 2.2.17 Cross-Site.Request.Forgery MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting.via.remove_query_arg.Parameter MEDIUM" "ldd-directory-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "language-bar-flags No.known.fix CSRF.to.Stored.XSS HIGH" "live-support-tickets 1.11.1 Unauthenticated.Information.Disclosure MEDIUM" "lw-all-in-one 1.6.5 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "linear No.known.fix Cross-Site.Request.Forgery.to.Cache.Reset MEDIUM" "linear No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linear 2.8.1 Contributor+.Stored.XSS MEDIUM" "live-stock-prices-for-wordpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linked-orders-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linked-orders-for-woocommerce 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "leadconnector 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "ltl-freight-quotes-purolator-freight-edition 2.2.4 Unauthenticated.SQL.Injection HIGH" "linkid No.known.fix Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure HIGH" "lh-add-media-from-url 1.30 Reflected.Cross-Site.Scripting MEDIUM" "lh-add-media-from-url 1.23 Reflected.Cross-Site.Scripting MEDIUM" "lightbox-popup 2.1.6 Admin+.Stored.XSS LOW" "lh-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leadboxer 1.4 Reflected.XSS HIGH" "lawyer-directory 1.2.9 Subscriber+.Privilege.Escalation CRITICAL" "labtools No.known.fix Subscriber+.Arbitrary.Publication.Deletion MEDIUM" "lpagery 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "login-screen-manager No.known.fix Stored.XSS.via.CSRF HIGH" "login-screen-manager No.known.fix Admin+.Stored.XSS LOW" "locked-payment-methods-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "locked-payment-methods-for-woocommerce 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lis-video-gallery No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "livemesh-table-rate-shipping 1.2 Reflected.Cross-Site.Scripting MEDIUM" "leira-cron-jobs 1.2.10 Reflected.Cross-Site.Scripting MEDIUM" "lock-my-bp 1.7.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "login-with-cognito 1.4.9 Admin+.Stored.XSS LOW" "login-with-cognito 1.4.4 Reflected.Cross-Site.Scripting.via.appId HIGH" "lodgixcom-vacation-rental-listing-management-booking-plugin No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "localgrid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "light-messages No.known.fix CSRF.to.Stored.XSS HIGH" "live-chat-facebook-fanpage No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "ladipage No.known.fix Missing.Authorization.via.init_endpoint MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.init_endpoint MEDIUM" "ladipage No.known.fix Missing.Authorization.on.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.publish_lp() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.ladiflow_save_hook() MEDIUM" "ladipage No.known.fix Missing.Authorization.via.save_config() MEDIUM" "ladipage No.known.fix Cross-Site.Request.Forgery.via.save_config() MEDIUM" "ladipage No.known.fix Missing.Authorization MEDIUM" "live-weather-station 3.8.13 Mode.Switch.via.CSRF MEDIUM" "login-configurator No.known.fix Reflected.Cross-Site.Scripting HIGH" "login-configurator No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "login-configurator No.known.fix Reflected.XSS HIGH" "lws-tools 2.4.2 Cross-Site.Request.Forgery MEDIUM" "link-whisper 0.7.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "link-whisper 0.7.0 Link.Whisper.Free.<.0,7,0 MEDIUM" "link-whisper 0.7.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "link-whisper 0.6.9 Reflected.Cross-Site.Scripting MEDIUM" "link-whisper 0.6.6 Authenticated.(Contributor+).SQL.Injection HIGH" "leadinfo 1.1 Settings.Update.via.CSRF MEDIUM" "loco-translate 2.6.10 Cross-Site.Request.Forgery MEDIUM" "loco-translate 2.6.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "loco-translate 2.5.4 Authenticated.PHP.Code.Injection HIGH" "loco-translate 2.2.2 Authenticated.LFI MEDIUM" "lime-developer-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lucas-string-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "list-urls No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "linkz-ai 1.2.0 Unauthenticated.Plugin.Settings.Update MEDIUM" "linkz-ai 1.2.0 Subscriber+.Plugin.Settings.Update MEDIUM" "luzuk-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ledenbeheer-external-connection 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "livesupporti No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "library-instruction-recorder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-xpo-edition 4.3.8 Unauthenticated.SQL.Injection HIGH" "list-one-category-of-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "link-log No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "link-log 2.1 SQL.Injection CRITICAL" "link-log 2.0 HTTP.Response.Splitting HIGH" "laybuy-gateway-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "laybuy-gateway-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 6.5.2 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.5.1 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 6.5.1 Author+.Path.Traversal MEDIUM" "litespeed-cache 6.5.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 6.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "litespeed-cache 6.5.0.1 Unauthenticated.Sensitive.Information.Exposure.via.Log.Files HIGH" "litespeed-cache 6.4 Unauthenticated.Privilege.Escalation HIGH" "litespeed-cache 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "litespeed-cache 5.7.0.1 Unauthenticated.Stored.XSS HIGH" "litespeed-cache 5.7.0.1 Unauthenticated.CDN.Status.Update MEDIUM" "litespeed-cache 5.7 Contributor+.Stored.XSS MEDIUM" "litespeed-cache 5.3.1 CSRF MEDIUM" "litespeed-cache 4.4.4 IP.Check.Bypass.to.Unauthenticated.Stored.XSS HIGH" "litespeed-cache 4.4.4 Admin+.Reflected.Cross-Site.Scripting LOW" "litespeed-cache 3.6.1 Authenticated.Stored.Cross-Site.Scripting LOW" "linkify-text No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "littlebot-invoices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "littlebot-invoices No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "leaderboard-lite No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "logo-slider-wp 4.6.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Author+.Stored.XSS MEDIUM" "logo-slider-wp 4.5.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.1.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 4.0.0 Contributor+.Stored.XSS MEDIUM" "logo-slider-wp 3.6.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "lightbox-plus 2.8 CSRF.to.XSS MEDIUM" "landing-page-cat 1.7.8 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.7 Reflected.Cross-Site.Scripting MEDIUM" "landing-page-cat 1.7.5 Missing.Authorization MEDIUM" "landing-page-cat 1.7.3 Unauthenticated.Information.Exposure MEDIUM" "last-viewed-posts 1.0.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "last-viewed-posts 1.0.1 Unauthenticated.PHP.Object.Injection CRITICAL" "library-viewer 2.0.6.1 Contributor+.Stored.XSS MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'llrmloginlogout'.Shortcode MEDIUM" "login-logout-register-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "linker 1.2.2 Contributor+.Stored.XSS MEDIUM" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "league-of-legends-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ltl-freight-quotes-freightquote-edition No.known.fix Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-freightquote-edition No.known.fix Missing.Authorization MEDIUM" "list-pages-shortcode 1.7.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "laposta-signup-basic 1.4.2 CSRF MEDIUM" "laposta-signup-basic 1.4.2 Missing.Authorization MEDIUM" "loading-page 1.0.83 Admin+.Stored.Cross-Site.Scripting LOW" "liquid-blocks 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "link-party No.known.fix Unauthenticated.Arbitrary.Link.Deletion MEDIUM" "link-party No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "link-party No.known.fix Settings.Update.via.CSRF MEDIUM" "link-party No.known.fix Unauthenticated.Stored.XSS HIGH" "lgx-owl-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "list-pages-at-depth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "livechat-elementor 1.0.14 Cross-Site.Request.Forgery MEDIUM" "like-on-vkontakte No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "llama-redirect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "linet-erp-woocommerce-integration 3.5.8 Cross-Site.Request.Forgery MEDIUM" "linkworth-wp-plugin 3.3.4 Arbitrary.Setting.Update.via.CSRF MEDIUM" "likebot No.known.fix Admin+.Stored.XSS.via.CSRF LOW" "legal-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "logdash-activity-log 1.1.4 Unauthenticated.SQLi HIGH" "ltl-freight-quotes-abf-freight-edition 3.3.8 Unauthenticated.SQL.Injection HIGH" "larsens-calender No.known.fix Stored.Cross-Site.Scripting.(XSS) HIGH" "ltl-freight-quotes-saia-edition 2.2.11 Unauthenticated.SQL.Injection HIGH" "leads-5050-visitor-insights 1.0.4 Unauthenticated.License.Change HIGH" "leads-5050-visitor-insights 1.1.0 Unauthorised.License.Change HIGH" "lws-cleaner 2.3.1 Cross-Site.Request.Forgery MEDIUM" "login-block-ips No.known.fix IP.Spoofing.Bypass LOW" "login-block-ips No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "launchpage-app-importer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "login-and-logout-redirect No.known.fix .Open.Redirect MEDIUM" "launchpad-by-obox No.known.fix Admin+.Stored.XSS LOW" "launchpad-by-obox No.known.fix CSRF MEDIUM" "lazy-load-for-videos 2.18.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "listingpro-plugin No.known.fix Unauthenticated.SQL.Injection CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Author+).Local.File.Inclusion HIGH" "listingpro-plugin No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "listingpro-plugin No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.43 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "live-composer-page-builder No.known.fix Author+.Stored.XSS MEDIUM" "live-composer-page-builder 1.5.39 Missing.Authorization MEDIUM" "live-composer-page-builder 1.5.36 Cross-Site.Request.Forgery MEDIUM" "live-composer-page-builder 1.5.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "live-composer-page-builder 1.5.29 .Author+.PHP.Object.Injection MEDIUM" "live-composer-page-builder 1.5.23 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "live-news-lite 1.07 Settings.Update.via.CSRF MEDIUM" "login-recaptcha 1.7 IP.Check.Bypass LOW" "local-sync 1.1.7 Missing.Authorization MEDIUM" "ltl-freight-quotes-odfl-edition 4.2.11 Unauthenticated.SQL.Injection HIGH" "loginizer-security 1.9.3 Authentication.Bypass HIGH" "ltl-freight-quotes-globaltranz-edition 2.3.12 Unauthenticated.SQL.Injection HIGH" "ltl-freight-quotes-globaltranz-edition 2.3.13 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "limb-gallery No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "limb-gallery 1.5.6 Reflected.Cross-Site.Scripting MEDIUM" "limb-gallery 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "limb-gallery 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "loan-comparison 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "loan-comparison 1.5.3 Contributor+.Stored.XSS.via.shortcode MEDIUM" "loan-comparison 1.5.3 Reflected.XSS.via.shortcode MEDIUM" "list-custom-taxonomy-widget 4.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "lazy-facebook-comments 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "loi-hamon No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "luzuk-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subsciber+).Log.Deletion.and.Session.Termination MEDIUM" "login-page-styler 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+)Privilege.Escalation HIGH" "login-page-styler 6.2.5 Admin+.Stored.XSS LOW" "launcher No.known.fix Admin+.Stored.XSS MEDIUM" "launcher 1.0.11 Multiple.Stored.XSS MEDIUM" "login-or-logout-menu-item 1.2.0 Unauthenticated.Options.Change MEDIUM" "ltl-freight-quotes-rl-edition 3.3.5 Unauthenticated.SQL.Injection HIGH" "leadin 11.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.HubSpot.Meeting.Widget MEDIUM" "leadin 8.8.15 Contributor+.Blind.SSRF MEDIUM" "landing-pages 2.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "landing-pages 1.9.2 Unauthenticated.Remote.Command.Execution MEDIUM" "lara-google-analytics 2.0.5 Authenticated.Stored.XSS HIGH" "ltl-freight-quotes-ups-edition 3.6.5 Unauthenticated.SQL.Injection HIGH" "license-manager-for-woocommerce 3.0.7 Improper.Authorization.to.Authenticated(Contributor+).Sensitive.Information.Exposure MEDIUM" "license-manager-for-woocommerce 2.2.11 Authenticated.(Administrator+).SQL.Injection HIGH" "license-manager-for-woocommerce 2.3b1 Reflected.Cross-Site.Scripting MEDIUM" "license-manager-for-woocommerce 2.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "limit-bio No.known.fix Stored.XSS.via.CSRF HIGH" "limit-bio No.known.fix Reflected.XSS HIGH" "leadster-marketing-conversacional 1.1.3 Cross-Site.Request.Forgery.via.leadster_script_code_action MEDIUM" "leadster-marketing-conversacional 1.1.3 Settings.Update.via.CSRF MEDIUM" "locations-and-areas 1.7.2 Reflected.Cross-Site.Scripting MEDIUM" "locations-and-areas 1.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logo-showcase-ultimate 1.4.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "logo-showcase-ultimate 1.3.9 Authenticated(Contributor+).PHP.Object.Injection HIGH" "login-as-users 1.4.4 Missing.Authorization.to.Privielge.Escalation.via.Account.Takeover HIGH" "login-as-users 1.4.3 Authentication.Bypass CRITICAL" "ltl-freight-quotes-estes-edition 3.3.8 Unauthenticated.SQL.Injection HIGH" "listplus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "login-with-azure 1.4.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "livemesh-dynamic-pricing 1.2 Reflected.Cross-Site.Scripting MEDIUM" "ldap-login-password-and-role-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "links-in-captions No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-logout-menu 1.4.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "latepoint 5.0.13 Authentication.Bypass HIGH" "latepoint 5.0.12 Unauthenticated.Arbitrary.User.Password.Change.via.SQL.Injection CRITICAL" "latepoint 4.9.9.1 Missing.Authorization.and.Sensitive.Information.Exposure.via.IDOR CRITICAL" "libreform 2.0.9 Unauthenticated.Arbitrary.Submissions.Listing.&.Deletion HIGH" "loginplus No.known.fix Missing.Authorization MEDIUM" "loginplus No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.2.7.5.1 Authenticated.(LP.Instructor+).Stored.Cross-Site.Scripting.via.Lesson.Name MEDIUM" "learnpress 4.2.7.2 Authenticated.(Subscriber+).Open.Redirect MEDIUM" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.5.1 Admin+.Stored.XSS LOW" "learnpress 4.2.7.4 Course.Material.Sensitive.Information.Exposure.via.REST.API MEDIUM" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.2 Admin+.Stored.XSS LOW" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_fields' CRITICAL" "learnpress 4.2.7.1 Unauthenticated.SQL.Injection.via.'c_only_fields' CRITICAL" "learnpress 4.2.6.9.4 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "learnpress 4.2.6.9 Cross-Site.Request.Forgery MEDIUM" "learnpress 4.2.6.9 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "learnpress 4.2.6.8.2 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.8.2 Missing.Authorization.to.Unauthenticated.User.Registration.Bypass MEDIUM" "learnpress 4.2.6.8.1 Basic.Information.Disclosure.via.JSON.API MEDIUM" "learnpress 4.2.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "learnpress 4.2.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.layout_html.Parameter MEDIUM" "learnpress 4.2.6.6 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "learnpress 4.2.6.6 Unauthenticated.Bypass.to.User.Registration MEDIUM" "learnpress 4.2.6.6 Unauthenticated.Time-Based.SQL.Injection CRITICAL" "learnpress 4.2.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.0.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "learnpress 4.2.6.4 Insecure.Direct.Object.Reference MEDIUM" "learnpress 4.2.6.4 Authenticated(LP.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "learnpress 4.2.5.8 Unauthenticated.Command.Injection HIGH" "learnpress 4.2.5.8 Unauthenticated.SQLi HIGH" "learnpress 4.2.5.8 Subscriber+.Arbitrary.Course.Progress.Disclosure MEDIUM" "learnpress 4.2.5.5 Reflected.Cross-Site.Scripting HIGH" "learnpress 4.2.0 Unauthenticated.LFI CRITICAL" "learnpress 4.2.0 Subscriber+.SQLi HIGH" "learnpress 4.2.0 Unauthenticated.SQLi HIGH" "learnpress 4.1.7.2 Unauthenticated.PHP.Object.Injection.via.REST.API MEDIUM" "learnpress 4.1.6.7 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "learnpress 4.1.5 Arbitrary.Image.Renaming MEDIUM" "learnpress 4.1.4 Admin+.SQL.Injection MEDIUM" "learnpress 4.1.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 4.1.3.1 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "learnpress 3.2.7.3 CSRF.&.XSS LOW" "learnpress 3.2.6.8 Authenticated.Time.Based.Blind.SQL.Injection HIGH" "learnpress 3.2.6.9 Privilege.Escalation.to."LP.Instructor" HIGH" "learnpress 3.2.6.9 Authenticated.Post.Creation.and.Status.Modification HIGH" "learnpress 3.2.6.7 Privilege.Escalation MEDIUM" "linklaunder-seo-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "leanpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leopard-wordpress-offload-media 3.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update CRITICAL" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "leopard-wordpress-offload-media No.known.fix WordPress.offload.media.<=.2.0.36.-.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "loginizer 1.9.3 Authentication.Bypass HIGH" "loginizer 1.7.9 Reflected.XSS HIGH" "loginizer 1.7.6 Reflected.XSS HIGH" "loginizer 1.7.6 Cross-Site.Request.Forgery MEDIUM" "loginizer 1.6.4 Unauthenticated.SQL.Injection CRITICAL" "loginizer 1.4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "loginizer 1.3.6 Blind.SQL.Injection CRITICAL" "loginizer 1.3.6 Cross-Site.Request.Forgery.(CSRF) HIGH" "lws-hide-login 2.1.9 Protection.Mechanism.Bypass MEDIUM" "lws-hide-login 2.1.7 Plugin.Settings.Page.Creation.via.CSRF MEDIUM" "logo-carousel-free 3.4.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "logo-carousel-free 3.4.2 Unauthorised.Private.Post.Access MEDIUM" "liquid-speech-balloon 1.2 Settings.Update.via.CSRF MEDIUM" "lana-text-to-image 1.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "leira-roles 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "linked-variation-for-woocommerce No.known.fix Cross-Site.Request.Forgery MEDIUM" "lana-shortcodes 1.2.0 Contributor+.Stored.XSS MEDIUM" "learning-management-system 1.13.4 Authenticated.(Student+).Stored.Cross-Site.Scripting.via.Ask.a.Question.Functionality MEDIUM" "learning-management-system 1.13.4 Authenticated.(Student+).Missing.Authorization.to.Privilege.Escalation HIGH" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Authenticated.(Student+).Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.12.0 LMS.<.1.12.0.-.Missing.Authorization MEDIUM" "learning-management-system 1.11.5 LMS.<.1.11.5.-.Missing.Authorization MEDIUM" "learning-management-system 1.7.4 LMS.<.1.7.4.-.Insecure.Direct.Object.Reference MEDIUM" "learning-management-system 1.7.3 LMS.<.1.7.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "learning-management-system 1.6.8 Information.Exposure MEDIUM" "lenxel-core No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lenxel-core No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "lenxel-core 1.2.5 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "liveforms 3.4.0 XSS MEDIUM" "liveforms 3.2.0 Visual.Form.Builder.3.0.1.-.Blind.SQL.Injection CRITICAL" "limit-login-attempts-plus No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "layouts-for-elementor 1.8 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Upload CRITICAL" "latest-tweets-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "lightbox-gallery 0.9.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "lite-wp-logger No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lazy-load-videos-and-sticky-control No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ltl-freight-quotes-fedex-freight-edition 3.4.2 Unauthenticated.SQL.Injection HIGH" "lean-wp No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "lean-wp No.known.fix Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "lava-directory-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "lava-directory-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "login-as-customer-or-user No.known.fix Admin.Account.Takeover HIGH" "login-as-customer-or-user No.known.fix Authentication.Bypass CRITICAL" "login-as-customer-or-user 3.3 Unauthenticated.Privilege.Escalation.to.Admin CRITICAL" "login-as-customer-or-user 1.8 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "login-as-customer-or-user 2.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "laposta No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "lightweight-accordion 1.5.17 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lightweight-accordion 1.5.15 Contributor+.Stored.XSS MEDIUM" "logs-de-connexion No.known.fix Log.Deletion.via.CSRF MEDIUM" "logs-de-connexion No.known.fix Admin+.SQL.Injection LOW" "live-dashboard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "load-more-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "logo-manager-for-enamad No.known.fix Admin+.Stored.XSS.via.Widget LOW" "logo-manager-for-enamad No.known.fix Stored.XSS.via.CSRF HIGH" "lws-optimize 2.0 Cross-Site.Request.Forgery MEDIUM" "language-switcher-for-transposh 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "landingi-landing-pages 3.1.2 Cross-Site.Request.Forgery MEDIUM" "login-customizer 2.2.3 Reflected.Cross-Site.Scripting MEDIUM" "login-customizer 2.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "localseomap-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-scores-for-sportspress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "live-scores-for-sportspress 1.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "live-scores-for-sportspress 1.9.1 Reflected.Cross-Site.Scripting HIGH" "live-scores-for-sportspress 1.9.1 Authenticated.Local.File.Inclusion MEDIUM" "login-with-phone-number 1.7.50 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "login-with-phone-number 1.7.36 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "login-with-phone-number 1.7.35 Insecure.Password.Reset.Mechanism HIGH" "login-with-phone-number 1.7.27 Authentication.Bypass.due.to.Missing.Empty.Value.Check CRITICAL" "login-with-phone-number 1.7.20 Missing.Authorization MEDIUM" "login-with-phone-number 1.6.94 Missing.Authorization MEDIUM" "login-with-phone-number 1.7.17 Unauthorized.Account.Password.Change.to.Privilege.Escalation HIGH" "login-with-phone-number 1.6.94 Cross-Site.Request.Forgery MEDIUM" "login-with-phone-number 1.5.7 User.Password.Change.via.CSRF HIGH" "login-with-phone-number 1.4.2 Reflected.Cross-Site.Scripting HIGH" "login-with-phone-number 1.3.8 Multiple.Admin+.Stored.XSS LOW" "login-with-phone-number 1.3.7 Unauthenticated.remote.plugin.deletion MEDIUM" "lgpd-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "league-table-lite 1.14 Tables.Cloning/Update/Deletion.via.CSRF MEDIUM" "l-squared-hub-wp-virtual-device No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "luckywp-table-of-contents 2.1.7 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.6 Admin+.Stored.XSS LOW" "luckywp-table-of-contents 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "luckywp-table-of-contents 2.1.5 Contributor+.Stored.XSS MEDIUM" "luckywp-table-of-contents 2.1.5 Admin+.Stored.XSS MEDIUM" "lexicata No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ldap-ad-staff-employee-directory-search 1.3 Admin.LDAP.Credentials.Retrieval LOW" "ldap-ad-staff-employee-directory-search 1.2.3 Improper.escaping.of.LDAP.entries HIGH" "legoeso-pdf-manager No.known.fix Authenticated.(Author+).SQL.Injection.via.checkedVals.Parameter MEDIUM" "link-to-bible 2.5.10 Administrator+.Stored.XSS LOW" "logaster-logo-generator No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "location-weather 1.3.4 Contributor+.Stored.XSS MEDIUM" "language-switcher 3.8.0 Reflected.Cross-Site.Scripting MEDIUM" "leaflet-maps-marker 3.12.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaflet-maps-marker 3.12.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.7 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "leaflet-maps-marker 3.12.5 Admin+.SQLi MEDIUM" "local-search-seo-contact-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.51 Unauthenticated.PHP.Object.Injection CRITICAL" "locatoraid 3.9.48 Reflected.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.24 Reflected.XSS HIGH" "locatoraid 3.9.19 Subscriber+.Stored.XSS HIGH" "locatoraid 3.9.15 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "locatoraid 3.9.12 CSRF MEDIUM" "luzuk-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-with-ajax 4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "login-with-ajax 4.2 Missing.Authorization MEDIUM" "ltl-freight-quotes-sefl-edition 3.2.5 Unauthenticated.SQL.Injection HIGH" "limit-login-attempts-reloaded 2.25.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "limit-login-attempts-reloaded 2.25.26 Admin+.Missing.Authorization.to.Toggle.Plugin.Auto-Update LOW" "limit-login-attempts-reloaded 2.16.0 Authenticated.Reflected.Cross-Site.Scripting HIGH" "limit-login-attempts-reloaded 2.17.4 Login.Rate.Limiting.Bypass LOW" "lockets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "len-slider No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "list-categories 0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "light-poll No.known.fix Poll.Answers.Deletion.via.CSRF MEDIUM" "light-poll No.known.fix Polls.Deletion.via.CSRF MEDIUM" "laika-pedigree-tree No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "listapp-mobile-manager No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "legal-pages 1.4.3 Cross-Site.Request.Forgery MEDIUM" "legal-pages 1.3.9 Cross-Site.Request.Forgery.via.moveToTrash.and.fetch_and_insert_template_data MEDIUM" "legal-pages 1.3.9 Missing.Authorization MEDIUM" "legal-pages 1.3.8 Missing.Authorization.on.'deleteLegalTemplate' MEDIUM" "login-lockdown 2.09 Subscriber+.Options.Leak MEDIUM" "login-lockdown 2.07 Admin+.SQLi MEDIUM" "login-lockdown 2.07 Administrator+.SQL.Injection HIGH" "leaky-paywall 4.21.3 Cross-Site.Request.Forgery MEDIUM" "leaky-paywall 4.20.9 Missing.Authorization.to.Price.Manipulation MEDIUM" "leaky-paywall 4.16.7 Admin+.Stored.Cross-Site.Scripting LOW" "lws-affiliation 2.3.5 Missing.Authorization MEDIUM" "latex No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "list-related-attachments-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "leaflet-map 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "leaflet-map 3.0.0 Arbitrary.Settings.Update.via.CSRF.Leading.to.Stored.XSS MEDIUM" "leaflet-map 3.0.0 Contributor+.Stored.XSS MEDIUM" "login-me-now No.known.fix Authentication.Bypass HIGH" "lucidlms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "login-with-yourmembership 1.1.4 Admin+.Stored.XSS LOW" "ldap-login-for-intranet-sites 4.1.10 Unauthenticated.Log.Disclosure MEDIUM" "ldap-login-for-intranet-sites 4.2 Admin.LDAP.Passback LOW" "ldap-login-for-intranet-sites 4.1.6 Sensitive.Information.Disclosure HIGH" "ldap-login-for-intranet-sites 4.1.5 SQL.Injection.via.CSRF LOW" "ldap-login-for-intranet-sites 4.1.1 Unauthenticated.Data.Disclosure MEDIUM" "ldap-login-for-intranet-sites 3.6.95 Reflected.Cross-Site.Scripting HIGH" "logo-scheduler-great-for-holidays-events-and-more 1.2.2 Admin+.Stored.XSS LOW" "livemesh-siteorigin-widgets 3.3 Reflected.Cross-Site.Scripting MEDIUM" "livemesh-siteorigin-widgets 2.8.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "livemesh-siteorigin-widgets 2.5.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "listamester 2.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "login-box No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "layouts-importer 1.0.3 Reflected.Cross-Site.Scripting MEDIUM" "lastform No.known.fix Drag.&.Drop.Contact.Form.Builder.<=.1.0.5.-.Admin+.Arbitrary.System.File.Read MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Contact/Widget.Toggle MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita 2.7.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "lead-capturing-call-to-actions-by-vcita No.known.fix Settings.Update.Via.CSRF MEDIUM" "logo-showcase-with-slick-slider 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "logo-showcase-with-slick-slider 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "logo-showcase-with-slick-slider 2.0.1 Arbitrary.Media.Title/Description/Alt.Text/URL.Update.via.CSRF MEDIUM" "logo-showcase-with-slick-slider 1.2.5 Subscriber+.Arbitrary.Media.Title/Description/Alt.Text/URL.Update MEDIUM" "logo-showcase-with-slick-slider 1.2.4 Author+.Stored.Cross.Site.Scripting MEDIUM" "link-library 7.7.3 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7.2 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.link-library.Shortcode MEDIUM" "link-library 7.6.1 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.7 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.6.1 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "link-library 7.6 Cross-Site.Request.Forgery.via.action_admin_init MEDIUM" "link-library 7.6 Reflected.Cross-Site.Scripting.via.'link_price'.and.'link_tags' MEDIUM" "link-library 7.4.1 Admin+.Stored.XSS LOW" "link-library 7.2.8 Library.Settings.Reset.via.CSRF MEDIUM" "link-library 7.2.9 Reflected.Cross-Site.Scripting MEDIUM" "link-library 7.2.8 Unauthenticated.Arbitrary.Links.Deletion MEDIUM" "lenix-elementor-leads-addon 1.8.3 Unauthenticated.Stored.Cross-Site.Scripting.via.URL.Form.Field HIGH" "location-click-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lawpress 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lu-radioplayer 6.24.11.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "lu-radioplayer 6.24.11.07 Unauthenticated.Arbitrary.File.Read HIGH" "lh-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "latex2html 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "latex2html 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "locations No.known.fix Contributor+.Stored.XSS MEDIUM" "locations 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "locations 4.0 Cross-Site.Request.Forgery HIGH" "leads-crm No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "lj-custom-menu-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "like-box 0.8.41 Contributor+.Stored.XSS MEDIUM" "like-box 0.8.40 Admin+.Stored.XSS LOW" "link-juice-keeper 2.0.3 Admin+.Stored.XSS LOW" "livejournal-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "lana-downloads-manager 1.10.0 Admin+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "lana-downloads-manager 1.8.0 Contributor+.Arbitrary.File.Download HIGH" "lifeline-donation No.known.fix Authentication.Bypass CRITICAL" "lifterlms-gateway-paypal 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "limit-attempts 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "limit-attempts 1.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "limit-attempts 1.1.1 SQL.Injection CRITICAL" "loggedin 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "leadsquared-suite No.known.fix Admin+.Stored.XSS LOW" "leadsquared-suite No.known.fix CSRF MEDIUM" "leenkme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "leenkme 2.6.0 XSS.&.CSRF MEDIUM" "live-2d No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "lastunes No.known.fix Settings.Update.via.CSRF HIGH" "loginpress 4.0.0 Arbitrary.Options.Update.via.CSRF HIGH" "loginpress 1.6.3 Unauthenticated.Settings.Update MEDIUM" "loginpress 1.5.12 Reflected.Cross-Site.Scripting MEDIUM" "loginpress 1.1.14 Unauthorized.Blind.SQL.Injection CRITICAL" "livemesh-weight-based-shipping 1.4 Reflected.Cross-Site.Scripting MEDIUM" "log-http-requests 1.3.2 Stored.Cross-Site.Scripting MEDIUM" "my-tickets 2.0.10 Missing.Authorization MEDIUM" "my-tickets 1.9.11 Bulk.Emailing.via.CSRF MEDIUM" "my-tickets 1.8.31 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "memphis-documents-library 3.1.6 Arbitrary.File.Download CRITICAL" "musicbox No.known.fix Reflected.XSS HIGH" "material-design-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mdi-icon.Shortcode MEDIUM" "misiek-paypal No.known.fix Stored.XSS.via.CSRF HIGH" "mycred-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "map-addons-for-elementor-waze-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modula-best-grid-gallery 2.11.11 Author+.Arbitrary.File.Upload HIGH" "modula-best-grid-gallery 2.7.5 Incomplete.Authorization.via.'save_image'.and.'save_images' LOW" "modula-best-grid-gallery 2.6.91 Unauthenticated.Troubleshooting.Settings.Update MEDIUM" "modula-best-grid-gallery 2.6.7 Reflected.Cross-Site.Scripting MEDIUM" "modula-best-grid-gallery 2.2.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mass-messaging-in-buddypress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mtphr-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menukaart 1.4 Reflected.Cross-Site.Scripting MEDIUM" "mesmerize-companion 1.6.149 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mesmerize_contact_form.Shortcode MEDIUM" "mesmerize-companion 1.6.135 Contributor+.Stored.XSS MEDIUM" "mini-loops No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mail-control 0.3.0 Reflected.Cross-Site.Scripting MEDIUM" "mail-control 0.3.2 Unauthenticated.Stored.XSS.via.Email.Subject HIGH" "menu-swapper 1.1.1 Cross-Site.Request.Forgery MEDIUM" "menu-swapper 1.1.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "meintopf No.known.fix Reflected.XSS HIGH" "mobile-dj-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-idx-home-search 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapplic-lite No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "mapplic-lite 1.0.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "mobilook 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multipurpose-block 1.7.6 Reflected.Cross-Site.Scripting MEDIUM" "multipurpose-block 1.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "menu-shortcode No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mf-gig-calendar No.known.fix Cross-Site.Request.Forgery MEDIUM" "mf-gig-calendar No.known.fix Editor+.Stored.XSS LOW" "mf-gig-calendar No.known.fix Arbitrary.Event.Deletion.via.CSRF MEDIUM" "mf-gig-calendar No.known.fix Authenticated(Contributor+).SQL.Injection HIGH" "mf-gig-calendar 1.2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "mf-gig-calendar 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mail-integration-365 1.9.1 Reflected.XSS HIGH" "mail-picker 1.0.15 Unauthenticated.PHP.Object.Injection CRITICAL" "mail-picker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "market-exporter 2.0.22 Missing.Authorization MEDIUM" "market-exporter 2.0.20 Missing.Authorization.to.Arbitrary.File.Deletion HIGH" "market-exporter 2.0.19 Reflected.Cross-Site.Scripting MEDIUM" "market-exporter 2.0.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mb-custom-post-type 2.7.7 Admin+.Stored.XSS LOW" "mapfig-studio No.known.fix Stored.XSS.via.CSRF HIGH" "mycss No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "mailchimp-top-bar 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar-lite 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "modern-events-calendar-lite 7.1.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.XSS LOW" "modern-events-calendar-lite 6.3.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 6.4.7 Reflected.Cross-Site.Scripting MEDIUM" "modern-events-calendar-lite 6.4.0 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "modern-events-calendar-lite 6.2.0 Subscriber+.Category.Add.Leading.to.Stored.XSS MEDIUM" "modern-events-calendar-lite 6.1.5 Reflected.Cross-Site.Scripting HIGH" "modern-events-calendar-lite 6.1.5 Unauthenticated.Blind.SQL.Injection HIGH" "modern-events-calendar-lite 5.22.3 Authenticated.Stored.Cross.Site.Scripting LOW" "modern-events-calendar-lite 5.22.2 Admin+.Stored.Cross-Site.Scripting LOW" "modern-events-calendar-lite 5.16.6 Authenticated.SQL.Injection CRITICAL" "modern-events-calendar-lite 5.16.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "modern-events-calendar-lite 5.16.5 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "modern-events-calendar-lite 5.16.5 Unauthenticated.Events.Export MEDIUM" "modern-events-calendar-lite 5.1.7 Multiple.Subscriber+.Stored.XSS MEDIUM" "meteor-slides No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "meteor-slides 1.5.7 Contributor+.Stored.XSS MEDIUM" "mojoplug-slide-panel No.known.fix Admin+.Stored.XSS LOW" "matrix-pre-loader No.known.fix Cross-Site.Request.Forgery MEDIUM" "mobile-menu 2.8.5 Missing.Authorization.to._mobmenu_icon.Post.Meta.Modification MEDIUM" "mobile-menu 2.8.4.4 Cross-Site.Request.Forgery MEDIUM" "mobile-menu 2.8.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Alt MEDIUM" "mobile-menu 2.8.4 Reflected.Cross-Site.Scripting MEDIUM" "mobile-menu 2.8.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-menu 2.8.2.3 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mobile-menu 2.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "mstore-api 4.16.5 Authenticated.(Subscriber+).HTML.File.Upload.(Stored.Cross-Site.Scripting) MEDIUM" "mstore-api 4.15.8 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "mstore-api 4.15.4 Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "mstore-api 4.15.4 Unauthorized.User.Registration HIGH" "mstore-api 4.15.3 Authentication.Bypass.to.Account.Takeover HIGH" "mstore-api 4.15.0 Authentication.Bypass CRITICAL" "mstore-api 4.10.2 Cross-Site.Request.Forgery MEDIUM" "mstore-api 4.0.7 Subscriber+.SQLi HIGH" "mstore-api 3.9.8 Unauthenticated.SQL.Injection HIGH" "mstore-api 4.0.2 Unauthenticated.SQL.Injection CRITICAL" "mstore-api 3.9.7 Subscriber+.Unauthorized.Settings.Update MEDIUM" "mstore-api 4.10.8 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.9 Unauthenticated.Privilege.Escalation CRITICAL" "mstore-api 3.9.8 Unauthenticated.Blind.SQLi HIGH" "mstore-api 3.9.7 Multiple.CSRF MEDIUM" "mstore-api 3.9.3 Authentication.Bypass CRITICAL" "mstore-api 3.9.2 Authentication.Bypass CRITICAL" "mstore-api 3.9.1 Authentication.Bypass CRITICAL" "mstore-api 3.4.5 Unauthenticated.PHP.File.Upload CRITICAL" "mstore-api 3.2.0 Authentication.Bypass.With.Sign.In.With.Apple HIGH" "mstore-api 2.1.6 Unauthenticated.Arbitrary.Account.Creation/Edition HIGH" "mooberry-book-manager 4.15.13 Unauthenticated.Information.Exposure.via.Export.Files MEDIUM" "maxslider 1.2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "minimum-password-strength No.known.fix Cross-Site.Request.Forgery MEDIUM" "mainwp-broken-links-checker-extension No.known.fix Unauthenticated.SQLi CRITICAL" "memberful-wp 1.74.0 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "memberful-wp 1.73.8 Authenticated.(contributor+).Stored.Cross-Site.Scripting MEDIUM" "maps-for-wp 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailrelay 2.1.2 Arbitrary.Settings.Update.via.CSRF MEDIUM" "my-custom-css No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "multiple-pages-generator-by-porthas 4.0.6 Authenticated.(Editor+).Server-Side.Request.Forgery.via.fileUrl MEDIUM" "multiple-pages-generator-by-porthas 4.0.3 Authenticated.(Editor+).Directory.Traversal.to.Limited.File.Deletion LOW" "multiple-pages-generator-by-porthas 4.0.2 Missing.Authorization MEDIUM" "multiple-pages-generator-by-porthas 3.4.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Cross-Site.Request.Forgery MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Missing.Authorization.via.mpg_get_log_by_project_id MEDIUM" "multiple-pages-generator-by-porthas 3.4.1 Authenticated.(Editor+).Remote.Code.Execution HIGH" "multiple-pages-generator-by-porthas 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "multiple-pages-generator-by-porthas 3.3.20 SQL.Injection MEDIUM" "multiple-pages-generator-by-porthas 3.3.18 SQLi.via.CSRF LOW" "multiple-pages-generator-by-porthas 3.3.18 Admin+.SQLi MEDIUM" "multiple-pages-generator-by-porthas 3.3.10 MPG.<.3.3.10.-.Multiple.CSRF MEDIUM" "metronet-profile-picture 2.6.2 Authenticated.(Author+).Insecure.Direct.Object.Reference.to.Profile.Picture.Update MEDIUM" "metronet-profile-picture 2.6.0 Arbitrary.User.Picture.Change/Deletion.via.IDOR MEDIUM" "metronet-profile-picture 2.5.0 Sensitive.Information.Disclosure MEDIUM" "mz-mindbody-api 2.8.3 Unauthorised.AJAX.Calls HIGH" "mlr-audio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-store-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "map-multi-marker No.known.fix Reflected.Cross-Site.Scripting HIGH" "mobile-contact-bar 3.0.5  Admin+.Stored.XSS LOW" "marketing-and-seo-booster No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "mrlegend-typedjs No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.typespeed.Parameter MEDIUM" "meks-easy-social-share 1.2.8 Admin+.Stored.Cross-Site.Scripting LOW" "mapster-wp-maps 1.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapster-wp-maps 1.6.0 Incorrect.Authorization.to.Authenticated.(Contributor+).Arbitrary.Options.Update HIGH" "mapster-wp-maps 1.2.39 Contributor+.Stored.XSS MEDIUM" "mapster-wp-maps 1.2.36 Reflected.Cross-Site.Scripting MEDIUM" "maan-elementor-addons No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "media-from-ftp 11.17 Author+.Arbitrary.File.Access CRITICAL" "media-from-ftp 9.85 Authenticated.Directory.Traversal MEDIUM" "menu-ordering-reservations 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "menu-ordering-reservations 2.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "menu-ordering-reservations 2.3.7 Reflected.XSS HIGH" "menu-ordering-reservations 2.3.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "menu-ordering-reservations 2.3.2 Multiple.CSRF MEDIUM" "menu-ordering-reservations 2.3.1 Unauthorised.AJAX.Calls MEDIUM" "mww-disclaimer-buttons 3.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mendeleyplugin No.known.fix Admin+.Stored.XSS LOW" "mega-addons-for-visual-composer 4.3.0 Contributor+.Stored.XSS MEDIUM" "mega-addons-for-visual-composer No.known.fix Subscriber+.Settings.Update MEDIUM" "mega-addons-for-visual-composer No.known.fix Settings.Update.via.CSRF MEDIUM" "mobile-friendly-flickr-slideshow 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-friendly-flickr-slideshow 2.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "makecommerce 3.5.2 Reflected.Cross-Site.Scripting MEDIUM" "mj-contact-us No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-quota No.known.fix Reflected.XSS HIGH" "multi-column-tag-map 17.0.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mctagmap.Shortcode MEDIUM" "multi-column-tag-map 17.0.27 Cross-Site.Request.Forgery MEDIUM" "multi-column-tag-map 17.0.25 Contributor+.Stored.XSS MEDIUM" "mapbox-for-wp-advanced No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-booster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-booster 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "maintenance-and-noindex-nofollow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "maintenance-page 1.0.9 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "maintenance-page 1.0.9 Security.Mechanism.Bypass.via.REST.API MEDIUM" "modal-window 6.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.iframeBox.Shortcode MEDIUM" "modal-window 6.1.5 Cross-Site.Request.Forgery.to.Settings.Ipdate MEDIUM" "modal-window 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modal-window 5.3.10 Modal.Deletion.via.CSRF MEDIUM" "modal-window 5.3.9 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "modal-window 5.2.2 RFI.leading.to.RCE.via.CSRF HIGH" "memberspace 2.1.14 Reflected.XSS MEDIUM" "miniorange-google-authenticator 1.0.5 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "miniorange-google-authenticator 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "mashsharer No.known.fix Missing.Authorization MEDIUM" "mashsharer 3.8.7 Contributor+.Stored.XSS MEDIUM" "mashsharer 3.8.5 Admin+.Stored.Cross-Site.Scripting LOW" "metasync 1.8.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "meta-box 5.9.11 Missing.Authorization.to.Information.Exposure MEDIUM" "meta-box 5.9.4 Contributor+.Arbitrary.Posts'.Custom.Field.Disclosure LOW" "meta-box 5.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-box 4.16.3 Unauthorised.File.Deletion MEDIUM" "meta-box 4.16.2 Mishandled.Uploaded.Files HIGH" "mollie-forms 2.6.14 Cross-Site.Request.Forgery.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization.to.Arbitrary.Post.Duplication MEDIUM" "mollie-forms 2.6.4 Missing.Authorization MEDIUM" "myorderdesk 3.3.0 Contributor+.Stored.XSS MEDIUM" "miniorange-limit-login-attempts 4.0.72 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-limit-login-attempts 4.0.50 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "my-auctions-allegro-free-edition 3.6.19 Reflected.Cross-Site.Scripting MEDIUM" "my-auctions-allegro-free-edition 3.6.18 Reflected.Cross-Site.Scripting MEDIUM" "mwb-point-of-sale-pos-for-woocommerce 1.0.1 CSRF.Bypass./.Unauthorised.AJAX.Call MEDIUM" "menu-item-scheduler No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "manage-notification-emails 1.8.6 Missing.Authorization MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "manage-notification-emails 1.8.3 Settings.Reset.via.CSRF MEDIUM" "my-shortcodes No.known.fix Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "mj-update-history No.known.fix Missing.Authorization MEDIUM" "mj-update-history No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mimetic-books No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mega-forms 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "mega-forms 1.2.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "maintenance-coming-soon-redirect-animation 2.3.0 Missing.Authorization.to.Settings.Update MEDIUM" "maintenance-coming-soon-redirect-animation No.known.fix IP.Spoofing.to.Bypass MEDIUM" "medma-matix No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "magic-action-box No.known.fix Contributor+.Stored.XSS MEDIUM" "mail-subscribe-list 2.1.10 Contributor+.Stored.XSS MEDIUM" "mail-subscribe-list 2.1.4 Arbitrary.Subscribed.User.Deletion.via.CSRF MEDIUM" "mail-subscribe-list 2.1 Stored.XSS MEDIUM" "mhr-post-ticker 1.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mw-wp-form 5.1.0 Editor+.Stored.XSS MEDIUM" "mw-wp-form 5.0.4 Improper.Limitation.of.File.Name.to.Unauthenticated.Arbitrary.File.Deletion HIGH" "mw-wp-form 5.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "mw-wp-form 5.0.0 Missing.Authorization MEDIUM" "mw-wp-form 4.4.3 Unauthenticated.Path.Traversal MEDIUM" "market-360-viewer No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "macme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "maniac-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "maximum-products-per-user-for-woocommerce 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "memeone No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "missing-widgets-for-elementor 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "missing-widgets-for-elementor 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mailchimp-for-woocommerce 2.7.1 Subscriber+.SSRF MEDIUM" "mailchimp-for-woocommerce 2.7.2 Admin+.SSRF LOW" "mobile-login-woocommerce 2.3 Unauthenticated.Privilege.Escalation HIGH" "mihdan-index-now 2.6.4 Cross-Site.Request.Forgery.via.reset_form HIGH" "mega-elements-addons-for-elementor 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mega-elements-addons-for-elementor 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "mega-elements-addons-for-elementor 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "miniorange-login-security 1.0.8 Reflected.Cross-Site.Scripting HIGH" "music-request-manager No.known.fix Reflected.XSS MEDIUM" "music-request-manager No.known.fix Unauthenticated.Stored.XSS MEDIUM" "music-request-manager No.known.fix Stored.XSS.via.CSRF HIGH" "metadata-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "media-cleaner 6.7.3 Unauthenticated.Information.Exposure MEDIUM" "masterbip-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "misiek-photo-album No.known.fix Stored.XSS.via.CSRF HIGH" "misiek-photo-album No.known.fix Album.Deletion.via.CSRF MEDIUM" "multi-feed-reader No.known.fix Cross-Site.Request.Forgery MEDIUM" "multi-feed-reader 2.2.4 SQL.Injection HIGH" "mtouch-quiz No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "mtouch-quiz 3.1.3 Multiple.Vulnerabilities.XSS.&.CSRF MEDIUM" "member-hero No.known.fix Unauthenticated.RCE CRITICAL" "medical-addon-for-elementor 1.6.3 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Shortcode MEDIUM" "medical-addon-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "meks-video-importer 1.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).API.Keys.Modification MEDIUM" "meks-video-importer No.known.fix Missing.Authorization MEDIUM" "mambo-joomla-importer No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Stored.XSS HIGH" "mainwp-code-snippets-extension 4.0.3 Subscriber+.Settings.Update MEDIUM" "mainwp-code-snippets-extension 4.0.3 Subscriber+.PHP.Objection.Injection HIGH" "mapplic 6.2.1 SSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "mpl-publisher 1.30.4 Self-publish.your.book.&.ebook.<.1.30.4.-.Admin+.Stored.Cross-Site.Scripting LOW" "mpl-publisher 1.29.2 Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "momo-venmo 4.2 Reflected.Cross-Site.Scripting MEDIUM" "multi-gallery No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "mybookprogress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.book.Parameter MEDIUM" "mybb-cross-poster No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "multilang-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-mirror No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "more-better-reviews-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "more-better-reviews-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "more-better-reviews-for-woocommerce 3.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mightyforms 1.3.10 Missing.Authorization MEDIUM" "mightyforms 1.3.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ml-slider 3.95.0 Editor+.Stored.XSS LOW" "ml-slider 3.95.0 Editor+.Stored.XSS LOW" "ml-slider 3.95.0 Authenticated.(Editor+).PHP.Object.Injection HIGH" "ml-slider 3.70.1 Contributor+.Stored.Cross-Site.Scripting.via.metaslider.Shortcode MEDIUM" "ml-slider 3.29.1 Reflected.XSS HIGH" "ml-slider 3.27.9 Admin+.Stored.Cross.Site.Scripting LOW" "ml-slider 3.17.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "multiline-files-for-contact-form-7 2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Deactivation MEDIUM" "media-library-helper 1.3.0 Cross-Site.Request.Forgery MEDIUM" "modern-addons-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-addons-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "min-and-max-purchase-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "my-wp 1.24.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "mainwp-maintenance-extension 4.1.2 Subscriber+.SQL.Injection.(SQLi) HIGH" "meeting-scheduler-by-vcita 4.5.2 Cross-Site.Request.Forgery MEDIUM" "meeting-scheduler-by-vcita 4.5.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.5 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "meeting-scheduler-by-vcita 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "meeting-scheduler-by-vcita 4.3.3 Reflected.XSS HIGH" "meeting-scheduler-by-vcita 4.5 Subscriber+.Settings.Update.&.Stored.XSS MEDIUM" "meeting-scheduler-by-vcita 4.4.3 Unauthenticated.Stored.XSS CRITICAL" "meeting-scheduler-by-vcita 4.5.2 Denial.of.Service.via.CSRF MEDIUM" "meeting-scheduler-by-vcita 4.3.1 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "meeting-scheduler-by-vcita 4.3.0 Subscriber+.Denial.of.Service.by.account.logout MEDIUM" "microsoft-advertising-universal-event-tracking-uet 1.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "multi-day-booking-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "microsoft-clarity 0.9.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "microsoft-clarity 0.4 Admin+.Stored.Cross-Site.Scripting LOW" "media-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-download 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multiple-admin-emails No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mycred 2.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_send.Shortcode MEDIUM" "mycred 2.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mycred_link.Shortcode MEDIUM" "mycred 2.7.4 Missing.Authorization.to.Unauthenticated.Database.Upgrade MEDIUM" "mycred 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.7.3 Unauthenticated.PHP.Object.Injection HIGH" "mycred 2.7.3 Unauthenticated.Information.Exposure MEDIUM" "mycred 2.6.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "mycred 2.6.2 Contributor+.Stored.XSS MEDIUM" "mycred 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.5.1 Cross-Site.Request.Forgery MEDIUM" "mycred 2.4.4.1 Subscriber+.User.E-mail.Addresses.Disclosure MEDIUM" "mycred 2.4.4 Subscriber+.Arbitrary.Post.Creation MEDIUM" "mycred 2.4.4 Subscriber+.Import/Export.to.Email.Address.Disclosure MEDIUM" "mycred 2.4.4 Reflected.Cross-Site.Scripting MEDIUM" "mycred 2.4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mycred 2.4 Reflected.Cross-Site.Scripting HIGH" "mycred 2.3 Subscriber+.SQL.Injection HIGH" "mycred 1.7.8 Reflected.Cross-Site.Scripting HIGH" "mmm-file-list No.known.fix Subscriber+.Arbitrary.Directory.Listing MEDIUM" "mmm-file-list No.known.fix Contributor+.Stored.XSS MEDIUM" "my-favorite-cars No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mailarchiver 2.11.0 Unauthenticated.Stored.XSS HIGH" "migrate-users No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "mapwiz No.known.fix Admin+.SQLi MEDIUM" "magee-shortcodes No.known.fix Contributor+.Stored.XSS.via.shortcode MEDIUM" "magee-shortcodes 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "mailmunch 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailmunch 3.1.3 Settings.Update.via.CSRF MEDIUM" "menu-items-visibility-control No.known.fix Admin+.Arbitrary.PHP.Code.Execution MEDIUM" "members-list 4.3.7 Reflected.Cross-Site.Scripting MEDIUM" "my-wpdb 2.5 Arbitrary.SQL.Query.via.CSRF MEDIUM" "mh-board No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "mailpress No.known.fix Arbitrary.Settings.Update.&.Log.Files.Purge.via.CSRF MEDIUM" "medibazar-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "multiple-shipping-address-woocommerce 2.0 Unauthenticated.SQLi HIGH" "my-wp-responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "monarch 1.2.7 Privilege.Escalation HIGH" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "marketing-automation-by-azexo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "music-player-for-elementor 2.4.2 Missing.Authorization.to.Authenticated.(Subscriber+).Template.Import MEDIUM" "music-player-for-elementor 1.5.9.9 Reflected.Cross-Site.Scripting MEDIUM" "music-player-for-elementor 1.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mshop-mysite 1.1.8 Subscriber+.Settings.Update MEDIUM" "my-wp-translate 1.0.4 CSRF.&.XSS HIGH" "miniorange-firebase-sms-otp-verification 3.6.1 Authentication.Bypass HIGH" "miniorange-firebase-sms-otp-verification 3.6.1 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "miniorange-firebase-sms-otp-verification 3.6.1 Privilege.Escalation.via.Registration.due.to.Administrator.Default.User.Role.Value CRITICAL" "marketo-forms-and-tracking No.known.fix CSRF.to.XSS HIGH" "mobile-events-manager 1.4.8 Admin+.CSV.Injection LOW" "mobile-events-manager 1.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "material-design-icons-for-elementor 1.4.3 Contributor+.Stored.XSS MEDIUM" "material-design-icons-for-elementor 1.4.3 Settings.Update.via.CSRF MEDIUM" "masy-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "min-and-max-quantity-for-woocommerce 2.1.0 Missing.Authorization MEDIUM" "min-and-max-quantity-for-woocommerce 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "markdown-on-save-improved 2.5.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "meta-slider-and-carousel-with-lightbox 2.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "motopress-hotel-booking 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "multiple-domain 1.0.3 XSS.in.Canonical/Alternate.Tags LOW" "multi-rating No.known.fix Admin+.Stored.XSS LOW" "multi-rating No.known.fix Unauthenticated.Ratings.Update MEDIUM" "multi-rating 5.0.6 Reflected.XSS HIGH" "multi-rating 5.0.6 Ratings.Deletion.via.CSRF MEDIUM" "my-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "m-vslider No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "mpoperationlogs No.known.fix Unauthenticated.Stored.XSS HIGH" "marquee-style-rss-news-ticker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "media-library-tools 1.5.0 Author+.Stored.XSS.via.SVG MEDIUM" "moceansms-order-sms-notification-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "minical No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mass-pagesposts-creator 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "mass-pagesposts-creator 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mass-pagesposts-creator 1.2.5 DoS MEDIUM" "my-wish-list 1.4.2 Multiple.Parameter.XSS MEDIUM" "mrkwp-footer-for-divi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mrkwp-footer-for-divi No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magical-posts-display 1.2.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mainwp-child 5.3 Authentication.Bypass HIGH" "mainwp-child 4.4.1.2 Sensitive.File.Disclosure MEDIUM" "mainwp-child 4.1.8 Admin+.SQL.Injection MEDIUM" "mail-masta No.known.fix Multiple.SQL.Injection CRITICAL" "mail-masta No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "multimedial-images No.known.fix Admin+.SQLi MEDIUM" "magicform No.known.fix WordPress.Form.Builder.<=.1.6.2.-.Missing.Authorization MEDIUM" "magicform No.known.fix Reflected.Cross-Site.Scripting HIGH" "meta-data-filter 2.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "mainwp-child-reports 2.2.1 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "mainwp-child-reports 2.2 Cross-Site.Request.Forgery MEDIUM" "mainwp-child-reports 2.0.8 Admin+.SQL.Injection MEDIUM" "mp-restaurant-menu 2.4.2 Admin+.Stored.Cross.Site.Scripting LOW" "movies No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "migrate-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mass-email-to-users 1.1.5 Reflected.XSS HIGH" "mime-types-extended No.known.fix Author+.Stored.XSS.via.SVG.Upload MEDIUM" "morpheus-slider No.known.fix Authenticated.SQL.Injection MEDIUM" "materialis-companion 1.3.42 Authenticated.(Contributor+).Store.Cross-Site.Scripting.via.materialis_contact_form.Shortcode MEDIUM" "materialis-companion 1.3.40 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "machic-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "marmoset-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "marmoset-viewer 1.9.3 Reflected.Cross.Site.Scripting HIGH" "mindmeister-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mfplugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multisite-robotstxt-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "marketing-automation 1.2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "mejorcluster 1.1.16 Contributor+.Stored.XSS MEDIUM" "mp3-jplayer No.known.fix Multiple.CSRF MEDIUM" "mp3-jplayer 2.5 Full.Path.Disclosure MEDIUM" "music-sheet-viewer No.known.fix Unauthenticated.Arbitrary.File.Read HIGH" "music-sheet-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "movie-database No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "members-import No.known.fix XSS.via.Imported.CSV MEDIUM" "miniorange-oauth-oidc-single-sign-on 38.4.9 SSO.(OAuth.Client).Premium.<.38.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 48.4.9 SSO.(OAuth.Client).Enterprise.<.48.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-oauth-oidc-single-sign-on 28.4.9 SSO.(OAuth.Client).Standard.<.28.4.9.-.IdP.Deletion.via.CSRF MEDIUM" "multiple-image-uploads-with-preview-for-wpforms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-waze No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "mainwp-google-analytics-extension 4.0.5 Subscriber+.Settings.Update MEDIUM" "mainwp-google-analytics-extension 4.0.5 Subscriber+.SQLi HIGH" "makestories-helper 3.0.4 Authenticated.(Subscriber+).Arbitrary.File.Download.and.Server-Side.Request.Forgery MEDIUM" "makestories-helper 3.0.3 Settings.Update.via.CSRF MEDIUM" "miniorange-2-factor-authentication 5.6.6 Missing.Authorization.to.Plugin.Settings.Change HIGH" "miniorange-2-factor-authentication 5.6.2 Subscriber+.Settings.Update MEDIUM" "miniorange-2-factor-authentication 5.5.75 Reflected.Cross-Site.Scripting MEDIUM" "miniorange-2-factor-authentication 5.5.6 Admin+.Stored.Cross-Site.Scripting LOW" "miniorange-2-factor-authentication 5.5 Unauthenticated.Arbitrary.Options.Deletion CRITICAL" "miniorange-2-factor-authentication 5.4.40 Reflected.Cross-Site.Scripting HIGH" "mailtree-log-mail 1.0.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "mp-timetable 2.4.14 Admin+.PHP.Object.Injection MEDIUM" "mp-timetable 2.4.12 Authenticated.(Contributor+).SQL.Injection CRITICAL" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Update MEDIUM" "mp-timetable 2.3.19 Author+.Stored.Cross-Site.Scripting MEDIUM" "mp-timetable 2.4.2 Unauthorised.Event.TimeSlot.Deletion MEDIUM" "mp-timetable 2.4.0 Arbitrary.User's.Hashed.Password/Email/Username.Disclosure MEDIUM" "morkva-ua-shipping 1.0.20 Unauthenticated.Local.File.Inclusion CRITICAL" "mass-custom-fields-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multi-scheduler No.known.fix Arbitrary.Record.Deletion.via.CSRF HIGH" "mailin 3.1.88 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.83 Cross-Site.Request.Forgery MEDIUM" "mailin 3.1.78 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.78 Reflected.XSS HIGH" "mailin 3.1.61 Reflected.XSS HIGH" "mailin 3.1.31 Reflected.Cross-Site.Scripting MEDIUM" "mailin 3.1.25 Reflected.XSS HIGH" "mypixs No.known.fix Unauthenticated.Local.File.Inclusion.(LFI) HIGH" "multicarousel No.known.fix Unauthenticated.SQL.Injection HIGH" "master-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ms_layer.Shortcode MEDIUM" "master-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ms_slider.Shortcode MEDIUM" "master-slider 3.10.5 Editor+.Stored.XSS LOW" "master-slider 3.10.0 CSRF.to.slider.deletion MEDIUM" "master-slider 3.10.5 Reflected.Cross-Site.Scripting HIGH" "master-slider 3.10.0 Contributor+.Stored.XSS.via.ms_layer.Shortcode MEDIUM" "master-slider 3.9.10 Responsive.Touch.Slider.<.3.9.10.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-slider 3.9.7 Unauthenticated.PHP.Object.Injection CRITICAL" "master-slider 3.10.0 Sliders.Deletion.via.CSRF MEDIUM" "master-slider 3.10.0 Contributor+.Stored.XSS MEDIUM" "master-slider 3.9.10 Editor+.Stored.XSS.via.slider.callback LOW" "master-slider 3.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "master-slider 2.8.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "master-slider 2.5.2 Authenticated.Blind.SQL.Injection CRITICAL" "mdc-comment-toolbar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "menu-manager-ultra 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "media-slider 1.4.0 Missing.Authorization MEDIUM" "maintenance 4.03 Authenticated.Stored.XSS MEDIUM" "motor-racing-league No.known.fix Admin+.XSS LOW" "melascrivi No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moving-media-library 1.23 Authenticated.(Administrator+).Directory.Traversal.to.Arbitrary.File.Deletion MEDIUM" "mind3dom-ryebread-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mas-addons-for-elementor 1.1.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "mas-addons-for-elementor 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mytweetlinks No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "multilevel-referral-plugin-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "multilevel-referral-plugin-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilevel-referral-plugin-for-woocommerce 2.23 Reflected.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mdc-youtube-downloader 2.1.1 Local.File.Inclusion HIGH" "mailchimp-forms-by-mailmunch 3.2.4 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-forms-by-mailmunch 3.2.2 Cross-Site.Request.Forgery MEDIUM" "mailchimp-forms-by-mailmunch 3.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "mailchimp-forms-by-mailmunch 3.1.5 Arbitrary.Actions.via.CSRF MEDIUM" "my-content-management 1.7.7 Admin+.Stored.XSS LOW" "master-elements No.known.fix Unauthenticated.SQLi CRITICAL" "mynx-page-builder No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "mindvalley-pagemash No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "meks-themeforest-smart-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "muslim-prayer-time-bd 2.5 Settings.Reset.via.CSRF MEDIUM" "microcopy No.known.fix Authenticated.SQL.Injection MEDIUM" "month-name-translation-benaceur 2.3.8 Admin+.Stored.XSS LOW" "magic-login-api No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "monkee-boy-wp-essentials No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "momoyoga-integration 2.8.0 Contributor+.Stored.XSS MEDIUM" "mediavine-control-panel 2.10.5 Contributor+.Stored.XSS MEDIUM" "miniorange-openid-connect-client 2.1.5 Reflected.Cross-Site.Scripting.via.appId HIGH" "melapress-login-security 1.3.1 Authenticated.(Admin+).Remote.File.Inclusion MEDIUM" "mwp-forms No.known.fix Admin+.SQL.Injection HIGH" "modal-portfolio No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mainwp 5.0 Cross-Site.Request.Forgery.via.posting_bulk MEDIUM" "mainwp 4.4.3.4 Authenticated.(Administrator+).SQL.Injection HIGH" "mainwp 4.5.1.3 Authenticated(Administrator+).CSS.Injection LOW" "msync No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "media-file-manager No.known.fix Authenticated.Multiple.Vulnerabilities MEDIUM" "mangboard 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.8.1 Reflected.Cross-Site.Scripting MEDIUM" "mangboard 1.7.8 Admin+.Stored.XSS LOW" "mangboard 1.8.2 Settings.Update.via.CSRF MEDIUM" "mangboard 1.6.9 SQL.Injection HIGH" "mihanpanel-lite 12.7 Cross-Site.Request.Forgery MEDIUM" "mins-to-read No.known.fix Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "meks-easy-ads-widget 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mygallery No.known.fix Unauthenticated.File.Inclusion CRITICAL" "meta-tag-manager 3.2 Missing.Authorization MEDIUM" "meta-tag-manager 3.1 Subscriber+.PHP.Object.Injection HIGH" "meta-tag-manager 2.1 Reflected.Cross-Site.Scripting MEDIUM" "menu-image 3.11 Admin+.Stored.XSS LOW" "menu-image 3.10 Reflected.Cross-Site.Scripting MEDIUM" "menu-image 3.0.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "menu-image 3.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mediabay-lite No.known.fix Missing.Authorization.via.AJAC.actions MEDIUM" "mediabay-lite No.known.fix Editor+.Stored.XSS MEDIUM" "moveto No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "moveto No.known.fix Unauthenticated.SQL.Injection CRITICAL" "moveto No.known.fix Missing.Authorization.to.Unauthenticated.Options.Update CRITICAL" "moveto No.known.fix Unauthenticated.Directory.Traversal.to.Arbitrary.File.Deletion CRITICAL" "mark-new-posts 7.6 Missing.Authorization.via.save_options MEDIUM" "meks-smart-social-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "meks-smart-social-widget 1.6.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "meks-smart-author-widget 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "membership-simplified-for-oap-members-only No.known.fix Unauthenticated.Arbitrary.File.Download CRITICAL" "mortgage-calculators-wp 1.60 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-calculators-wp 1.56 Admin+.Stored.Cross-Site.Scripting LOW" "modern-designs-for-gravity-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modern-designs-for-gravity-forms No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "media-element-html5-video-and-audio-player No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "multiple-roles 1.3.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "multiple-roles 1.3.2 Cross-Site.Request.Forgery MEDIUM" "megamenu 3.3.1 Missing.Authorization MEDIUM" "megamenu 2.4 Authenticated.XSS MEDIUM" "mighty-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "machform-shortcode 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mx-time-zone-clocks 3.4.1 Contributor+.Cross-Site.Scripting MEDIUM" "mwp-skype 4.0.4 Button.Deletion.via.CSRF MEDIUM" "mwp-skype 4.0.2 Reflected.XSS MEDIUM" "mcjh-button-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multicons 3.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mobile-banner 1.6 CSRF MEDIUM" "microblog-poster 1.6.2 Authenticated.Blind.SQL.Injection HIGH" "mybb-last-topics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mapifylite 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "music-let-loose-mp3-audio-player No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "muzaara-adwords-optimize-dashboard No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "muzaara-adwords-optimize-dashboard No.known.fix Information.Exposure MEDIUM" "master-popups-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mailclient No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "m-wp-popup No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "m-wp-popup 1.3.1 Unauthenticated.Denial.of.Service HIGH" "mailster 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "mailster 4.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "mailster 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "mailster 2.4.9 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "mediaburst-ecommerce-sms-notifications 2.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "modal-popup-box 1.5.3 Authenticated.(Contributor+).PHP.Object.Injection.in.awl_modal_popup_box_shortcode HIGH" "miguras-divi-maker No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "membermouse 2.2.9 Blind.SQL.Injection CRITICAL" "mq-woocommerce-products-price-bulk-edit No.known.fix XSS MEDIUM" "move-addons 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.6 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "move-addons 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "move-addons 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "move-addons 1.3.0 Missing.Authorization MEDIUM" "move-addons 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-app-builder-by-wappress No.known.fix Unauthenticated.File.Upload CRITICAL" "majestic-support 1.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "majestic-support 1.0.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "majestic-support 1.0.6 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Text.Color LOW" "maxbuttons 9.8.1 Admin+.Stored.XSS.via.Button.Width LOW" "maxbuttons 9.8.0 Full.Path.Disclosure MEDIUM" "maxbuttons 9.7.8 Editor+.Stored.XSS LOW" "maxbuttons 9.7.7 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.7.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "maxbuttons 9.6 Contributor+.Stored.XSS MEDIUM" "maxbuttons 9.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "maxbuttons 9.3 Admin+.Stored.Cross-Site.Scripting LOW" "maxbuttons 6.19 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "maxi-blocks 1.9.3 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "mjm-clinic 1.1.23 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "mjm-clinic 1.1.23 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mobile-call-now-map-buttons No.known.fix Admin+.Stored.XSS LOW" "mapifylite-master 4.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "miniorange-wp-as-saml-idp 1.15.7 Authenticated.(Administrator+).SQL.Injection HIGH" "miniorange-wp-as-saml-idp 1.13.4 Admin+.Stored.Cross-Site.Scripting LOW" "mantenimiento-web 0.14 Stored.XSS.via.CSRF MEDIUM" "mantenimiento-web 0.14 Admin+.Stored.XSS LOW" "memorialday 1.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "multi-page-toolkit No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "mighty-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mercadolibre-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "more-from-google No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moka-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moceanapi-sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modify-profile-fields-dashboard-menu-buttons 1.04 Reflected.Cross-Site.Scripting MEDIUM" "mm-email2image No.known.fix Contributor+.Stored.XSS MEDIUM" "mm-email2image No.known.fix Stored.XSS.via.CSRF HIGH" "motors-car-dealership-classified-listings 1.4.44 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.Custom.Title MEDIUM" "motors-car-dealership-classified-listings 1.4.11 Missing.Authorization MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Unauthenticated.SSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.7 Reflected.XSS HIGH" "motors-car-dealership-classified-listings 1.4.5 CSRF MEDIUM" "motors-car-dealership-classified-listings 1.4.4 Car.Dealer,.Classifieds.&.Listing.<.1.4.4.-.Arbitrary.File.Upload CRITICAL" "motors-car-dealership-classified-listings 1.4.1 Multiple.Issues MEDIUM" "miniorange-malware-protection 4.7.3 Unauthenticated.Privilege.Escalation CRITICAL" "miniorange-malware-protection 4.7.3 Admin+.SQLi MEDIUM" "miniorange-malware-protection 4.7.2 IP.Spoofing MEDIUM" "miniorange-malware-protection 4.5.2 Admin+.Stored.Cross-Site.Scripting LOW" "my-wp-health-check No.known.fix Cross-Site.Request.Forgery MEDIUM" "masterslider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "masterslider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "masterslider No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "msstiger No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "m1downloadlist 0.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mhr-custom-anti-copy No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "media-net-ads-manager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "mobile-friendly-app-builder-by-easytouch No.known.fix Unauthenticated.File.Upload CRITICAL" "mobigatevn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-file-renamer 5.7.8 Admin+.Remote.Code.Execution MEDIUM" "media-file-renamer 5.7.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "media-file-renamer 5.2.7 Auto.&.Manual.Rename.<.5.2.7.-.Media.Title/Filename/Locking.State.Update.via.CSRF MEDIUM" "mage-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailoptin 1.2.70.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailoptin 1.2.54.1 Admin+.Stored.XSS LOW" "mailoptin 1.2.50.0 Unauthenticated.Campaign.Cache.Deletion MEDIUM" "mailoptin 1.2.35.2 Unauthorised.AJAX.Call MEDIUM" "maz-loader 1.4.1 Arbitrary.Loader.Deletion.via.CSRF MEDIUM" "maz-loader 1.3.3 Contributor+.SQL.Injection HIGH" "molongui-authorship 4.7.8 Authenticated.(Author+).Insecure.Direct.Object.Reference MEDIUM" "molongui-authorship 4.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.7.5 Information.Exposure.via.ma_debug MEDIUM" "molongui-authorship 4.7.4 Missing.Authorization MEDIUM" "molongui-authorship 4.6.20 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "molongui-authorship 4.6.20 Reflected.XSS HIGH" "minify-html-markup 2.1.11 -.Regular.Expressions.Denial.of.Service MEDIUM" "minify-html-markup 2.1.8 Settings.Update.via.CSRF MEDIUM" "my-favorites 1.4.3 Contributor+.Stored.XSS MEDIUM" "my-favorites No.known.fix Contributor+.Stored.XSS MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.26.4 Authentication.Bypass HIGH" "miniorange-login-with-eve-online-google-facebook 6.23.4 Improper.Authentication HIGH" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).Free.<.6.24.2.-.IdP.Deletion.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.24.2 SSO.(OAuth.Client).<.6.24.2.-.IdP.Discard.via.CSRF MEDIUM" "miniorange-login-with-eve-online-google-facebook 6.22.6 Authentication.Bypass CRITICAL" "miniorange-login-with-eve-online-google-facebook 6.20.3 Reflected.Cross-Site.Scripting.via.appId HIGH" "mass-delete-unused-tags 3.0.0 Tags.Deletion.via.CSRF MEDIUM" "magic-the-gathering-card-tooltips 3.6.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "magic-the-gathering-card-tooltips 3.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "most-popular-posts-widget-lite 0.9 Admin+.SQL.injection MEDIUM" "magic-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapsvg 6.2.20 Unauthenticated.SQLi HIGH" "master-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "mytube No.known.fix Reflected.Cross-Site.Scripting.via.addplaylistid MEDIUM" "mancx-askme-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mojo-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multiple-votes-in-one-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "miniorange-discord-integration 2.1.6 Subscriber+.App.Disabling MEDIUM" "magicpost 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wb_share_social.Shortcode MEDIUM" "monitor-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "memberpress 1.11.30 Reflected.Cross-Site.Scripting.via.mepr_screenname.and.mepr_key.Parameters MEDIUM" "memberpress 1.11.35 Missing.Authorization MEDIUM" "memberpress 1.11.30 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.mepr-user-file.Shortcode HIGH" "memberpress 1.11.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.arglist.Parameter MEDIUM" "memberpress 1.11.27 Reflected.Cross-Site.Scripting.via.message.and.error MEDIUM" "mycurator 3.79 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "mycurator 3.77 Reflected.Cross-Site.Scripting MEDIUM" "mycurator 3.75 Cross-Site.Request.Forgery MEDIUM" "multiplayer-plugin No.known.fix Reflected.Cross-Site.Scripting HIGH" "myagileprivacy 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.vis.Shortcode MEDIUM" "mg-post-contributors No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "my-wp-brand 1.1.3 Missing.Authorization MEDIUM" "mybooktable 3.5.4 Cross-Site.Request.Forgery MEDIUM" "mybooktable 3.5.0 Stored.XSS.via.CSRF MEDIUM" "mybooktable 3.3.8 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "mybooktable 3.3.5 API.Key.Update.via.CSRF MEDIUM" "mini-course-generator 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "media-modal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "maanstore-api No.known.fix Authentication.Bypass CRITICAL" "multi-step-form 1.7.24 Missing.Authorization.to.Unauthenticated.Limited.File.Upload MEDIUM" "multi-step-form 1.7.22 Missing.Authorization.via.fw_delete_files MEDIUM" "multi-step-form 1.7.19 Form.Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.17 Admin+.Stored.XSS LOW" "multi-step-form 1.7.13 Form.Update/Deletion.via.CSRF MEDIUM" "multi-step-form 1.7.8 Admin+.Stored.XSS LOW" "multi-step-form 1.2.6 Cross-Site.Scripting.(XSS) MEDIUM" "multi-step-form 1.2.6 Multiple.Unauthenticated.Reflected.XSS MEDIUM" "metrika No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "moceanapi-abandoned-carts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multimanager-wp 1.1.0 Authentication.Bypass.via.User.Impersonation CRITICAL" "media-tags No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "max-addons-pro-bricks 1.6.2 Missing.Authorization MEDIUM" "max-addons-pro-bricks 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "multisafepay 4.16.0 Unauthenticated.Arbitrary.File.Access HIGH" "marekkis-watermark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meet-my-team No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "menubar 5.9 Cross-Site.Request.Forgery MEDIUM" "menubar 5.8 Reflected.Cross-Site.Scripting MEDIUM" "my-reading-library No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "moova-for-woocommerce 3.8 Reflected.Cross-Site.Scripting HIGH" "memberpress-downloads 1.2.6 Subscriber+.Arbitrary.File.Upload CRITICAL" "microkids-related-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "my-chatbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "my-chatbot No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "multifox-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "multifox-plus 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mindbody-access-management 2.0.9 Unauthorised.AJAX.call MEDIUM" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "multi-purpose-mail-form No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "mts-url-shortener No.known.fix Admin+.Stored.XSS LOW" "mts-url-shortener No.known.fix Reflected.XSS HIGH" "more-link-modifier No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "manage-shipyaari-shipping No.known.fix Admin+.Stored.XSS LOW" "mas-static-content 1.0.9 Authenticated.(Contributor+).Private.Static.Content.Page.Disclosure MEDIUM" "moloni 4.8.0 Reflected.Cross-Site.Scripting MEDIUM" "my-loginlogout No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "meta-tags-for-seo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mail-boxes-etc 2.2.1 Information.Exposure MEDIUM" "mail-boxes-etc 2.2.1 Cross-Site.Request.Forgery MEDIUM" "mail-boxes-etc 2.3.0 Reflected.XSS HIGH" "mihdan-yandex-turbo-feed 1.6.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "my-contador-wp 2.1 Missing.Authorization.to.Unauthenticated.User.Registration.CSV.Export MEDIUM" "mousewheel-smooth-scroll 5.7 Plugin's.Setting.Update.via.CSRF MEDIUM" "mappress-google-maps-for-wordpress 2.94.9 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.94.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Map.Block MEDIUM" "mappress-google-maps-for-wordpress 2.93 Admin+.Stored.XSS.via.Map.Settings LOW" "mappress-google-maps-for-wordpress 2.88.17 Contributor+.Stored.XSS.via.Map.Settings MEDIUM" "mappress-google-maps-for-wordpress 2.88.15 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.16 Unauthenticated.Arbitrary.Private/Draft.Post.Disclosure MEDIUM" "mappress-google-maps-for-wordpress 2.88.14 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.88.5 Contributor+.Stored.XSS MEDIUM" "mappress-google-maps-for-wordpress 2.85.5 Contributor+.SQL.Injection MEDIUM" "mappress-google-maps-for-wordpress 2.73.13 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "mappress-google-maps-for-wordpress 2.73.4 Reflected.Cross-Site.scripting MEDIUM" "mappress-google-maps-for-wordpress 2.54.6 Improper.Capability.Checks.in.AJAX.Calls CRITICAL" "mappress-google-maps-for-wordpress 2.53.9 Remote.Code.Execution.(RCE).due.to.Incorrect.Access.Control.in.AJAX.Actions CRITICAL" "mappress-google-maps-for-wordpress 2.53.9 Authenticated.Map.Creation/Deletion.Leading.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "master-addons 2.0.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "master-addons 2.0.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "master-addons 2.0.6.8 Free.Widgets,.Hover.Effects,.Toggle,.Conditions,.Animations.for.Elementor.<.2.0.6.8.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Tooltip.Module MEDIUM" "master-addons No.known.fix Author+.Stored.XSS MEDIUM" "master-addons 2.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.data-jltma-wrapper-link.Element MEDIUM" "master-addons 2.0.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.MA.Template.Creation.or.Modification MEDIUM" "master-addons 2.0.6.2 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting.via.Navigation.Menu.Widget HIGH" "master-addons 2.0.5.6 Missing.Authorization.via.get_jltma_save_menuitem_settings() MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.5.6 Missing.Authorization.on.Duplicate.Post MEDIUM" "master-addons 2.0.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "master-addons 2.0.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-addons 2.0.4 Contributor+.Stored.XSS MEDIUM" "master-addons 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "master-addons 1.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "master-addons 1.8.2 Reflected.Cross-Site.Scripting MEDIUM" "meinturnierplande-widget-viewer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mapfig-premium-leaflet-map-maker No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "mortgage-loan-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mortgage-loan-calculator 1.5.17 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "manage-user-columns 1.0.6 Cross-Site.Request.Forgery MEDIUM" "mp3-music-player-by-sonaar 5.9.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Podcast.RSS.Feed MEDIUM" "mp3-music-player-by-sonaar 5.9 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.7.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "mp3-music-player-by-sonaar 5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sonaar_audioplayer.Shortcode MEDIUM" "mp3-music-player-by-sonaar 5.0 Unauthenticated.Arbitrary.File.Download MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mp3-music-player-by-sonaar 5.1.1 Missing.Authorization MEDIUM" "mp3-music-player-by-sonaar 4.10.1 Missing.Authorization.to.Template.Import MEDIUM" "mp3-music-player-by-sonaar 2.4.2 Multiple.Admin+.Cross.Site.Scripting LOW" "moving-users 1.10 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "metform 3.3.0 Unauthenticated.Double-Extension.Arbitrary.File.Upload HIGH" "metform 3.8.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "metform 3.8.4 Missing.Authorization.to.Notice.Dismissal MEDIUM" "metform 3.8.6 Contributor+.Stored.XSS MEDIUM" "metform 3.8.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "metform 3.8.2 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.2 Authenticated.(Subscriber+).Information.Disclosure.via.'mf_first_name'.shortcode MEDIUM" "metform 3.3.3 Cross-Site.Request.Forgery MEDIUM" "metform 3.3.1 Multiple.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "metform 3.3.1 Unauthenticated.CSV.Injection HIGH" "metform 3.3.2 Multiple.Subscriber+.Sensitive.Information.Disclosure.Issues MEDIUM" "metform 3.3.2 Unauthenticated.Permalink.Structure.Update MEDIUM" "metform 3.2.2 reCaptcha.Bypass MEDIUM" "metform 3.2.0 Unauthenticated.Stored.XSS HIGH" "metform 2.1.4 Unauthenticated.API.keys.and.Secrets.Disclosure HIGH" "magayo-lottery-results No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mapsvg-lite-interactive-vector-maps 3.3.0 Cross-Site.Request.Forgery.(CSRF) HIGH" "magic-fields 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mm-breaking-news No.known.fix Stored.XSS.via.CSRF HIGH" "mm-breaking-news No.known.fix Reflected.XSS MEDIUM" "members 3.2.11 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "moreads-se 1.4.7 XSS MEDIUM" "mainwp-piwik-extension 4.0.5 CSRF MEDIUM" "monetag-official No.known.fix Missing.Authorization MEDIUM" "mage-eventpress 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 4.2.2 Authenticated.(Contributor+).Local.File.Inclusion CRITICAL" "mage-eventpress 4.1.2 Authenticated.(Contributor+).PHP.Object.Injection.in.mep_event_meta_save HIGH" "mage-eventpress 3.9.6 Editor+.Stored.Cross-Site.Scripting MEDIUM" "mage-eventpress 3.8.7 Admin+.Stored.XSS LOW" "mage-eventpress 3.7.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "mage-eventpress 3.8.0 Contributor+.Stored.XSS MEDIUM" "mage-eventpress 3.5.8 Contributor+.SQL.Injection HIGH" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Elementor.Template.Import MEDIUM" "mage-eventpress 3.5.3 Unauthenticated.Arbitrary.Options.Reset HIGH" "modern-events-calendar 7.13.0 Subscriber+.Server.Side.Request.Forgery HIGH" "modern-events-calendar 7.12.0 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "mitm-bug-tracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "modify-comment-fields 1.04 Reflected.Cross-Site.Scripting MEDIUM" "manual-image-crop 1.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "multilanguage 1.2.3 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "maintenance-switch No.known.fix Theme.Files.Creation/Deletion.via.CSRF MEDIUM" "maintenance-switch No.known.fix Reflected.XSS HIGH" "meetup No.known.fix Authentication.Bypass CRITICAL" "media-hygiene 3.0.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Attachment.Deletion MEDIUM" "masterstudy-lms-learning-management-system 3.3.24 Privilege.Escalation.to.Instructor MEDIUM" "masterstudy-lms-learning-management-system 3.2.13 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.2.2 Cross-Site.Request.Forgery MEDIUM" "masterstudy-lms-learning-management-system 3.3.9 Missing.Authorization MEDIUM" "masterstudy-lms-learning-management-system 3.3.4 Unauthenticated.Local.File.Inclusion.via.template CRITICAL" "masterstudy-lms-learning-management-system 3.3.1 Unauthenticated.Local.File.Inclusion.via.modal CRITICAL" "masterstudy-lms-learning-management-system 3.3.2 Unauthenticated.Privilege.Escalation HIGH" "masterstudy-lms-learning-management-system 3.3.0 Missing.Authorization.to.Sensitive.Information.Exposure.in.search_posts MEDIUM" "masterstudy-lms-learning-management-system 3.2.11 Basic.Information.Exposure.via.REST.route MEDIUM" "masterstudy-lms-learning-management-system 3.2.6 Unauthenticated.SQL.Injection CRITICAL" "masterstudy-lms-learning-management-system 3.0.18 Unauthenticated.Instructor.Account.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Contributor+.Stored.XSS MEDIUM" "masterstudy-lms-learning-management-system 3.0.9 Subscriber+.Course.Category.Creation MEDIUM" "masterstudy-lms-learning-management-system 2.7.6 Unauthenticated.Admin.Account.Creation CRITICAL" "mediamatic No.known.fix Cross-Site.Request.Forgery MEDIUM" "mediamatic 2.8.1 Subscriber+.SQL.Injection HIGH" "miguras-divi-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miguras-divi-enhancer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "monetize No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "mycryptocheckout 2.126 CSRF MEDIUM" "mycryptocheckout 2.124 Reflected.XSS HIGH" "modal-dialog 3.5.15 Reflected.XSS HIGH" "modal-dialog 3.5.10 Admin+.Stored.XSS LOW" "menus-plus No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "mwp-countdown No.known.fix Admin+.SQLi MEDIUM" "my-instagram-feed 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "my-instagram-feed 3.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "media-library-plus 8.3.1 Missing.Authorization.to.Plugin.Settings.Change MEDIUM" "media-library-plus 8.2.4 Missing.Authorization.on.Various.Functions MEDIUM" "media-library-plus 8.2.3 Authenticated.(Subscriber+).Second-Order.SQL.Injection CRITICAL" "media-library-plus 8.2.1 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "media-library-plus 8.1.9 Authenticated.(Author+).Directory.Traversal MEDIUM" "media-library-plus 8.1.8 Authenticated.(Author+).SQL.Injection CRITICAL" "media-library-plus 7.1.2 Plugin.Reset.via.CSRF MEDIUM" "my-calendar 3.4.24 Authenticated.Stored.XSS MEDIUM" "my-calendar 3.4.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "my-calendar 3.4.22 Unauthenticated.SQL.Injection CRITICAL" "my-calendar 3.4.4 Cross-Site.Request.Forgery MEDIUM" "my-calendar 3.3.25 Event/Location.Deletion.via.CSRF MEDIUM" "my-calendar 3.2.18 Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "my-calendar 3.1.10 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "memberlite-shortcodes 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.memberlite_accordion.Shortcode MEDIUM" "memberlite-shortcodes 1.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "mfolio-lite 1.2.2 Missing.Authorization.to.Authenticated.(Author+).File.Upload.via.EXE.and.SVG.Files CRITICAL" "multiparcels-shipping-for-woocommerce 1.16.9 Cross-Site.Request.Forgery MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.2 Arbitrary.Shipment.Deletion.via.CSRF MEDIUM" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.15.4 Reflected.XSS HIGH" "multiparcels-shipping-for-woocommerce 1.14.15 Subscriber+.SQLi HIGH" "multiparcels-shipping-for-woocommerce 1.14.14 Subscriber+.Arbitrary.Shipment.Deletion MEDIUM" "mg-parallax-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mdr-webmaster-tools No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "my-account-page-editor 1.3.2 Subscriber+.Arbitrary.File.Upload CRITICAL" "mshop-naver-talktalk 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mshop-naver-talktalk 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.add_plus_friends.and.add_plus_talk.Shortcodes MEDIUM" "material-design-for-contact-form-7 No.known.fix Subscriber+.Arbitrary.Settings.Update.leading.to.DoS MEDIUM" "material-design-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Limited.Settings.Update MEDIUM" "mimo-woocommerce-order-tracking No.known.fix Missing.Authorization.to.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "membership-for-woocommerce 2.1.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "meks-flexible-shortcodes 1.3.5 Contributor+.Stored.XSS MEDIUM" "mobile-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-blocks 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "membership-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "make-paths-relative No.known.fix Settings.Update.via.CSRF MEDIUM" "munk-sites No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "mobile-address-bar-changer No.known.fix Settings.Update.via.CSRF MEDIUM" "magical-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.2.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "magical-addons-for-elementor 1.2.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "magical-addons-for-elementor 1.1.42 Contributor+.Stored.XSS MEDIUM" "magical-addons-for-elementor 1.1.40 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magical-addons-for-elementor 1.1.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Effect.Widget MEDIUM" "mediaburst-email-to-sms No.known.fix Authenticated(Administrator+).SQL.Injection MEDIUM" "mediaburst-email-to-sms 3.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "music-press-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "music-store 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "music-store 1.1.14 WordPress.eCommerce.<.1.1.14.-.Authenticated.(Admin+).SQL.Injection CRITICAL" "music-store 1.0.43 Cross-Site.Scripting.(XSS) MEDIUM" "magic-post-voice No.known.fix Reflected.Cross-Site.Scripting HIGH" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "marketplace-items No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'marketplace'.Shortcode MEDIUM" "mt-addons-for-elementor 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meta-accelerator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "member-database No.known.fix Reflected.XSS HIGH" "media-category-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multisite-post-duplicator 1.1.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "myweather No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "masterstudy-elementor-widgets 1.2.3 Missing.Authorization MEDIUM" "media-list 1.4.0 Contributor+.Stored.XSS MEDIUM" "media-list 1.4.1 Contributor+.Stored.XSS MEDIUM" "matomo 5.1.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "matomo 5.0.1 Reflected.Cross-Site.Scripting.via.idsite MEDIUM" "mycbgenie-clickbank-storefront No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "media-downloader 0.4.7.6 Reflected.Cross-Site.Scripting MEDIUM" "media-downloader 0.4.7.5 Reflected.Cross-Site.Scripting MEDIUM" "magic-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mojito-shipping 1.3.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mobile-kiosk No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "manager-for-icomoon 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "manager-for-icomoon 2.2 Contributor+.Stored.XSS MEDIUM" "mapping-multiple-urls-redirect-same-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "miniorange-saml-20-single-sign-on 5.0.5 Missing.Authorization.to.notice.dismissal MEDIUM" "miniorange-saml-20-single-sign-on 12.1.0 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 16.0.8 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 20.0.7 Open.Redirect.in.SSO.login MEDIUM" "miniorange-saml-20-single-sign-on 4.8.84 Cross-Site.Scripting.(XSS).via.Crafted.SAML.XML.Response MEDIUM" "miniorange-saml-20-single-sign-on 4.8.73 Cross-Site.Scripting.(XSS) MEDIUM" "ms-reviews No.known.fix Subscriber+.Stored.XSS HIGH" "miniorange-login-openid No.known.fix Authentication.Bypass HIGH" "miniorange-login-openid 7.6.7 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "miniorange-login-openid 7.6.5 Authentication.Bypass CRITICAL" "miniorange-login-openid 7.6.0 Admin+.Stored.XSS LOW" "miniorange-login-openid 7.5.15 Multiple.CSRF MEDIUM" "miniorange-login-openid 7.6.1 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "marketing-optimizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mwp-herd-effect 6.2.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "mwp-herd-effect 5.2.7 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.4 Effect.Deletion.via.CSRF MEDIUM" "mwp-herd-effect 5.2.3 Admin+.Stored.XSS LOW" "mwp-herd-effect 5.2.2 Reflected.XSS MEDIUM" "mwp-herd-effect 5.2.1 Admin+.LFI MEDIUM" "map-store-location No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modern-footnotes 1.4.17 Contributor+.Stored.XSS MEDIUM" "modern-footnotes 1.4.16 Admin+.Stored.XSS LOW" "marketking-multivendor-marketplace-for-woocommerce 2.0.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "marketking-multivendor-marketplace-for-woocommerce 2.0.25 Missing.Authorization MEDIUM" "metorik-helper 1.7.2 Cross-Site.Request.Forgery MEDIUM" "multiple-post-passwords 1.1.2 Admin+.Stored.XSS LOW" "manycontacts-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "motopress-hotel-booking-lite 4.11.2 Unauthenticated.PHP.Object.Injection CRITICAL" "motopress-hotel-booking-lite 4.8.5 Unauthenticated.Arbitrary.File.Download.&.Deletion CRITICAL" "motopress-hotel-booking-lite 4.7.0 Settings.Update.via.CSRF MEDIUM" "media-usage No.known.fix Reflected.Cross-Site.Scripting HIGH" "miniorange-oauth-20-server 4.0.1 Authentication.Bypass CRITICAL" "media-file-organizer No.known.fix Directory.Traversal MEDIUM" "most-and-least-read-posts-widget 2.5.19 Cross-Site.Request.Forgery.via.most_and_least_read_posts_options MEDIUM" "most-and-least-read-posts-widget 2.5.17 Authenticated(Contributor+).SQL.Injection.via.Widget.settings HIGH" "mabel-shoppable-images-lite 1.2.4 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "marquee-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "master-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "maxgalleria 6.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.maxgallery_thumb.Shortcode MEDIUM" "maxgalleria 6.4.3 Missing.Authorization MEDIUM" "maxgalleria 6.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "mmt-eventon-exim-lite 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "message-ticker 9.3 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "mailchimp-subscribe-sm 4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mailchimp-subscribe-sm 4.0.9.8 Editor+.Stored.XSS LOW" "mailchimp-subscribe-sm 4.0.9.2 Admin+.Stored.XSS LOW" "myticket-events No.known.fix Unauthenticated.Limited.File.Read MEDIUM" "myshopkit-popup-smartbar-slidein No.known.fix .Unauthenticated.Sensitive.Information.Exposure MEDIUM" "meks-easy-instagram-widget 1.2.4 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "mystickyelements 2.1.4 Unauthenticated.Unauthorised.Action MEDIUM" "mystickyelements 2.1.2 Admin+.Stored.Cross-Site.Scripting LOW" "mystickyelements 2.0.9 Admin+.SQLi MEDIUM" "mystickyelements 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "my-geo-posts-free No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "molie-instructure-canvas-linking-tool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "molie-instructure-canvas-linking-tool No.known.fix Authenticated.SQL.Injection HIGH" "masjidal 1.8.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mihdan-no-external-links 5.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "mautic-integration-for-woocommerce 1.0.3 Arbitrary.Options.Update.via.CSRF HIGH" "mark-posts 2.2.5 Missing.Authorization MEDIUM" "mark-posts 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "mastercurrency-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Currency.Converter.Form.Shortcode MEDIUM" "mailup-auto-subscribtion 1.2.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "mailchimp-for-wp 4.9.17 Authenticated.(Administrator+).Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.9.17 4.9.16.-.Reflected.Cross-Site.Scripting HIGH" "mailchimp-for-wp 4.9.10 Unauthenticated.Unpublished.Form.Preview MEDIUM" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.7 Admin+.Stored.Cross-Site.Scripting LOW" "mailchimp-for-wp 4.8.5 Unauthorised.Actions.via.CSRF MEDIUM" "mailchimp-for-wp 4.8.5 Authenticated.Arbitrary.Redirect MEDIUM" "mailchimp-for-wp 4.1.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "mailchimp-for-wp 4.1.8 XSS MEDIUM" "marketing-performance No.known.fix Reflected.XSS HIGH" "metricool 1.18 Admin+.Stored.XSS LOW" "mobile-app-editor 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "mobile-app-editor 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mailchimp-wp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "mailchimp-wp 2.5.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting.via.Form.Color.Parameters MEDIUM" "mailchimp-wp 2.5.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "myanime-widget No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation CRITICAL" "meow-gallery 5.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "meow-gallery 4.1.9 Contributor+.SQL.Injection HIGH" "meow-gallery 4.2.0 Unauthorised.Arbitrary.Options.Update.via.REST.API HIGH" "mobile-browser-color-select No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "minimum-purchase-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "mediavine-create 1.9.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mediavine-create 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Schema.Meta.Shortcode MEDIUM" "mediavine-create 1.9.5 Unauthenticated.SQLi HIGH" "map-block-gutenberg 1.32 Unauthorised.Google.API.Key.change MEDIUM" "mollie-payments-for-woocommerce 7.8.0 .Unauthenticated.Full.Path.Disclosure MEDIUM" "mollie-payments-for-woocommerce 7.3.12 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "mystickymenu 2.7.3 Admin+.Stored.XSS LOW" "mystickymenu 2.7.2 Admin+.Stored.XSS LOW" "mystickymenu 2.6.8 Admin+.Stored.XSS LOW" "mystickymenu 2.6.7 CSV.Export.via.CSRF.to.Sensitive.Information.Disclosure LOW" "mystickymenu 2.6.5 Subscriber+.Arbitrary.Form.Leads.Deletion MEDIUM" "mystickymenu 2.5.2 Authenticated.Stored.XSS MEDIUM" "mobilize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "membersonic-lite 1.302 Authentication.Bypass CRITICAL" "moolamojo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mailcwp 1.110 Unauthenticated.Arbitrary.File.Upload CRITICAL" "mshop-npay 3.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mnp_purchase.Shortcode MEDIUM" "member-access No.known.fix Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "mobile-pages No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mobile-pages 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.9.0 Missing.Authorization.via.checkout_map_rules_order_ajax_handler MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.8.5 Reflected.Cross-Site.Scripting MEDIUM" "map-location-picker-at-checkout-for-woocommerce 1.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "motopress-slider-lite No.known.fix Subscriber+.Stored.Cross-Site.Scripting CRITICAL" "motopress-slider-lite No.known.fix Reflected.Cross-Site.Scripting HIGH" "mapme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mind-doodle-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "martins-link-network 1.2.30 Reflected.XSS HIGH" "my-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "minimal-coming-soon-maintenance-mode 2.39 Missing.Authorization.to.Limited.Settings.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.38 Unauthenticated.Maintenance.Mode.Bypass LOW" "minimal-coming-soon-maintenance-mode 2.35 Multiple.Authenticated.Stored.XSS LOW" "minimal-coming-soon-maintenance-mode 2.15 CSRF.to.Stored.XSS.and.Setting.Changes HIGH" "minimal-coming-soon-maintenance-mode 2.17 Insecure.permissions:.Export.Settings/Theme.Change MEDIUM" "minimal-coming-soon-maintenance-mode 2.15 Insecure.Permissions:.Enable.and.Disable.Maintenance.Mode HIGH" "miniorange-otp-verification 4.2.2 Missing.Authorization.via.dismiss_notice MEDIUM" "minterpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion HIGH" "minterpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "makewebbetter-hubspot-for-woocommerce 1.6.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Options.Update HIGH" "manage-gravity-forms-stripe-subscriptions 4.1.6 Reflected.Cross-Site.Scripting MEDIUM" "manage-gravity-forms-stripe-subscriptions 4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "marker-io 1.1.9 Cross-Site.Request.Forgery MEDIUM" "marker-io 1.1.7 Cross-Site.Request.Forgery MEDIUM" "media-alt-renamer No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via._wp_attachment_image_alt.postmeta MEDIUM" "magazine-blocks 1.3.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "magazine-blocks 1.3.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "multilist-subscribe-for-sendy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Options.Update HIGH" "multilist-subscribe-for-sendy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "multilist-subscribe-for-sendy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "menu-icons 0.13.14 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "m-chart 1.10 Contributor+.Stored.XSS MEDIUM" "moose-elementor-kit 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "moose-elementor-kit 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "mas-wp-job-manager-company 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 5.2.10 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 5.2.8 Admin+.Stored.XSS LOW" "magic-post-thumbnail 4.1.13 Reflected.Cross-Site.Scripting MEDIUM" "magic-post-thumbnail 4.1.11 Reflected.XSS HIGH" "magic-post-thumbnail 3.3.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "magic-post-thumbnail 3.3.7 Reflected.Cross-Site.Scripting.(XSS) HIGH" "mailpoet 5.5.2 Admin+.Stored.XSS LOW" "mailpoet 5.3.2 Admin+.Stored.XSS LOW" "mailpoet 3.23.2 Reflected.Cross-Site.Scripting.Issue HIGH" "media-library-assistant 3.24 Reflected.Cross-Site.Scripting.via.smc_settings_tab,.unattachfixit-action,.and.woofixit-action.Parameters MEDIUM" "media-library-assistant 3.20 Authenticated.(Administrator+).Remote.Code.Execution HIGH" "media-library-assistant 3.19 Authenticated.(Author+).Arbitrary.File.Upload.via.mla-inline-edit-upload-scripts.AJAX.Action HIGH" "media-library-assistant 3.18 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.17 Authenticated.(Contributor+).SQL.Injection.via.order.Parameter HIGH" "media-library-assistant 3.16 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "media-library-assistant 3.16 Reflected.Cross-Site.Scripting HIGH" "media-library-assistant 3.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.mla_gallery.Shortcode MEDIUM" "media-library-assistant 3.14 Authenticated.(Contributor+).SQL.Injection.via.Shortcode MEDIUM" "media-library-assistant 3.12 Author+.Stored.XSS MEDIUM" "media-library-assistant 3.11 Contributor+.Stored.XSS MEDIUM" "media-library-assistant 3.10 Unauthenticated.Local/Remote.File.Inclusion.&.Remote.Code.Execution HIGH" "media-library-assistant 3.08 Reflected.Cross-Site.Scripting MEDIUM" "media-library-assistant 3.06 Admin+.SQLi MEDIUM" "media-library-assistant 3.01 Unauthenticated.Error.Log.Access LOW" "media-library-assistant 2.90 Authenticated.Blind.SQL.Injection MEDIUM" "media-library-assistant 2.82 Authenticated.RCE CRITICAL" "media-library-assistant 2.82 Unauthenticated.Limited.Local.File.Inclusion HIGH" "media-library-assistant 2.82 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "media-library-assistant 2.7.4 Cross-Site.Scripting.(XSS) MEDIUM" "mipl-wc-multisite-sync 1.1.6 Unauthenticated.Arbitrary.File.Download HIGH" "md-custom-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nicebackgrounds No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "newspack-ads 1.47.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsletter-by-supsystic No.known.fix Authenticated.SQL.Injection CRITICAL" "newsletter-by-supsystic 1.1.8 Authenticated.Stored.XSS.&.CSRF HIGH" "nps-computy 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "nps-computy 2.7.6 Admin+.Stored.XSS LOW" "nps-computy 2.7.6 Results.Deletion.via.CSRF MEDIUM" "noted-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "noted-pro No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newsletter-page-redirects No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "network-summary No.known.fix Unauthenticated.SQL.Injection CRITICAL" "nd-travel No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-travel 1.7 Unauthenticated.Options.Change MEDIUM" "new-photo-gallery 1.4.3 Contributor+.PHP.Object.Injection.via.Shortcode MEDIUM" "new-order-notification-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "news-ticker-for-elementor No.known.fix Missing.Authorization MEDIUM" "no-future-posts No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "narnoo-distributor No.known.fix Unauthenticated.LFI.to.Arbitrary.File.Read./.RCE HIGH" "narnoo-commerce-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.Excel.Reports MEDIUM" "nex-forms 7.8.8 Authentication.Bypass.for.PDF.Reports MEDIUM" "nd-donations No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-donations No.known.fix Unauthenticated.SQLi HIGH" "nd-donations 1.4 Unauthenticated.Options.Change MEDIUM" "new-adman No.known.fix Admin+.Stored.XSS LOW" "new-adman No.known.fix Settings.Update.via.CSRF MEDIUM" "new-user-approve 2.6.4 Missing.Authorization MEDIUM" "new-user-approve 2.5.2 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "new-user-approve 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.4 Arbitrary.Settings.Update.&.Invitation.Code.Creation.via.CSRF MEDIUM" "new-user-approve 2.4.1 Reflected.Cross-Site.Scripting MEDIUM" "new-user-approve 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "noveldesign-store-directory No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "netgsm 2.9.33 Missing.Authorization MEDIUM" "netgsm 2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "ns-woocommerce-watermark No.known.fix Abuse.of.Functionality MEDIUM" "nicejob 3.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.7.2 Contributor+.Stored.XSS MEDIUM" "nicejob 3.6.5 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nicejob 3.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nofollow No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "notice-board No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nitek-carousel-cool-transitions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nitek-carousel-cool-transitions No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nitek-carousel-cool-transitions No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "newspack-content-converter 1.0.0 Missing.Authorization MEDIUM" "ninja-gdpr-compliance 2.7.2 Missing.Authorization MEDIUM" "ninja-gdpr-compliance 2.7.1 Missing.Authorization.to.Settings.Update.and.Stored.Cross-Site.Scripting MEDIUM" "ninja-gdpr-compliance 2.4 Unauthenticated.PHP.Object.Injection HIGH" "notifyvisitors-lead-form No.known.fix Admin+.Stored.XSS LOW" "ntzantispam No.known.fix Settings.Update.via.CSRF HIGH" "ninja-job-board 1.3.3 Resume.Disclosure.via.Directory.Listing MEDIUM" "ninjafirewall 4.3.4 Authenticated.(admin+).PHAR.Deserialization LOW" "neshan-maps No.known.fix Admin+.SQLi MEDIUM" "nacc-wordpress-plugin 4.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-learning 5.0 Admin+.Stored.Cross-Site.Scripting LOW" "nd-learning 4.8 Unauthenticated.Options.Change MEDIUM" "netforum-directory-with-importer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "netforum-directory-with-importer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newsletter 8.3.5 Unauthenticated.Stored.Cross-Site.Scripting.via.np1 MEDIUM" "newsletter 8.2.1 IP.Spoofing MEDIUM" "newsletter 7.9.0 Contributor+.Stored.XSS MEDIUM" "newsletter 7.6.9 Reflected.XSS HIGH" "newsletter 7.4.6 Admin+.Stored.Cross-Site.Scripting LOW" "newsletter 7.4.5 Reflected.Cross-Site.Scripting LOW" "newsletter 6.8.2 Authenticated.PHP.Object.Injection MEDIUM" "newsletter 6.8.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 6.7.7 Authenticated.Stored.Cross-Site.Scripting LOW" "newsletter 6.5.4 CSV.Injection LOW" "newsletter 3.8.3 Open.Redirect LOW" "newsletter 3.2.7 Cross-Site.Scripting.(XSS) MEDIUM" "newsletter 3.0.9 SQL.Injection MEDIUM" "nv-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nv-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nias-course No.known.fix Contributor+.Stored.XSS MEDIUM" "nmr-strava-activities 1.0.8 Contributor+.Stored.XSS MEDIUM" "nimble-builder 3.2.2 Reflected.Cross-Site.Scripting MEDIUM" "nd-booking 3.3 Contributor+.Stored.XSS MEDIUM" "nd-booking 2.5 Unauthenticated.Options.Change MEDIUM" "nextend-social-login-pro 3.1.17 Authentication.Bypass.via.Apple.OAuth.provider CRITICAL" "nextend-social-login-pro 3.1.15 Authentication.Bypass CRITICAL" "network-favorites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "navayan-csv-export No.known.fix Unauthenticated.SQL.Injection CRITICAL" "nextgen-gallery-geo 2.0.3 Unauthenticated.PHP.Object.Injection MEDIUM" "nextgen-cooliris-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.59.9 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.5 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "nextgen-gallery 3.59.5 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.59.3 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Admin+.Stored.XSS LOW" "nextgen-gallery 3.59.1 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "nextgen-gallery 3.39 Admin+.PHAR.Deserialization HIGH" "nextgen-gallery 3.39 Admin+.Local.File.Inclusion MEDIUM" "nextgen-gallery 3.39 Admin+.Arbitrary.File.Read.and.Delete MEDIUM" "nextgen-gallery 3.3.10 Reflected.Cross-Site.Scripting MEDIUM" "nextgen-gallery 3.29 Thumbnail.Deletion.via.CSRF MEDIUM" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload,.Stored.XSS,.and.RCE CRITICAL" "nextgen-gallery 3.5.0 CSRF.allows.File.Upload HIGH" "nextgen-gallery 3.2.11 SQL.Injection CRITICAL" "nextgen-gallery 3.1.7 Subscriber+.Arbitrary.Option.Update CRITICAL" "nextgen-gallery 3.1.6 Authenticated.PHP.Object.Injection HIGH" "nextgen-gallery 2.2.50 Galley.Paths.Not.Secured HIGH" "nextgen-gallery 2.2.45 Cross-Site.Scripting.(XSS) MEDIUM" "nextgen-gallery 2.1.79 Unauthenticated.SQL.Injection HIGH" "nextgen-gallery 2.1.57 Authenticated.Local.File.Inclusion.(LFI).&.SQLi CRITICAL" "nextgen-gallery 2.1.15 Unrestricted.File.Upload HIGH" "nextgen-gallery 2.1.10 Multiple.XSS MEDIUM" "nextgen-gallery 2.1.15 Path.Traversal MEDIUM" "nextgen-gallery 2.1.9 Authenticated.Path.Traversal MEDIUM" "nextgen-gallery 2.0.77.3 CSRF.&.Arbitrary.File.Upload HIGH" "nextgen-gallery 2.0.0 Full.Path.Disclosure HIGH" "nextgen-gallery 2.0.0 gallerypath.Parameter.Stored.XSS CRITICAL" "no-update-nag No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "ngg-smart-image-search 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "n5-uploadform No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "nativery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "norse-runes-oracle 1.4.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "news-list No.known.fix Reflected.XSS HIGH" "nudgify 1.3.4 Cross-Site.Request.Forgery.via.sync_orders_manually() MEDIUM" "newsletter-api 2.4.6 API.v1.and.v2.addon.for.Newsletter.<.2.4.6.-.Missing.Authorization.to.Email.Subscribers.Management MEDIUM" "nmedia-user-file-uploader 22.8 Sensitive.Information.Exposure.via.user.uploads MEDIUM" "nmedia-user-file-uploader 22.7 Editor+.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 21.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.4 File.Upload.via.CSRF MEDIUM" "nmedia-user-file-uploader 21.3 Unauthenticated.File.Renaming CRITICAL" "nmedia-user-file-uploader 21.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 18.3 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "nmedia-user-file-uploader 18.3 Unauthenticated.HTML.Injection MEDIUM" "nmedia-user-file-uploader 18.3 Privilege.Escalation MEDIUM" "nmedia-user-file-uploader 18.3 Authenticated.Arbitrary.Settings.Change.to.Arbitrary.File.Upload CRITICAL" "nmedia-user-file-uploader 18.3 Unauthenticated.Post.Meta.Change.to.Arbitrary.File.Download HIGH" "nmedia-user-file-uploader 18.3 Unauthenticated.Content.Injection.and.Stored.XSS HIGH" "newsticker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-elements 2.2 Authenticated.(Contributor+).Local.File.Inclusion.via.Multiple.Widget.Attributes HIGH" "ni-woocommerce-cost-of-goods No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "nix-anti-spam-light No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "neon-text 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "no-external-links No.known.fix Admin+.Stored.XSS LOW" "nifty-coming-soon-and-under-construction-page 1.58 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "noo-timetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "noo-timetable No.known.fix Cross-Site.Request.Forgery MEDIUM" "newsplugin 1.1.0 CSRF.to.Stored.Cross-Site.Scripting HIGH" "newsletters-lite 4.9.9.7 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.newsletters_video.Shortcode MEDIUM" "newsletters-lite 4.9.9.2 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.3 Authenticated.Privilege.Escalation HIGH" "newsletters-lite 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.9.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "newsletters-lite 4.9.8 Cross-Site.Request.Forgery MEDIUM" "newsletters-lite 4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "newsletters-lite 4.9.6 Information.Exposure.via.Log.files MEDIUM" "newsletters-lite 4.9.6 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "newsletters-lite 4.9.3 Admin+.Command.Injection MEDIUM" "newsletters-lite 4.6.19 Multiple.Issues HIGH" "newsletters-lite 4.6.8.6 PHP.Object.Injection CRITICAL" "nooz 1.7.0 Admin+.Stored.XSS LOW" "nextend-twitter-connect 1.5.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "nextend-smart-slider3-pro 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "new-album-gallery 1.6.4 Authenticated.(Editor+).PHP.Object.Injection.via.Gallery.Meta HIGH" "new-album-gallery 1.5.8 Missing.Authorization MEDIUM" "new-album-gallery 1.5.0 Cross-Site.Request.Forgery MEDIUM" "new-year-firework No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "nitropack 1.17.6 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Transient.Update MEDIUM" "nitropack 1.17.6 Subscriber+.Limited.Options.Update HIGH" "nitropack 1.16.8 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "nitropack 1.10.3 Multiple.CSRF MEDIUM" "nitropack 1.10.0 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "nofollow-jquery-links 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "nofollow-jquery-links 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ninja-beaver-lite-addons-for-beaver-builder No.known.fix .Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widgets MEDIUM" "netreviews 2.3.15 Admin+.Stored.XSS LOW" "notificationx 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.9.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "notificationx 2.8.3 Unauthenticated.SQL.Injection CRITICAL" "notificationx 2.3.12 Unauthenticated.SQLi HIGH" "notificationx 2.3.9 Unauthenticated.Blind.SQL.Injection HIGH" "notificationx 1.8.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "notificationx 1.8.3 Cross-Site.Request.Forgery MEDIUM" "nextgen-gallery-pro 3.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "nurelm-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ni-woocommerce-sales-report 3.7.4 Subscriber+.Sale.&.Order.Reports.Access MEDIUM" "newsletter-bulk-email No.known.fix Contributor+.Stored.XSS MEDIUM" "ninja-forms 3.8.25 Contributor+.Stored.XSS MEDIUM" "ninja-forms 3.8.23 Subscriber+.Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.20 Unauthenticated.Stored.XSS.via.Form.Calculations HIGH" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.18 Admin+.Stored.XSS LOW" "ninja-forms 3.8.16 Reflected.Self-Based.Cross-Site.Scripting.via.Referer MEDIUM" "ninja-forms 3.8.12 Administrator+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.11 Reflected.XSS HIGH" "ninja-forms 3.8.7 Cross-Site.Request.Forgery MEDIUM" "ninja-forms 3.8.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "ninja-forms 3.8.1 Admin+.Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.8.1 Author+.Stored.XSS LOW" "ninja-forms 3.8.1 Publicly.Accessible.Form.Submission.Export.via.CSRF MEDIUM" "ninja-forms 3.7.2 Unauthenticated.Second.Order.SQL.Injection MEDIUM" "ninja-forms 3.6.34 Admin+.Stored.XSS NONE" "ninja-forms 3.6.26 Admin+.Stored.HTML.Injection NONE" "ninja-forms 3.6.26 Subscriber+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.26 Reflected.Cross-Site.Scripting HIGH" "ninja-forms 3.6.26 Contributor+.Form.Entries.Export MEDIUM" "ninja-forms 3.6.25 Admin+.Arbitrary.File.Deletion LOW" "ninja-forms 3.6.22 Reflected.XSS HIGH" "ninja-forms 3.6.13 Admin+.PHP.Objection.Injection MEDIUM" "ninja-forms 3.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.6.10 Admin+.Stored.Cross-Site.Scripting.via.Import LOW" "ninja-forms 3.6.8-wp Unauthenticated.Email.Address.Disclosure MEDIUM" "ninja-forms 3.6.4 Admin+.SQL.Injection MEDIUM" "ninja-forms 3.5.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "ninja-forms 3.5.8 Unprotected.REST-API.to.Sensitive.Information.Disclosure MEDIUM" "ninja-forms 3.5.8 Unprotected.REST-API.to.Email.Injection MEDIUM" "ninja-forms 3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.34.1 Authenticated.OAuth.Connection.Key.Disclosure HIGH" "ninja-forms 3.4.34 CSRF.to.OAuth.Service.Disconnection MEDIUM" "ninja-forms 3.4.34 Authenticated.SendWP.Plugin.Installation.and.Client.Secret.Key.Disclosure CRITICAL" "ninja-forms 3.4.34 Administrator.Open.Redirect MEDIUM" "ninja-forms 3.4.27.1 CSRF.leading.to.Arbitrary.Plugin.Installation HIGH" "ninja-forms 3.4.27.1 Validation.Bypass.via.Email.Field MEDIUM" "ninja-forms 3.4.28 Stored.Cross-Site.Scripting MEDIUM" "ninja-forms 3.4.24.2 CSRF.to.Stored.XSS HIGH" "ninja-forms 3.4.23 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ninja-forms 3.3.21.3 XSS.and.SQLi CRITICAL" "ninja-forms 3.3.21.2 SQL.Injection MEDIUM" "ninja-forms 3.3.19.1 Authenticated.Open.Redirect MEDIUM" "ninja-forms 3.3.18 Unauthenticated.Cross-Site.Scripting.(XSS) HIGH" "ninja-forms 3.3.14 Cross-Site.Scripting.(XSS).in.Import.Function CRITICAL" "ninja-forms 3.3.14 CSV.Injection HIGH" "ninja-forms 3.3.9 Insufficient.Restrictions.during.Export.Personal.Data.requests MEDIUM" "ninja-forms 3.2.15 Parameter.Tampering MEDIUM" "ninja-forms 3.2.14 Cross-Site.Scripting.(XSS) CRITICAL" "nelio-ab-testing 4.6.4 CSRF HIGH" "nelio-ab-testing 4.5.11 SSRF CRITICAL" "nelio-ab-testing 4.5.9 Server.Side.Request.Forgery.(SSRF) CRITICAL" "nelio-ab-testing 4.5.0 Path.Traversal MEDIUM" "ninjalibs-ses No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ni-woocommerce-product-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.8.2 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "nex-forms-express-wp-form-builder 8.7.16 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.9 Authenticated.(Administrator+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.7.4 Reflected.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_starred() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.restore_records() MEDIUM" "nex-forms-express-wp-form-builder 8.5.7 Missing.Authorization.via.set_read() MEDIUM" "nex-forms-express-wp-form-builder 8.5.5 Cross-Site.Request.Forgery MEDIUM" "nex-forms-express-wp-form-builder 8.5.6 Authenticated.(Admin+).SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.4.4 Authenticated.Stored.XSS LOW" "nex-forms-express-wp-form-builder 8.4 Admin+.SQL.Injection MEDIUM" "nex-forms-express-wp-form-builder 8.3.3 Contributor+.Stored.XSS MEDIUM" "nex-forms-express-wp-form-builder 7.9.7 Authenticated.SQLi MEDIUM" "nex-forms-express-wp-form-builder 8.4.3 Stored.Cross-Site.Scripting.via.CSRF HIGH" "nex-forms-express-wp-form-builder 7.8 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "nex-forms-express-wp-form-builder 4.6.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "newsletter-popup No.known.fix Admin+.Stored.XSS LOW" "newsletter-popup No.known.fix Subscriber.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix List.Deletion.via.CSRF MEDIUM" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsletter-popup No.known.fix Unauthenticated.Stored.XSS HIGH" "newsletter-popup No.known.fix Record.Deletion.via.CSRF MEDIUM" "nichetable 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "nichetable 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nd-restaurant-reservations No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 2.0 Directory.Traversal.to.Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nd-restaurant-reservations 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-restaurant-reservations 1.5 Unauthenticated.Options.Change CRITICAL" "ninja-tables 5.0.17 Admin+.Stored.XSS LOW" "ninja-tables 5.0.13 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "ninja-tables 5.0.10 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "ninja-tables 5.0.7 Contributor+.Table.Data.Access LOW" "ninja-tables 4.3.5 Admin+.Stored.XSS LOW" "ninja-tables 4.1.8 Admin+.Stored.Cross-Site.Cross-Site.Scripting LOW" "ninja-forms-uploads 3.3.18 Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "ninja-forms-uploads 3.3.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "ninja-forms-uploads 3.3.13 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ninja-forms-uploads 3.0.23 Unauthenticated.Arbitrary.File.Upload HIGH" "ns-coupon-to-become-customer No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "nexus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nexus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nexus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "notif-bell 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "notification-for-telegram 3.3.2 Missing.Authorization.to.Authenticated.(Subscriber+).Send.Telegram.Test.Message MEDIUM" "naver-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nd-shortcodes 7.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "nd-shortcodes 7.0 Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "nd-shortcodes 7.0 Subscriber+.LFI HIGH" "nd-shortcodes 6.0 Unauthenticated.WP.Options.Update MEDIUM" "ni-crm-lead No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ni-crm-lead No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "nexter-extension 2.0.4 Reflected.XSS HIGH" "nexter-extension 2.0.4 Authenticated(Editor+).Remote.Code.Execution.via.metabox HIGH" "new-royalslider 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "new-image-gallery 1.4.6 Missing.Authorization MEDIUM" "nhrrob-options-table-manager No.known.fix Authenticated.(Admin+).PHP.Object.Injection HIGH" "nc-wishlist-for-woocommerce No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "nuajik-cdn No.known.fix Admin+.Stored.XSS LOW" "neon-product-designer-for-woocommerce No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "news-kit-elementor-addons No.known.fix Contributor+.Stored.XSS MEDIUM" "news-kit-elementor-addons 1.2.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Canvas.Menu.Elementor.Template MEDIUM" "nextend-facebook-connect 3.1.13 Reflected.Self-Based.Cross-Site.Scripting.via.error_description MEDIUM" "next-order-coupon-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "next-order-coupon-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "next-order-coupon-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "novelist 1.2.3 Cross-Site.Request.Forgery MEDIUM" "novelist 1.2.1 Admin+.Stored.XSS MEDIUM" "ni-woo-sales-commission No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Commission.Update MEDIUM" "ninjateam-telegram 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "news-ticker-widget-for-elementor 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nimble-portfolio No.known.fix Unauthenticated.Server-Side.Request.Forgery CRITICAL" "naver-blog-api No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "nite-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "navigation-du-lapin-blanc No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nktagcloud No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "note-press No.known.fix Admin+.SQLi.via.id MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Bulk.Actions MEDIUM" "note-press No.known.fix Admin+.SQLi.via.Update MEDIUM" "note-press 0.1.2 SQL.Injection CRITICAL" "nm-visitors No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.HTTP.Header HIGH" "new-video-gallery 1.5.4 Missing.Authorization MEDIUM" "notify-odoo 1.0.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "news-announcement-scroll 9.1.0 .Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "news-announcement-scroll 9.0.0 Admin+.Stored.XSS LOW" "no-bot-registration 2.0 Cross-Site.Request.Forgery MEDIUM" "next-page No.known.fix Admin+.Stored.XSS LOW" "newpost-catch 1.3.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.npc.Shortcode MEDIUM" "notice-board-by-towkir No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "news-wall No.known.fix Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "notification 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "notification 8.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "notifications-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ns-facebook-pixel-for-wp No.known.fix Admin+.Stored.XSS LOW" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.Directory.Deletion MEDIUM" "newspack-blocks 3.0.9 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "newspack-blocks 3.0.9 Missing.Authorization MEDIUM" "newspack-blocks 3.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "nelio-content 3.2.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "notibar 2.1.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "notibar 2.1.5 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.njt_nofi_text MEDIUM" "notibar 2.1.5 Missing.Authorization.via.ajax_install_plugin MEDIUM" "nofollow-links 1.0.11 Cross-Site.Scripting.(XSS) MEDIUM" "newsletter-manager No.known.fix Unauthenticated.Insecure.Deserialisation HIGH" "newsletter-manager 1.5 Unauthenticated.Open.Redirect MEDIUM" "newsletter-manager 1.0.2 Authenticated.Reflected.Cross.Site.Scripting HIGH" "newsletter-manager 1.0.2 Cross-Site.Request.Forgery MEDIUM" "no-api-amazon-affiliate 4.4.0 Admin+.Stored.XSS LOW" "nirweb-support No.known.fix Missing.Authorization MEDIUM" "nirweb-support 2.8.2 Unauthenticated.SQLi HIGH" "new-grid-gallery 1.4.4 Contributor+.PHP.Object.Injection.via.shortcode MEDIUM" "new-grid-gallery 1.2.5 Authenticated.Stored.Cross.Site.Scripting.(XSS) LOW" "novo-map No.known.fix CSRF MEDIUM" "newspack-newsletters 2.13.3 Missing.Authorization MEDIUM" "newspack-newsletters 2.13.3 Cross-Site.Request.Forgery MEDIUM" "notification-plus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ni-woocommerce-order-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newsletter-image-generator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nice-paypal-button-lite No.known.fix CSRF MEDIUM" "nabz-image-gallery No.known.fix Unauthenticated.SQL.Injection CRITICAL" "ninja-page-categories-and-tags No.known.fix Admin+.Stored.XSS LOW" "nblocks No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "nova-poshta-ttn 1.19.7 Unauthenticated.SQL.Injection HIGH" "nova-poshta-ttn 1.7.49 Reflected.Cross-Site.Scripting MEDIUM" "navigation-menu-as-dropdown-widget 1.3.5 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "new-user-email-set-up No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "n-media-wp-simple-quiz No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nafeza-prayer-time No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "nova-blocks 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "number-chat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "number-chat No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "notice-faq No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects No.known.fix Contributor+.Stored.XSS MEDIUM" "nd-projects 1.6 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "nd-projects No.known.fix Authenticated.Local.File.Inclusion MEDIUM" "ni-woocommerce-custom-order-status 1.9.7 Subscriber+.SQL.Injection HIGH" "nextgen-gallery-sell-photo No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "naver-map No.known.fix Contributor+.Stored.XSS MEDIUM" "neuvoo-jobroll No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "notifier 2.6.1 Admin+.Stored.XSS LOW" "navz-photo-gallery 2.7 Missing.Authorization MEDIUM" "navz-photo-gallery 2.0 Subscriber+.UserMeta.Update MEDIUM" "navz-photo-gallery 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "night-mode 1.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "newsletter-subscriptions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nlinks No.known.fix Authenticated.SQL.Injection HIGH" "new-order-popup No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nextcellent-gallery-nextgen-legacy No.known.fix Admin+.Stored.XSS LOW" "newsmanapp 2.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nowpayments-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "nextcart-woocommerce-migration 3.9.4 Reflected.Cross-Site.Scripting MEDIUM" "news-articles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nokaut-offers-box No.known.fix Plugin.Reset.via.CSRF MEDIUM" "nokaut-offers-box No.known.fix Admin+.Stored.XSS LOW" "ni-purchase-orderpo-for-woocommerce 1.2.2 Admin+.File.Upload.to.Remote.Code.Execution MEDIUM" "ni-woocommerce-sales-report-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nofollow-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "n-media-woocommerce-checkout-fields 18.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "nopeamedia No.known.fix Cross-Site.Request.Forgery MEDIUM" "nopeamedia 1.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "notice-bar 3.1.1 Contributor+.Stored.XSS MEDIUM" "newsletter-optin-box 3.4.3 Missing.Authorization.to.Unauthenticated.Form.Submission MEDIUM" "newsletter-optin-box 1.6.5 Open.Redirect MEDIUM" "namaste-lms No.known.fix Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.5 Cross-Site.Request.Forgery MEDIUM" "namaste-lms 2.6.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "namaste-lms 2.6.3 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.4.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6.1.2 Reflected.Cross-Site.Scripting MEDIUM" "namaste-lms 2.6 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.4 Admin+.Stored.XSS LOW" "namaste-lms 2.5.9.2 Admin+.Stored.XSS LOW" "notifikacie-sk No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "newspack-popups 2.31.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "name-directory 1.29.1 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.27.2 Settings.Update.via.CSRF MEDIUM" "name-directory 1.25.5 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.4 Arbitrary.Directory/Name.Deletion.via.CSRF MEDIUM" "name-directory 1.25.4 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "name-directory 1.25.3 Reflected.Cross-Site.Scripting MEDIUM" "name-directory 1.18 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "nugget-by-ingot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nugget-by-ingot No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "newstatpress 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "newstatpress 1.2.5 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.6 SQL.Injection CRITICAL" "newstatpress 1.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.4 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "newstatpress 1.0.1 SQL.Injection CRITICAL" "notices No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "new-contact-form-widget 1.4.3 Cross-Site.Request.Forgery MEDIUM" "new-contact-form-widget 1.4.0 Sensitive.Information.Exposure MEDIUM" "news-element 1.0.6 Unauthenticated.LFI HIGH" "newsletter2go No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Style.Reset MEDIUM" "newsletter2go No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.style MEDIUM" "otter-pro 2.6.12 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "otter-pro 2.6.4 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "otter-pro 2.6.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.File.Field.CSS MEDIUM" "option-tree 2.7.3 Object.Injection.Bypass CRITICAL" "option-tree 2.7.0 PHP.Object.Injection CRITICAL" "option-tree 2.6.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "option-tree 2.5.4 XSS MEDIUM" "olivewp-companion No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-tip-woo 1.4.0 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "order-notification-for-telegram No.known.fix Missing.Authorization.to.Unauthenticated.Send.Telegram.Test.Message MEDIUM" "optinmonster 2.16.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "optinmonster 2.16.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "optinmonster 2.12.2 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "optinmonster 2.6.5 Unprotected.REST-API.Endpoints HIGH" "optinmonster 2.6.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "optinmonster 1.1.4.6 Execution.of.Arbitrary.Shortcodes MEDIUM" "opentracker-analytics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "om-stripe No.known.fix Reflected.XSS HIGH" "only-tweet-like-share-and-google-1 No.known.fix Admin+.Stored.XSS LOW" "ocean-extra 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Flickr.Widget MEDIUM" "ocean-extra 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ocean-extra 2.2.5 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.2.3 Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Activation MEDIUM" "ocean-extra 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 2.1.3 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.1.3 Subscriber+.Arbitrary.Post.Content.Disclosure MEDIUM" "ocean-extra 2.1.2 Contributor+.Stored.XSS MEDIUM" "ocean-extra 2.0.5 Admin+.PHP.Objection.Injection MEDIUM" "ocean-extra 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "ocean-extra 1.9.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ocean-extra 1.6.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ocean-extra 1.5.9 Unauthenticated.Settings.change.and.CSS.injection HIGH" "olive-one-click-demo-import No.known.fix Unauthenticated.Information.Exposure MEDIUM" "olive-one-click-demo-import 1.1.2 Missing.Authorization MEDIUM" "olive-one-click-demo-import No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "official-statcounter-plugin-for-wordpress 2.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "online-accessibility No.known.fix Missing.Authorization MEDIUM" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "online-accessibility 4.13 Subscriber+.SQLi HIGH" "osmapper No.known.fix Unauthenticated.Arbitrary.Post.Deletion HIGH" "order-picking-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "omnisend-connect 1.14.4 Cross-Site.Request.Forgery MEDIUM" "omnisend-connect 1.13.9 Sensitive.Information.Exposure MEDIUM" "onclick-show-popup 6.6 Admin+.Stored.XSS LOW" "orbisius-child-theme-creator 1.5.6 Missing.Authorization.to.Authenticated.(Subscriber+).Cloud.Snippet.Update/Delete MEDIUM" "orbisius-child-theme-creator 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "orbisius-child-theme-creator 1.5.2 CSRF.to.Arbitrary.File.Modification/Creation HIGH" "orbisius-child-theme-creator 1.2.8 Arbitrary.File.Write MEDIUM" "order-delivery-pickup-location-date-time-free-version No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "opcache No.known.fix Reflected.XSS HIGH" "onwebchat 3.2.0 Live.support.<.3.2.0.-.Cross-Site.Request.Forgery MEDIUM" "organization-chart 1.5.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.title_input.and.node_description.Parameters MEDIUM" "organization-chart 1.4.5 Multiple.CSRF MEDIUM" "organization-chart 1.4.5 Admin+.Stored.XSS LOW" "onesignal-free-web-push-notifications 1.17.8 Stored.XSS MEDIUM" "ocim-mp3 No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "open-social No.known.fix Admin+.Stored.XSS LOW" "owm-weather 5.6.12 Post.Duplication.via.CSRF MEDIUM" "owm-weather 5.6.9 Contributor+.SQLi HIGH" "oneelements-ultimate-addons-for-elementor No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "open-graph-metabox No.known.fix CSRF MEDIUM" "open-external-links-in-a-new-window 1.43 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "open-external-links-in-a-new-window 1.43 Tabnabbing LOW" "ops-robots-txt 2.0.1 Stored.XSS.via.CSRF HIGH" "ops-robots-txt 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "opencart-product-in-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "oik 4.12.1 Cross-Site.Request.Forgery MEDIUM" "oik 4.12.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.bw_button.Shortcode MEDIUM" "oik 4.10.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "official-saleswizard-crm 1.0.4 Contributor+.Stored.XSS MEDIUM" "options-for-twenty-seventeen 2.5.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "order-attachments-for-woocommerce No.known.fix Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "order-attachments-for-woocommerce 2.5.0 2.4.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.File.Upload MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Arbitrary.File.Upload MEDIUM" "ooohboi-steroids-for-elementor 2.1.5 Subscriber+.Attachment.Deletion MEDIUM" "oz-canonical No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ovic-import-demo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "optinly 1.0.19 Missing.Authorization MEDIUM" "optinly 1.0.16 CSRF MEDIUM" "olevmedia-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "olevmedia-shortcodes 1.1.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "oauth-twitter-feed-for-developers No.known.fix Admin+.Stored.XSS LOW" "onestore-sites No.known.fix Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "onestore-sites No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "one-backend-language No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opti-marketing 2.0.10 Unauthenticated.SQLi HIGH" "order-status-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "onlywire-multi-autosubmitter No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "omnipress 1.5.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "omnipress 1.5.0 Contributor+.Stored.XSS MEDIUM" "one-page-blocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-blocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "one-page-blocks No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "official-sendle-shipping-method 5.18 Reflected.XSS HIGH" "opal-hotel-room-booking No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "one-click-plugin-updater No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "off-canvas-sidebars 0.5.8.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "opening-hours 1.47 Admin+.Stored.XSS LOW" "opening-hours 1.46 Cross-Site.Request.Forgery MEDIUM" "opening-hours 1.45 Missing.Authorization MEDIUM" "opening-hours 1.42 Admin+.Stored.Cross-Site.Scripting LOW" "opening-hours 1.38 Admin+.Stored.XSS LOW" "order-on-chat-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-on-chat-for-woocommerce 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "opal-estate No.known.fix Cross-Site.Request.Forgery MEDIUM" "opal-estate No.known.fix CSRF.Bypass MEDIUM" "opal-estate No.known.fix Missing.Authorization MEDIUM" "order-import-export-for-woocommerce 2.5.0 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "order-import-export-for-woocommerce 2.4.4 Shop.Manager+.Arbitrary.File.Upload HIGH" "outbound-link-manager No.known.fix Settings.Update.via.CSRF MEDIUM" "opensea No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opensea 1.0.3 Admin+.Stored.XSS MEDIUM" "opensea 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "oauth-client 1.11.4 Authenticated.Bypass CRITICAL" "owl-carousel No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "office-locator No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "opal-membership No.known.fix Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "opal-membership No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "openbook-book-data No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "optimate-ads No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "order-tracking 3.3.13 Missing.Authorization.via.send_test_email() MEDIUM" "order-tracking 3.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "order-tracking 3.3.7 Reflected.Cross-Site.Scripting HIGH" "order-hours-scheduler-for-woocommerce 4.3.22 Reflected.Cross-Site.Scripting MEDIUM" "offload-videos-bunny-netaws-s3 1.0.1 Offload.Videos.–.Bunny,net,.AWS.S3.<=.1,0,1.Subscriber+.CSRF MEDIUM" "olympus-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "order-delivery-date No.known.fix Admin+.Stored.XSS LOW" "order-delivery-date No.known.fix Settings.Update.via.CSRF MEDIUM" "os-bxslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oxygenbuilder 4.9 Missing.Authorization.to.Authenticated.(Subscriber+).Stylesheet.Update MEDIUM" "oxygenbuilder 4.8.3 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "oxygenbuilder 4.8.1 Contributor+.Stored.XSS MEDIUM" "otp-easy-login-with-mocean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-page-express-companion 1.6.38 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.one_page_express_contact_form.Shortcode MEDIUM" "order-your-posts-manually No.known.fix Reflected.XSS HIGH" "order-your-posts-manually No.known.fix Admin+.SQLi MEDIUM" "one-click-login No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "open-graphite 1.6.1 Reflected.Cross-Site.Scripting HIGH" "order-and-inventory-manager-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "order-and-inventory-manager-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "olimometer 2.57 Unauthenticated.SQL.Injection CRITICAL" "oxygen 4.4 CSRF MEDIUM" "order-delivery-date-for-woocommerce 3.21.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "order-delivery-date-for-woocommerce 3.20.1 Reflected.XSS HIGH" "osm-map-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "outdooractive-embed 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "obfuscate-email No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "oi-yamaps No.known.fix Contributor+.Stored.XSS MEDIUM" "open-user-map 1.3.27 Admin+.Stored.XSS LOW" "open-user-map 1.3.15 Reflected.Cross-Site.Scripting MEDIUM" "open-user-map 1.2.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 1.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.7.7 Missing.Authorization MEDIUM" "official-mailerlite-sign-up-forms 1.5.8 Signup.forms.(official).<.1.5.8.-.API.Key.Update.via.CSRF MEDIUM" "official-mailerlite-sign-up-forms 1.5.4 Reflected.Cross-Site.Scripting MEDIUM" "official-mailerlite-sign-up-forms 1.4.5 Multiple.CSRF.Issues HIGH" "official-mailerlite-sign-up-forms 1.4.4 Unauthenticated.SQL.Injection CRITICAL" "one-click-demo-import 3.2.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "one-click-demo-import 3.1.0 Admin+.Arbitrary.File.Upload MEDIUM" "overlay-image-divi-module 1.5 Reflected.Cross-Site.Scripting MEDIUM" "overlay-image-divi-module 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "onlyoffice-docspace 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oshine-modules 3.3.8 Unauthenticated.Server-Side.Request.Forgery HIGH" "oshine-modules 3.3.8 Reflected.Cross-Site.Scripting MEDIUM" "orange-form No.known.fix SQL.Injection.via.CSRF HIGH" "orange-form No.known.fix Unauthenticated.Arbitrary.Post.Deletion CRITICAL" "optimole-wp 3.13.0 Author+.Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "optimole-wp 3.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "option-editor No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "onceki-yazi-linki No.known.fix Cross-Site.Request.Forgery MEDIUM" "oauth-client-for-user-authentication 3.0.4 Unauthenticated.Settings.Update.to.Authentication.Bypass CRITICAL" "opt-in-hound No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "ovic-vc-addon No.known.fix Missing.Authorization MEDIUM" "ovic-vc-addon 1.2.9 Subscriber+.Option.Update HIGH" "open-hours No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-audit-log-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-click-order-reorder 1.1.10 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "opengraph 1.11.3 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "opencart-product-display No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "online-appointment-scheduling-software No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "optin-forms 1.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "optin-forms 1.3.3 Admin+.Stored.XSS LOW" "osm 6.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "osm 6.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.osm_map.and.osm_map_v3.Shortcodes MEDIUM" "osm 6.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "osm 6.0.4 Contributor+.SQL.Injection MEDIUM" "osm 6.0.6 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "osm 6.0.3 CSRF MEDIUM" "onlinecontract No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Import MEDIUM" "ota-sync-booking-engine-widget 1.3.0 Settings.Update.via.CSRF MEDIUM" "octrace-support No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "octrace-support No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "octrace-support 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "opal-woo-custom-product-variation 1.1.4 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "openpgp-form-encryption 1.5.1 Contributor+.Stored.XSS MEDIUM" "orbisius-simple-notice 1.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "one-click-ssl 1.4.7 Multiple.Issues HIGH" "oliver-pos 2.4.2.4 Sensitive.Information.Exposure.to.Privilege.Escalation CRITICAL" "oliver-pos 2.4.1.9 Cross-Site.Request.Forgery MEDIUM" "oliver-pos 2.4.2.1 Subscriber+.Unauthorized.AJAX.Calls MEDIUM" "opal-widgets-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "one-user-avatar 2.3.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "one-user-avatar 2.3.7 Avatar.Update.via.CSRF LOW" "oopspam-anti-spam 1.1.45 Cross-Site.Request.Forgery MEDIUM" "oopspam-anti-spam 1.1.36 Admin+.Stored.XSS LOW" "order-auto-complete-for-woocommerce 1.2.1 Admin+.Stored.XSS LOW" "oauth2-provider 4.4.0 Open.Redirect MEDIUM" "oauth2-provider 4.3.0 Subscriber+.Arbitrary.Client.Deletion MEDIUM" "oauth2-provider 4.2.5 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "oauth2-provider 3.4.2 Client.Secret.Regeneration.via.CSRF MEDIUM" "oauth2-provider 4.2.2 Admin+.Stored.XSS LOW" "oauth2-provider 3.1.5 Insecure.Pseudor&om.Number.Generation CRITICAL" "optio-dentistry 2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "order-export-and-more-for-woocommerce 3.25 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "order-export-and-more-for-woocommerce 3.24 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "ootb-openstreetmap 2.8.4 Contributor+.Stored.XSS.via.ootb_query.Shortcode MEDIUM" "onlyoffice 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "official-facebook-pixel 3.0.4 CSRF.to.Stored.XSS.and.Settings.Deletion HIGH" "official-facebook-pixel 3.0.0 PHP.Object.Injection.with.POP.Chain CRITICAL" "ovic-addon-toolkit No.known.fix Missing.Authorization MEDIUM" "os-our-team No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "out-of-stock-badge No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "one-click-close-comments No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "olympus-google-fonts 3.7.8 Cross-Site.Request.Forgery MEDIUM" "olympus-google-fonts 3.7.8 Missing.Authorization MEDIUM" "olympus-google-fonts 3.0.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "open-rdw-kenteken-voertuiginformatie 2.1.0 Reflected.XSS HIGH" "order-redirects-for-woocommerce 0.8.1 Reflected.Cross-Site.Scripting MEDIUM" "onelogin-saml-sso 2.4.3 Signature.Wrapping HIGH" "otter-blocks 3.0.7 Unauthetnicated.Path.Traversal.to.Arbitrary.Image.View MEDIUM" "otter-blocks 3.0.4 Gutenberg.Block.<.3.0.4.-.Missing.Authorization MEDIUM" "otter-blocks 3.0.5 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "otter-blocks 2.6.10 Contributor+.Stored.XSS.via.titleTag MEDIUM" "otter-blocks 2.6.9 Author+.Stored.XSS.via.SVG.Upload MEDIUM" "otter-blocks 2.6.9 Contributor+.Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.6 Contributor+.Stored.XSS MEDIUM" "otter-blocks 2.6.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "otter-blocks 2.2.6 Gutenberg.Blocks.<.2.2.6.-.Author+.PHAR.Deserialization MEDIUM" "od-photogallery-plugin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "optima-express 7.3.1 Admin+.Stored.XSS LOW" "oss-aliyun 1.4.11 Authenticated.(Administrator+).SQL.Injection CRITICAL" "out-of-stock-display-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "og-tags 2.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "oembed-gist No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "otp-login No.known.fix Authentication.Bypass.via.Weak.OTP HIGH" "orangebox No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ovic-product-bundle No.known.fix Missing.Authorization MEDIUM" "os-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oauth2-server No.known.fix Authentication.Bypass MEDIUM" "osd-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opal-estate-pro No.known.fix Contributor+.Stored.XSS MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "oneclick-whatsapp-order 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "oneclick-whatsapp-order 1.0.5 Admin+.Stored.XSS LOW" "oneclick-whatsapp-order 1.0.4.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "online-lesson-booking-system 0.8.7 CSRF.&.XSS HIGH" "oa-social-login 5.10.0 Authentication.Bypass CRITICAL" "openid No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "original-texts-yandex-webmaster No.known.fix Cross-Site.Request.Forgery MEDIUM" "oxyextras 1.4.5 Unauthenticated.Cross-Site.Scripting MEDIUM" "out-of-the-box 1.20.3 Reflected.Cross-Site.Scripting MEDIUM" "progressive-license No.known.fix CSRF.to.Stored.XSS MEDIUM" "product-code-for-woocommerce 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pta-member-directory 1.8.0 Missing.Authorization MEDIUM" "projecthuddle-child-site 1.0.35 Missing.Authorization.via.ph_child_ajax_notice_handler MEDIUM" "photography-portfolio 1.4.9 Reflected.Cross-Site.Scripting MEDIUM" "popliup No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "preferred-languages 2.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pagepost-content-shortcode No.known.fix Contributor+.Arbitrary.Posts/Pages.Access MEDIUM" "product-blocks 3.1.5 PHP.Object.Injection.via.wopb_wishlist.and.wopb_compare CRITICAL" "product-blocks 3.0.0 Missing.Authorization.via.option_data_save MEDIUM" "pmpro-member-directory 1.2.6 Member.Directory.Add.On.<.1.2.6.-.Contributor+.Sensitive.Information.Disclosure.and.SQLi MEDIUM" "podcast-channels 0.28 Unauthenticated.Reflected.XSS MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-toolkit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.6 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 7.0.3 Reflected.Cross-Site.Scripting MEDIUM" "persian-woocommerce-sms 3.3.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "post-meta-data-manager No.known.fix Authentciated.(Admin+).Multisite.Privilege.Escalation HIGH" "post-meta-data-manager 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-meta-data-manager 1.2.2 Cross-Site.Request.Forgery.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "post-meta-data-manager 1.2.1 Unauthenticated.Data.Deletion HIGH" "post-meta-data-manager 1.2.1 Subscriber+.Privilege.Escalation HIGH" "post-meta-data-manager 1.2.1 Missing.Authorization.to.Post,.Term,.and.User.Meta.Deletion MEDIUM" "porsline No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "pagerank-tools No.known.fix Reflected.XSS HIGH" "product-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-table No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pedalo-connector No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "promobar 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "polo-video-gallery No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "piwigopress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prettyphoto No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "picsmize No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "posts-in-page 1.3.0 Directory.Traversal HIGH" "product-slider-for-woocommerce-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "product-slider-for-woocommerce-lite 1.1.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "podcast-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "podcast-box 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-sync No.known.fix Reflected.XSS HIGH" "premmerce-woocommerce-variation-swatches 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-variation-swatches 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-variation-swatches 1.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "passwords-manager 1.5.1 Unauthenticated.SQL.Injection HIGH" "passwords-manager 1.5.1 Missing.Authorization.to.Authenticated.(Subscriber+).Add.Password.+.Update.Encryption.Key HIGH" "passwords-manager 1.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "page-list 5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-list 5.3 Contributor+.Stored.XSS MEDIUM" "payhere-payment-gateway 2.2.12 Unauthenticated.Log.Data.Disclosure MEDIUM" "price-bands-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "price-bands-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "price-bands-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pricing-tables-for-wpbakery-page-builder 3.0 Contributor+.Stored.XSS MEDIUM" "pricing-tables-for-wpbakery-page-builder 3.0 Subscriber+.LFI HIGH" "post-grid 2.3.7 Unauthenticated.User.Information.Exposure MEDIUM" "post-grid 2.3.6 Unauthenticated.Paid.Order.Creation MEDIUM" "post-grid 2.3.4 2.3.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "post-grid 2.2.94 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.90 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.91 2.2.90.-.Subscriber+.Privilege.Escalation HIGH" "post-grid 2.2.93 Contributor+.Stored.XSS MEDIUM" "post-grid 2.2.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Accordion.Block MEDIUM" "post-grid 2.2.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.86 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.redirectURL.Parameter.of.Date.Countdown.Widget MEDIUM" "post-grid 2.2.81 Combo.Blocks.<.2.2.81.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attribute MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.81 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid 2.2.79 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "post-grid 2.2.76 Reflected.Cross-Site.Scripting MEDIUM" "post-grid 2.2.76 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "post-grid 2.2.69 Information.Exposure.via.get_posts.API.Endpoint HIGH" "post-grid 2.2.65 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.keyword MEDIUM" "post-grid 2.1.16 Reflected.Cross-Site.Scripting.via.post_types MEDIUM" "post-grid 2.1.13 Contributor+.SQL.Injection MEDIUM" "post-grid 2.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "post-grid 2.0.73 PHP.Object.Injection HIGH" "premmerce-woocommerce-product-bundles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-bundles No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "podpress 8.8.10.17 players/1pixelout/1pixelout_player.swf.playerID.Parameter.XSS MEDIUM" "parcel-tracker-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "product-specifications 0.7.0 Reflected.Cross-Site.Scripting HIGH" "post-index No.known.fix CSRF.to.Stored.XSS HIGH" "payu-india 3.8.4 Unauthenticated.Privilege.Escalation CRITICAL" "payu-india No.known.fix Reflected.Cross-Site.Scripting.via.type HIGH" "pods 3.2.8.2 Admin+.SQL.Injection MEDIUM" "pods 3.2.8.1 Admin+.Stored.XSS LOW" "pods 3.2.7.1 Admin+.Stored.XSS LOW" "pods 3.2.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Pod.Form.Redirect.URL MEDIUM" "pods 3.1 Contributor+.Pods/Users.Creation MEDIUM" "pods 3.1 Contributor+.SQLi MEDIUM" "pods 3.1 Contributor+.Remote.Code.Execution HIGH" "pods 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "pods 2.9.11 Pods.Deletion.via.CSRF MEDIUM" "pods 2.7.29 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pods 2.7.27 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "plethora-tabs-accordions 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plethora-tabs-accordions 1.2 Contributor+.Stored.XSS MEDIUM" "passwordless-login 1.1.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "protected-wp-login No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preloader-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pondol-carousel No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "pricing-table No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "profile-widget-ninja No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "property-hive-mortgage-calculator 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.price.Parameter MEDIUM" "pearl-header-builder 1.3.9 Cross-Site.Request.Forgery.to.Header.Deletion MEDIUM" "pearl-header-builder 1.3.8 Missing.Authorization.to.Unauthenticated.Arbitrary.Site.Options.Deletion MEDIUM" "pearl-header-builder 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "pearl-header-builder 1.3.5 CSRF MEDIUM" "pallet-packaging-for-woocommerce 1.1.16 Missing.Authorization MEDIUM" "performance-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "peters-login-redirect 3.0.0.5 Reflected.Cross-Site.Scripting HIGH" "peters-login-redirect 2.9.2 Multiple.CSRF HIGH" "peters-login-redirect 2.9.1 Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "producer-retailer No.known.fix Subscriber+.Privilege.Escalation CRITICAL" "policy-genius No.known.fix Reflected.XSS HIGH" "powerpack-lite-for-elementor 2.8.2 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "powerpack-lite-for-elementor 2.7.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Link.Effects.Widget MEDIUM" "powerpack-lite-for-elementor 2.7.20 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.18 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.19 Contributor+.Stored.XSS MEDIUM" "powerpack-lite-for-elementor 2.7.16 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-lite-for-elementor 2.7.14 Settings.Reset/Update.via.CSRF MEDIUM" "powerpack-lite-for-elementor 2.6.2 Reflected.Cross-Site.Scripting HIGH" "powerpack-lite-for-elementor 2.3.2 Contributor+.Stored.XSS MEDIUM" "pixtypes No.known.fix Reflected.XSS HIGH" "pixtypes 1.4.15 Cross-Site.Request.Forgery MEDIUM" "postie 1.9.41 Post.Submission.Spoofing.&.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.12 Reflected.Cross-Site.Scripting MEDIUM" "pramadillo-activecampaign-email-preference-center 2.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perfect-font-awesome-integration 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-import-export-for-woo 2.4.2 Authenticated(Shop.Manager+).Arbitrary.File.Upload HIGH" "product-import-export-for-woo 2.3.8 Shop.Manager+.Arbitrary.File.Upload.via.upload_import_file HIGH" "perfect-woocommerce-brands 2.0.5 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "perfect-woocommerce-brands 2.0.5 Subscriber+.Arbitrary.Brand.Creation MEDIUM" "polls-widget No.known.fix Admin+.Stored.XSS LOW" "polls-widget 1.5.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "pinblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pinblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pixobe-cartography No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plinks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-highlights 2.6.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "postcasa No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pandavideo 1.4.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pandavideo 1.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posts-date-ranges No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-gtin-ean-upc-isbn-for-woocommerce No.known.fix Contributor+.Stored.XSS MEDIUM" "pixelyoursite-pro 10.4.3 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite-pro 9.6.2 Admin+.Stored.Cross-Site.Scripting LOW" "permalink-manager 2.4.4.1 Missing.Authorization.to.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "permalink-manager 2.4.3.4 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.via.get_uri_editor MEDIUM" "permalink-manager 2.4.3.2 Missing.Authorization.to.Authenticated(Author+).arbitrary.post.slug.modification MEDIUM" "permalink-manager 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.3.0 Authenticated.Stored.XSS MEDIUM" "permalink-manager 2.2.20.2 Settings.Update.via.CSRF MEDIUM" "permalink-manager 2.2.20.1 Unauthenticated.URI.Deletion MEDIUM" "permalink-manager 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "permalink-manager 2.2.13.1 Admin+.SQL.Injection MEDIUM" "power-ups-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "power-ups-for-elementor 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-with-fancybox 3.6 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "passwordless-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pgall-for-woocommerce 5.2.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pgall-for-woocommerce 5.2.3 Reflected.Cross-Site.Scripting.via.add_query_arg.Function MEDIUM" "pgall-for-woocommerce 5.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.pafw_instant_payment.Shortcode MEDIUM" "photokit No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "popup-image No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plms No.known.fix Authenticated.(Salesman+).Arbitrary.File.Upload HIGH" "portfolio-slideshow No.known.fix Contributor+.XSS MEDIUM" "pricing-deals-for-woocommerce No.known.fix Missing.Authorization.via.vtprd_ajax_clone_rule MEDIUM" "pricing-deals-for-woocommerce 2.0.3 Unauthenticated.SQLi HIGH" "posts-table-filterable 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "post-carousel-slider No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pootle-page-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-page-builder 5.7.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.7 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.woot_get_smth HIGH" "profit-products-tables-for-woocommerce 1.0.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.woot_button.Shortcode MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.4 Reflected.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.3 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Cross-Site.Request.Forgery MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.2 Missing.Authorization MEDIUM" "profit-products-tables-for-woocommerce 1.0.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "profit-products-tables-for-woocommerce 1.0.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.5 Reflected.Cross-Site-Scripting MEDIUM" "profit-products-tables-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "post-list-designer 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "post-list-designer 3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "post-list-designer 3.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "post-list-designer 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pagerestrict No.known.fix Unauthenticated.Protected.Post.Access MEDIUM" "pagerestrict No.known.fix Cross-Site.Request.Forgery.via.pr_admin_page MEDIUM" "photo-gallery 1.8.34 Unauthenticated.Stored.XSS HIGH" "photo-gallery 1.8.33 Admin+.Stored.XSS LOW" "photo-gallery 1.8.31 Admin+.Stored.XSS LOW" "photo-gallery 1.8.31 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "photo-gallery 1.8.28 Admin+.Stored.XSS LOW" "photo-gallery 1.8.29 Admin+.Stored.XSS LOW" "photo-gallery 1.8.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Zipped.SVG MEDIUM" "photo-gallery 1.8.24 Authenticated.(Contributor+).Path.Traversal.via.esc_dir.Function MEDIUM" "photo-gallery 1.8.26 Subscriber+.Notice.Dismiss MEDIUM" "photo-gallery 1.8.21 Missing.Authorization MEDIUM" "photo-gallery 1.8.22 Admin+.Stored.XSS.via.SVG LOW" "photo-gallery 1.8.22 Multiple.Reflected.XSS HIGH" "photo-gallery 1.8.20 Mobile-Friendly.Image.Gallery.<.1.8.20.-.Directory.Traversal.to.Arbitrary.File.Rename CRITICAL" "photo-gallery 1.8.19 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Widget MEDIUM" "photo-gallery 1.8.15 Admin+.Path.Traversal MEDIUM" "photo-gallery 1.8.3 Stored.XSS.via.CSRF MEDIUM" "photo-gallery 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.4 Admin+.Stored.Cross-Site.Scripting LOW" "photo-gallery 1.6.3 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "photo-gallery 1.6.0 Unauthenticated.SQL.Injection HIGH" "photo-gallery 1.5.79 Stored.XSS.via.Uploaded.SVG.in.Zip MEDIUM" "photo-gallery 1.5.75 Stored.Cross-Site.Scripting.via.Uploaded.SVG MEDIUM" "photo-gallery 1.5.75 File.Upload.Path.Traversal LOW" "photo-gallery 1.5.67 Authenticated.Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "photo-gallery 1.5.69 Multiple.Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.69 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "photo-gallery 1.5.68 Reflected.Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.5.55 Unauthenticated.SQL.Injection CRITICAL" "photo-gallery 1.5.46 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "photo-gallery 1.5.35 SQL.Injection.&.XSS CRITICAL" "photo-gallery 1.5.31 SQL.Injection CRITICAL" "photo-gallery 1.5.25 Authenticated.LFI MEDIUM" "photo-gallery 1.5.23 Authenticated.XSS MEDIUM" "photo-gallery 1.3.67 Cross-Site.Scripting.(XSS) HIGH" "photo-gallery 1.3.51 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.3.43 Authenticated.Path.Traversal HIGH" "photo-gallery 1.3.36 Authenticated.SQL.Injection MEDIUM" "photo-gallery 1.2.13 Cross-Site.Scripting.(XSS) HIGH" "posts-to-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pretty-link 3.6.3 Reflected.Cross-Site.Scripting.via.post_status HIGH" "pretty-link 3.6.4 Plugin.Settings.Update.via.CSRF MEDIUM" "pretty-link 3.4.1 Link.Visit.Stats.Clear.via.CSRF MEDIUM" "pretty-link 2.1.10 Stored.XSS.and.CSV.Injection HIGH" "pretty-link 1.6.8 Authenticated.SQL.Injection MEDIUM" "pegapoll No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "paypal-responder No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pre-party-browser-hints 1.8.20 Admin+.SQLi MEDIUM" "pepro-bacs-receipt-upload-for-woocommerce 2.7.0 Reflected.Cross-Site.Scripting MEDIUM" "printfriendly 5.5.2 Admin+.Stored.XSS LOW" "printfriendly 5.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "page-builder-add 1.5.2.1 Authenticated.(Editor+).Local.File.Inlcusion HIGH" "page-builder-add 1.5.1.9 Reflected.Cross-Site.Scripting.via.pageType MEDIUM" "page-builder-add 1.5.1.8 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-add 1.5.1.6 Open.Redirect MEDIUM" "page-builder-add 1.5.1.3 Admin+.Stored.XSS LOW" "page-builder-add 1.4.9.9 Contributor+.Cross-Site.Scripting.via.Shortcode MEDIUM" "page-builder-add 1.4.9.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "plugin-logic 1.0.8 Admin+.SQLi MEDIUM" "padma-advanced 0.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "particle-background No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "printus-cloud-printing-for-woocommerce 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "project-source-code-download No.known.fix Unauthenticated.Backup.Download HIGH" "pb-oembed-html5-audio-with-cache-support No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "paytm-donation No.known.fix Admin+.Stored.XSS LOW" "paytm-donation 2.3.2 Reflected.Cross-Site.Scripting MEDIUM" "paytm-donation 2.2.1 Reflected.XSS HIGH" "phplist-form-integration No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pvn-auth-popup No.known.fix Admin+.Stored.XSS LOW" "pvn-auth-popup No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "push-notification-by-feedify 2.4.6 Reflected.XSS HIGH" "push-notification-by-feedify 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-by-feedify 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "product-carousel-slider-for-woocommerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "page-layout-builder No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pie-register-social-site 1.8 Authentication.Bypass.via.WordPress.com.OAuth.provider HIGH" "pie-register-social-site 1.7.8 Social.Sites.Login.(Add.on).<.1.7.8.-.Unauthenticated.Privilege.Escalation CRITICAL" "podclankova-inzerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.4 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "profilegrid-user-profiles-groups-and-communities 5.9.4.3 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.Messages.Disclosure MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.4.3 Authenticated.(Subscriber+).Limited.Server-Side.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Deletion MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.1 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.9.0 Authenticated.(Subscriber+).Authorization.Bypass.to.Privilege.Escalation HIGH" "profilegrid-user-profiles-groups-and-communities 5.8.8 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Authenticated.(Contributor+).SQL.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.3 Bypass.Group.Members.Limit MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.0 Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.8.4 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.7 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.3 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.9 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.7.9 Unauthenticated.SQL.Injection CRITICAL" "profilegrid-user-profiles-groups-and-communities 5.6.7 Missing.Authorization MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.7.2 Cross-Site.Request.Forgery MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Unauthorized.Data.Modification MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.5.2 Subscriber+.Arbitrary.Option.Update HIGH" "profilegrid-user-profiles-groups-and-communities 5.5.3 Group.Owner+.Unauthorized.Data.Modification HIGH" "profilegrid-user-profiles-groups-and-communities 5.3.1 Subscriber+.Arbitrary.Password.Reset HIGH" "profilegrid-user-profiles-groups-and-communities 5.1.8 Subscriber+.CSV.Injection MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.0.4 Subscriber+.Private.Message.Read/Edition MEDIUM" "profilegrid-user-profiles-groups-and-communities 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 4.7.5 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "profilegrid-user-profiles-groups-and-communities 2.8.6 Authenticated.Code.Execution HIGH" "pricing-table-addon-for-elementor No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-shortcode No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pro-links-maintainer-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pro-links-maintainer-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pretty-opt-in-lite 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paytium 4.4.12 Unauthenticated.Full.Path.Disclosure MEDIUM" "paytium 4.4.11 Missing.Authorization MEDIUM" "paytium 4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "paytium 4.3.7 Admin+.Stored.XSS LOW" "paytium 3.1.2 Stored.Cross-Site.Scripting.(XSS) CRITICAL" "perelink No.known.fix Settings.Update.via.CSRF MEDIUM" "performance-lab 2.3.0 CSRF MEDIUM" "purple-xmls-google-product-feed-for-woocommerce No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "purple-xmls-google-product-feed-for-woocommerce 3.2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "purple-xmls-google-product-feed-for-woocommerce 3.3.1.0 Authenticated.SQL.Injection MEDIUM" "pj-news-ticker 1.9.6 Contributor+.Stored.XSS MEDIUM" "ppv-live-webcams 7.3.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "png-to-jpg 4.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "ptoffice-sign-ups No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "peachpay-for-woocommerce 1.113.0 Reflected.Cross-Site.Scripting MEDIUM" "post-layouts No.known.fix Contributor+.Stored.XSS MEDIUM" "pdf-image-generator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "parallax-image 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.position.Parameter MEDIUM" "parallax-image 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.dd-parallax.Shortcode MEDIUM" "parallax-image 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.render MEDIUM" "pdf-viewer-for-elementor No.known.fix Arbitrary.JavaScript.Execution MEDIUM" "pdf-viewer-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "print-o-matic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "print-o-matic 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "print-o-matic 2.0.3 Admin+.Stored.Cross-Site.Scripting LOW" "preloader-plus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "preloader-plus 2.1 Reflected.Cross-Site.Scripting MEDIUM" "prayer-times-anywhere No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "propovoice-pro No.known.fix Unauthenticated.SQL.Injection CRITICAL" "product-page-shipping-calculator-for-woocommerce 1.3.26 Admin+.Stored.XSS LOW" "product-page-shipping-calculator-for-woocommerce 1.3.21 Admin+.Stored.XSS LOW" "page-studio-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-studio-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "post-grid-for-elementor 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pi-woocommerce-order-date-time-and-type 3.0.20 Admin+.Stored.XSS LOW" "primary-addon-for-elementor 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.6.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "primary-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "primary-addon-for-elementor 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "primary-addon-for-elementor 1.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-block 6.0.1 Missing.Authorization.to.Authenticated.(Subscriber+).Shortcode.Export MEDIUM" "post-block 5.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "pretix-widget 1.0.6 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "pdf-embedder-fay No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pie-forms-for-wp 1.5 Reflected.Cross-Site.Scripting MEDIUM" "pie-forms-for-wp 1.4.9.4 Admin+.Stored.Cross-Site.Scripting LOW" "popupally 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popupally No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "popupally 2.1.1 Cross-Site.Request.Forgery.via.optin_submit_callback MEDIUM" "pdf-viewer-block 1.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "publish-to-schedule 4.5.5 Admin+.Stored.XSS LOW" "plugin-notes-plus 1.2.8 Authenticated.(Subscriber+).Arbitrary.Note.Deletion MEDIUM" "plugin-notes-plus 1.2.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popup-builder 4.3.5 Admin+.Stored.XSS LOW" "popup-builder No.known.fix Sensitive.Information.Exposure.via.Imported.Subscribers.CSV.File MEDIUM" "popup-builder 4.3.2 Missing.Authorization.in.Multiple.AJAX.Actions HIGH" "popup-builder 4.3.2 Missing.Authorization.and.Nonce.Exposure HIGH" "popup-builder 4.3.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "popup-builder 4.2.7 Contributor.Stored.XSS MEDIUM" "popup-builder 4.2.6 Admin+.SSRF.&.File.Read MEDIUM" "popup-builder 4.2.3 Unauthenticated.Stored.XSS HIGH" "popup-builder 4.2.0 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.12 Settings.Update.via.CSRF MEDIUM" "popup-builder 4.1.11 Admin+.Stored.Cross-Site.Scripting LOW" "popup-builder 4.1.1 Popup.Status.Change.via.CSRF MEDIUM" "popup-builder 4.1.1 SQL.Injection.to.Reflected.Cross-Site.Scripting MEDIUM" "popup-builder 4.0.7 Admin+.SQL.Injection MEDIUM" "popup-builder 4.0.7 LFI.to.RCE CRITICAL" "popup-builder 3.74 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "popup-builder 3.64.1 Multiple.Issues MEDIUM" "popup-builder 3.0 SQL.injection.via.PHP.Deserialization CRITICAL" "popup-builder 3.45 SQL.Injection CRITICAL" "prevent-landscape-rotation 2.1 Settings.Update.via.CSRF MEDIUM" "personal-dictionary 1.3.4 Unauthenticated.SQLi HIGH" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.SQL.Injection CRITICAL" "payment-gateway-stripe-and-woocommerce-integration 3.8.0 Unauthenticated.WC.Order.Status.Update MEDIUM" "payment-gateway-stripe-and-woocommerce-integration 3.7.8 Authentication.Bypass HIGH" "payment-gateway-stripe-and-woocommerce-integration 3.6.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "popup-anything-on-click 2.8.1 Missing.Authorization MEDIUM" "popup-anything-on-click 2.2.2 Popup.Settings.Reset.via.CSRF MEDIUM" "popup-anything-on-click 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "popup-anything-on-click 2.0.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pf-timer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "popcashnet-code-integration-tool 1.1 Cross-Site.Scripting.(XSS) MEDIUM" "pepro-ultimate-invoice No.known.fix Insecure.Direct.Object.Reference.to.Unauthenticated.Order.Information.Exposure MEDIUM" "pepro-ultimate-invoice 2.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pepro-ultimate-invoice 2.0.2 Missing.Authorisation MEDIUM" "pepro-ultimate-invoice 1.9.8 Unauthenticated.Arbitrary.Invoice.Access HIGH" "pastebin-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "perelandra-sermons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perelandra-sermons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "perelandra-sermons No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "pdf-light-viewer 1.4.12 Authenticated.Command.Injection LOW" "page-specific-sidebars No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pdf-poster 2.1.22 Arbitrary.JavaScript.Execution MEDIUM" "pdf-poster 2.1.18 PDF.Embedder.Plugin.for.WordPress.<.2.1.18.-.Reflected.Cross-Site.Scripting MEDIUM" "popup-box 3.2.5 Cross-Site.Request.Forgery MEDIUM" "popup-box 2.2.7 Popup.Deletion.via.CSRF MEDIUM" "popup-box 2.2.2 Reflected.XSS MEDIUM" "popup-box 2.2 Admin+.LFI MEDIUM" "protected-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protected-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "poeditor 0.9.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "poeditor 0.9.5 CSRF MEDIUM" "poeditor 0.9.8 Settings.Reset.via.CSRF MEDIUM" "product-delivery-date-for-woocommerce-lite 2.8.1 Lite.<.2.8.1.-.Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.3 Missing.Authorization MEDIUM" "product-delivery-date-for-woocommerce-lite 2.7.1 Missing.Authorization MEDIUM" "pafacile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "popup-seo-optimized No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pie-register-premium 3.8.3.3 Missing.Authorization MEDIUM" "pie-register-premium 3.8.3.3 Unauthenticated.Cross-Site.Scripting MEDIUM" "pie-register-premium 3.8.3.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "pie-register-premium 3.8.3.3 Missing.Authorization MEDIUM" "preprocess-dezrez No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preprocess-dezrez No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "profilepress-pro 4.11.2 Pro.<.4.11.2.-.Authentication.Bypass HIGH" "profile-extra-fields 1.2.8 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "profile-extra-fields 1.2.4 Reflected.Cross-Site.Scripting HIGH" "profile-extra-fields 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "pull-this No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-to-pdf 1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "postlists No.known.fix Reflected.XSS MEDIUM" "post-views-counter 1.4.5 Cross-Site.Request.Forgery.via.save_bulk_post_views() MEDIUM" "post-views-counter 1.3.5 Authenticated.Stored.XSS LOW" "product-price-history 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "podamibe-twilio-private-call No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pagination 1.2.3 Admin+.Stored.XSS LOW" "pagination 1.0.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Admin+.Stored.XSS LOW" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "paypal-pay-buy-donation-and-cart-buttons-shortcode No.known.fix .Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "paytr-taksit-tablosu-woocommerce No.known.fix CSRF MEDIUM" "paytr-taksit-tablosu-woocommerce 1.3.2 Unauthenticated.Settings.Update MEDIUM" "portfolleo No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "pdf-builder-for-wpforms 1.2.117 Unauthenticated.Full.Path.Disclosure MEDIUM" "pdf-builder-for-wpforms 1.2.89 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "planning-center-online-giving No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "powerpack-addon-for-beaver-builder 1.3.1 Reflected.Cross-Site.Scripting.via.Navigate.Parameter MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.4 Authenticated.(Editor+).Local.File.Inclusion HIGH" "powerpack-addon-for-beaver-builder 1.3.0.5 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.3.0.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.element.link MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.1 Reflected.Cross-Site.Scripting MEDIUM" "powerpack-addon-for-beaver-builder 1.2.9.3 Reflected.Cross-Site.Scripting MEDIUM" "planso-forms No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "premmerce-woocommerce-pinterest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-pinterest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "productdyno 1.0.25 Reflected.Cross-Site.Scripting.via.'res'.Parameter MEDIUM" "productdyno 1.0.25 Reflected.Cross-Site.Scripting HIGH" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.20.0 Missing.Authorization MEDIUM" "popup-maker 1.19.1 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.19.1 Admin+.Stored.XSS LOW" "popup-maker 1.18.3 Contributor+.Stored.XSS MEDIUM" "popup-maker 1.16.11 Contributor+.Stored.Cross.Site.Scripting MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "popup-maker 1.16.9 Contributor+.Stored.XSS.via.Subscription.Form MEDIUM" "popup-maker 1.16.5 Admin+.Stored.Cross-Site.Scripting LOW" "popup-maker 1.8.13 Multiple.Vulnerabilities CRITICAL" "popup-maker 1.8.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "popup-maker 1.6.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "payform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "propovoice No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "propovoice No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "pdf-for-wpforms 4.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.yeepdf_dotab.Shortcode MEDIUM" "payments-stripe-gateway No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payments-stripe-gateway 1.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "protect-uploads-with-login-page No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "protect-uploads-with-login-page No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pricer-ninja-pricing-tables No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-generator 1.7.2 Authenticated(Administrator+).SQL.Injection MEDIUM" "page-generator 1.6.6 Arbitrary.Keywords.Deletion/Duplication.via.CSRF MEDIUM" "page-generator 1.6.5 Admin+.Stored.Cross-Site.Scripting LOW" "page-generator 1.5.9 Reflected.Cross-Site.Scripting HIGH" "print-my-blog 3.27.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "print-my-blog 3.26.3 Missing.Authorization MEDIUM" "print-my-blog 3.25.2 Reflected.Cross-Site.Scripting MEDIUM" "print-my-blog 3.11.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "print-my-blog 3.4.2 Plugin.Deactivation.via.CSRF MEDIUM" "print-my-blog 1.6.6 Unauthenticated.Server.Side.Request.Forgery.(SSRF) CRITICAL" "pet-manager No.known.fix Reflected.XSS HIGH" "pet-manager No.known.fix Contributor+.Stored.XSS MEDIUM" "product-recommendation-quiz-for-ecommerce 2.1.2 Missing.Authorization.in.prq_set_token MEDIUM" "product-layouts 1.1.4 Reflected.Cross-Site.Scripting MEDIUM" "pushbiz No.known.fix Reflected.XSS HIGH" "pdf-generator-addon-for-elementor-page-builder 2.0.1 Unauthenticated.Arbitrary.File.Download HIGH" "pdf-generator-addon-for-elementor-page-builder 1.7.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pixfields 0.7.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "pixfields No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pixel-for-web-stories 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "product-websites-showcase No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "peters-custom-anti-spam-image 3.2.4 Cross-Site.Request.Forgery.via.cas_register_post.Function MEDIUM" "peters-custom-anti-spam-image 3.2.3 Reflected.XSS HIGH" "product-designer 1.0.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "product-designer 1.0.34 Unauthenticated.Arbitrary.Attachment.Deletion MEDIUM" "product-designer 1.0.33 Unauthenticated.PHP.Object.Injection CRITICAL" "packlink-pro-shipping 3.4.7 Missing.Authorization MEDIUM" "portfolio 2.40 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "podiant No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "peoplepond No.known.fix CSRF.to.Stored.XSS HIGH" "post-to-google-my-business 3.1.14 Reflected.Cross-Site.Scripting MEDIUM" "post-to-google-my-business 3.0.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premium-blog-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "phppoet-checkout-fields 3.5.13 Unauthenticated.Arbitrary.File.Upload CRITICAL" "plexx-elementor-extension 1.3.7 Contributor+.Stored.XSS MEDIUM" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "popup-contact-form No.known.fix Admin+.Stored.XSS LOW" "post-from-frontend No.known.fix Post.Deletion.via.CSRF MEDIUM" "passbeemedia-web-push-notifications No.known.fix Reflected.XSS HIGH" "publishpress 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "publishpress 3.5.1 Reflected.Cross-Site.Scripting HIGH" "pop-over-xyz No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pop-over-xyz No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pc-robotstxt 1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "progress-tracker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prismatic 2.8 Contributor+.Stored.XSS MEDIUM" "prismatic 2.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "promolayer-popup-builder 1.1.1 Missing.Authorization MEDIUM" "poptin 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "postman-smtp No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "process-steps-template-designer 1.3 CSRF.to.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "progress-bar 2.2.2 Contributor+.Stored.XSS MEDIUM" "pricingtable No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podcast-subscribe-buttons 1.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "podcast-subscribe-buttons 1.4.2 Contributor+.Stored.XSS MEDIUM" "pagemanager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "poll-wp 2.4.1 Admin+.SQLi MEDIUM" "poll-wp 2.4.0 Admin+.SQL.Injection MEDIUM" "poll-wp 1.5.9 Reflected.Cross-Site.Scripting HIGH" "poll-wp 1.3.4 Broken.Authentication.and.Missing.Capability.Checks.on.AJAX.calls CRITICAL" "post-thumbs No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "popup-manager No.known.fix Unauthenticated.Arbitrary.Popup.Deletion MEDIUM" "popup-manager No.known.fix Unauthenticated.Stored.XSS HIGH" "post-to-csv 1.4.1 Author+.CSV.Injection MEDIUM" "post-to-csv 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "post-plugin-library No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "playerjs 2.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pripre No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "podcast-importer-secondline 1.3.8 Admin+.SQLi MEDIUM" "podcast-importer-secondline 1.1.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "password-protect-page 1.9.6 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "password-protect-page 1.9.0 .Protection.Mechanism.Bypass MEDIUM" "password-protect-page 1.8.6 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "picu 2.4.1 Missing.Authorization MEDIUM" "planaday-api 11.5 Reflected.Cross-Site.Scripting MEDIUM" "prevent-file-access 2.5.2 Admin+.Arbitrary.File.Upload MEDIUM" "prezi-embedder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "payment-gateway-for-telcell 2.0.4 Unauthenticated.Open.Redirect MEDIUM" "photospace No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "photospace No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Missing.Authorization MEDIUM" "play-ht No.known.fix Cross-Site.Request.Forgery MEDIUM" "play-ht No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "popularis-extra 1.2.8 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "popularis-extra 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.13 Missing.Authorization.via.role.management.functions HIGH" "premmerce-user-roles 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-user-roles 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photo-gallery-builder No.known.fix Missing.Authorization MEDIUM" "pdf-rechnungsverwaltung No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "philantro 5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.donate.Shortcode MEDIUM" "philantro 5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.1.1 Reflected.XSS HIGH" "propertyhive 2.0.20 Cross-Site.Request.Forgery.via.save_account_details HIGH" "propertyhive 2.0.10 Missing.Authorization MEDIUM" "propertyhive 2.0.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.13 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "propertyhive 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "propertyhive 2.0.10 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "propertyhive 2.0.7 Missing.Authorization.via.activate_pro_feature MEDIUM" "propertyhive 2.0.6 Unauthenticated.PHP.Object.Injection.via.propertyhive_currency HIGH" "propertyhive 1.5.49 Reflected.XSS HIGH" "propertyhive 1.5.47 Reflected.XSS HIGH" "propertyhive 1.4.26 Unvalidated.Input.to.do_action() MEDIUM" "push-monkey-desktop-push-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "phastpress 1.111 Open.Redirect MEDIUM" "profilepro No.known.fix Subscriber+.Stored.Cross.Site.Scripting HIGH" "phzoom No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "page-and-post-restriction 1.3.7 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "page-and-post-restriction 1.3.5 Unauthenticated.Protected.Post.Access MEDIUM" "page-and-post-restriction 1.2.7 Admin+.Stored.Cross-Site.Scripting LOW" "page-scroll-to-id 1.7.9 Contributor+.Stored.XSS MEDIUM" "page-scroll-to-id 1.7.6 Contributor+.Stored.XSS MEDIUM" "project-app No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "pro-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-delivery-date 1.1.5 Reflected.Cross-Site.Scripting MEDIUM" "pb-mailcrypt-antispam-email-encryption No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pmpro-register-helper 1.8.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "pdfjs-viewer-shortcode 2.2 Arbitrary.JavaScript.Execution MEDIUM" "pdfjs-viewer-shortcode 2.1.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "pdfjs-viewer-shortcode 2.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "payment-gateway-payfabric 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-payfabric 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paypal-donations 1.9.9 Admin+.Stored.XSS LOW" "print-science-designer 1.3.153 Unauthenticated.PHP.Object.Injection HIGH" "pmpro-membership-maps 0.7 Membership.Maps.Add.On.<.0.7.-.Contributor+.Sensitive.Information.Disclosure MEDIUM" "powr-pack 2.2.0 Contributor+.Stored.XSS MEDIUM" "past-events-extension No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "past-events-extension No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "past-events-extension No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "posti-shipping 3.10.4 Cross-Site.Request.Forgery MEDIUM" "posti-shipping 3.10.4 Reflected.Cross-Site.Scripting MEDIUM" "posti-shipping 3.10.3 Full.Path.Disclosure MEDIUM" "premium-addons-pro 2.9.14 Contributor+.Stored.XSS MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Premium.Magic.Scroll.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Messenger.Chat.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multi.Scroll.Widget MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Global.Badge.Module MEDIUM" "premium-addons-pro 2.9.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Mouse.Cursor.Module MEDIUM" "premium-addons-pro 2.9.13 .Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.widget.link MEDIUM" "premium-addons-pro 2.8.25 Reflected.XSS HIGH" "product-size-chart-for-woo 1.1.6 Settings.Update.via.CSRF MEDIUM" "partdo-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "pixelyoursite 10.1.1.2 Unauthenticated.PHP.Object.Injection HIGH" "pixelyoursite 10.0.2 Settings.Update.via.CSRF MEDIUM" "pixelyoursite 9.7.2 Unauthenticated.Information.Exposure.and.Log.Deletion MEDIUM" "pixelyoursite 9.6.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pixelyoursite 9.3.7 Admin+.Stored.Cross-Site.Scripting LOW" "pixelyoursite 5.3.0 XSS MEDIUM" "perfect-survey 1.5.2 Unauthorised.AJAX.Call.to.Stored.XSS./.Survey.Settings.Update HIGH" "perfect-survey 1.5.2 Reflected.Cross-Site.Scripting HIGH" "perfect-survey 1.5.2 Unauthenticated.SQL.Injection HIGH" "perfect-survey No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "powies-whois 0.9.33 Authenticated.Stored.Cross-Site.Scripting LOW" "photo-feed No.known.fix Reflected.XSS HIGH" "post-status-notifier 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization MEDIUM" "page-builder-sandwich No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "page-builder-sandwich No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Arbitrary.Post.Editing MEDIUM" "page-builder-sandwich No.known.fix Sensitive.Information.Exposure MEDIUM" "page-builder-sandwich No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-builder-sandwich 4.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-type-archive-mapping No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-type-archive-mapping 5.3.0 Missing.Authorization.via.REST.Routes MEDIUM" "papercite No.known.fix Missing.Authorization MEDIUM" "peepso-photos 6.3.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "popup-more 2.3.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popup-more 2.2.5 Admin+.Directory.Traversal.to.Limited.Local.File.Inclusion MEDIUM" "push-notification-for-post-and-buddypress 2.12 Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "push-notification-for-post-and-buddypress 2.08 Reflected.Cross-Site.Scripting MEDIUM" "push-notification-for-post-and-buddypress 1.9.4 Multiple.Unauthenticated.SQLi HIGH" "poll-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prenotazioni No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "portfolio-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer 1.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "password-for-wp 1.6 Stored.XSS.via.CSRF HIGH" "project-panorama-lite No.known.fix Admin+.Stored.XSS LOW" "project-panorama-lite 1.5.1 WordPress.Project.Management.<.1.5.1.-.Admin+.Stored.XSS LOW" "post-thumbnail-editor No.known.fix Sensitive.Information.Exposure MEDIUM" "platinum-seo-pack No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "partners No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "price-alert-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-grid-elementor-addon 2.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-elementor-addon 2.0.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag MEDIUM" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion.via.post_type_ajax_handler() HIGH" "post-grid-carousel-ultimate 1.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-grid-carousel-ultimate 1.6.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-grid-carousel-ultimate 1.6.8 Authenticated.(Contributor+).PHP.Object.Injection.in.outpost_shortcode_metabox_markup HIGH" "post-grid-carousel-ultimate 1.5.0 Admin+.Stored.XSS LOW" "posts-reminder No.known.fix Settings.Update.via.CSRF MEDIUM" "push-notification-for-wp-by-pushassist No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "push-notification-for-wp-by-pushassist No.known.fix Reflected.Cross-Site.Scripting HIGH" "pit-login-welcome No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "portable-phpmyadmin No.known.fix /pma/phpinfo.php.Direct.Request.System.Information.Disclosure CRITICAL" "portable-phpmyadmin No.known.fix Multiple.Script.Direct.Request.Authentication.Bypass CRITICAL" "penci-data-migrator 1.3.1 Unauthenticated.Local.File.Inclusion CRITICAL" "postcode-redirect 5.0.0 Reflected.Cross-Site.Scripting MEDIUM" "postcode-redirect 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-loading-effects 3.0.0 Admin+.Stored.XSS LOW" "photoblocks-grid-gallery 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "photoblocks-grid-gallery 1.2.9 Cross-Site.Request.Forgery MEDIUM" "photoblocks-grid-gallery 1.2.7 Contributor+.Stored.XSS MEDIUM" "photoblocks-grid-gallery 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "photoblocks-grid-gallery 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "photoblocks-grid-gallery 1.1.43 Authenticated.Reflected.XSS HIGH" "photoblocks-grid-gallery 1.1.41 Unauthenticated.Reflected.XSS MEDIUM" "pmpro-mailchimp 2.3.5 Unauthenticated.Information.Disclosure MEDIUM" "pagepost-specific-social-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "post-carousel-divi 1.2 Reflected.Cross-Site.Scripting MEDIUM" "post-carousel-divi 1.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-carousel 3.0.1 Editor+.Stored.XSS LOW" "post-carousel 2.4.28 Editor+.Stored.XSS LOW" "post-carousel 2.4.19 Contributor+.Stored.XSS MEDIUM" "post-carousel 2.3.5 CSRF.Bypass./.Unauthorised.AJAX.Calls MEDIUM" "picture-gallery 1.5.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.5.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videowhisper_picture_upload_guest.Shortcode MEDIUM" "picture-gallery 1.5.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "picture-gallery 1.4.4 Authenticated.Stored.XSS LOW" "powers-triggers-of-woo-to-chat No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "persian-woocommerce 9.0.0 Missing.Authorization MEDIUM" "persian-woocommerce 5.9.8 Reflected.Cross-Site.Scripting MEDIUM" "ptypeconverter No.known.fix Authenticated.(Editor+).SQL.Injection HIGH" "print-invoices-packing-slip-labels-for-woocommerce 4.7.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.3 Missing.Authorization.to.Unauthenticated.Settings.Reset MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.1 Reflected.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.4.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.1 Subscriber+.Arbitrary.Order.Export MEDIUM" "print-invoices-packing-slip-labels-for-woocommerce 4.3.0 Shop.Manager+.Arbitrary.Options.Update HIGH" "pwa-for-wp 1.7.73 Missing.Authorization MEDIUM" "pwa-for-wp 1.7.72 PWA.For.WP.&.AMP.<.1,7,72.Administrator+.Stored.XSS LOW" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "pwa-for-wp 1.7.33 Authenticated.(Subscriber+).Settings.Change MEDIUM" "paypal-payment-button-by-vcita 3.30.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita 3.30.0 Contributor+.Stored.XSS MEDIUM" "paypal-payment-button-by-vcita 3.10.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "paypal-payment-button-by-vcita No.known.fix CSRF.to.Stored.XSS.in.settings.page MEDIUM" "powerpress 11.9.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.skipto.Shortcode MEDIUM" "powerpress 11.9.18 Author+.XSS MEDIUM" "powerpress 11.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.media_url.Parameter MEDIUM" "powerpress 11.9.6 Injected.Backdoor CRITICAL" "powerpress 11.0.12 Contributor+.Stored.XSS HIGH" "powerpress 11.0.7 Contributor+.SSRF MEDIUM" "powerpress 10.0.2 Contributor+.Stored.XSS MEDIUM" "powerpress 10.0.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "powerpress 8.3.8 Authenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "powerpress 6.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "powerpress 6.0.1 Cross-Site.Scripting.(XSS) CRITICAL" "panorama 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "panorama 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-saint No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "premmerce-woocommerce-multi-currency 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-multi-currency 2.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-status-notifier-lite 1.11.7 Reflected.Cross-Site.Scripting.via.page MEDIUM" "post-status-notifier-lite 1.11.1 Reflected.Cross-Site.Scripting MEDIUM" "post-status-notifier-lite 1.10.1 Reflected.XSS HIGH" "paypal-gift-certificate No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.wpppgc_plugin_options MEDIUM" "post-snippets 4.0.4 Reflected.Cross-Site.Scripting MEDIUM" "post-snippets 4.0.3 Admin+.Stored.XSS LOW" "post-snippets 3.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-snippets 3.1.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "post-snippets 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "prevent-content-copy-image-save No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "pdf-block No.known.fix Contributor+.Stored.XSS MEDIUM" "pdf24-posts-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "publish-confirm-message 2.0 Settings.Update.via.CSRF MEDIUM" "postify-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "permalinks-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-pay-counter 2.790 Reflected.XSS HIGH" "post-pay-counter 2.731 PHP.Obj.Injection.&.Access.Control.Issues CRITICAL" "pocket-widget No.known.fix Admin+.Stored.XSS LOW" "page-or-post-clone 6.1 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Sensitive.Information.Exposure MEDIUM" "precious-metals-chart-and-widgets 1.2.9 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "piotnetforms 1.0.29 Unauthenticated.Arbitrary.File.Upload CRITICAL" "piotnetforms 1.0.30 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "piotnetforms No.known.fix Unauthenticated.Arbitrary.File.Upload HIGH" "pardakht-delkhah 2.9.9 Form.Fields.Reset.via.CSRF MEDIUM" "pardakht-delkhah 2.9.3 Unauthenticated.Stored.XSS HIGH" "prime-addons-for-elementor 2.0.2 Authenticated.(Contributor+).Insecure.Direct.Object.Reference.via.pae_global_block.Shortcode MEDIUM" "plugins-list 2.5.1 Admin+.Stored.XSS LOW" "pie-register No.known.fix Sensitive.Information.Exposure.via.Log.Files MEDIUM" "pie-register 3.8.3.5 Basic.<=.3.8.3.4.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation.and.Activation/Deactivation HIGH" "pie-register 3.8.3.3 Unauthenticated.Arbitrary.File.Upload HIGH" "pie-register 3.8.2.3 Open.Redirect MEDIUM" "pie-register 3.8.1.3 Unauthenticated.Arbitrary.User.Deletion HIGH" "pie-register 3.7.2.4 Open.Redirect MEDIUM" "pie-register 3.1.7.6 Unauthenticated.Arbitrary.Login CRITICAL" "pie-register 3.7.1.6 Unauthenticated.SQL.Injection HIGH" "pie-register 3.7.0.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pie-register 3.1.2 SQL.Injection CRITICAL" "pie-register 3.0.18 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "page-visit-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-visit-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ps-ads-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-catalog-feed 2.2.0 Cross-Site.Request.Forgery MEDIUM" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "product-catalog-feed 2.1.1 Reflected.XSS HIGH" "plugmatter-optin-feature-box-lite 2.0.14 Unauthenticated.Blind.SQL.Injection CRITICAL" "photoswipe-masonry 1.2.15 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "pootle-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pootle-button 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "password-protected 2.6.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "password-protected 2.6.7 Admin+.Stored.XSS LOW" "password-protected 2.6.3.2 Reflected.Cross-Site.Scripting MEDIUM" "password-protected 2.6.3 Admin+.Stored.XSS LOW" "postpage-import-export-with-custom-fields-taxonomies 2.0.4 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "postpage-import-export-with-custom-fields-taxonomies 2.0.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "plezi 1.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plezi 1.0.3 Unauthenticated.Stored.XSS HIGH" "porto-functionality 3.1.0 Functionality.<.3.1.0.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto-functionality 3.1.1 Functionality.<.3.1.1.-.Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "porto-functionality No.known.fix Functionality.<.2.12.1.-.Missing.Authorization MEDIUM" "porto-functionality No.known.fix Functionality.<.2.12.1.-.Unauthenticated.SQL.Injection CRITICAL" "pdf-catalog-woocommerce 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pinterest-pin-it-button-on-image-hover-and-post 3.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "popup4phone No.known.fix Unauthenticated.Stored.XSS HIGH" "popup4phone No.known.fix Editor+.Stored.XSS LOW" "post-connector 1.0.10 Admin+.Stored.Cross-Site.Scripting MEDIUM" "post-connector 1.0.4 XSS MEDIUM" "parallaxer-lite-parallax-effects-on-images No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "permalink-manager-pro 2.2.15 Reflected.Cross-Site.Scripting MEDIUM" "pollin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pollin No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "page-parts 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "patreon-connect 1.9.2 Missing.Authorization MEDIUM" "patreon-connect 1.9.1 Protection.Mechanism.Bypass MEDIUM" "patreon-connect 1.8.8 Cross-Site.Request.Forgery MEDIUM" "patreon-connect 1.8.2 Admin+.Stored.Cross-Site.Scripting LOW" "patreon-connect 1.7.2 Reflected.XSS.on.patreon_save_attachment_patreon_level.AJAX.action HIGH" "patreon-connect 1.7.0 CSRF.to.Overwrite/Create.User.Meta MEDIUM" "patreon-connect 1.7.2 Reflected.XSS.on.Login.Form HIGH" "patreon-connect 1.7.0 Unauthenticated.Local.File.Disclosure HIGH" "patreon-connect 1.7.0 CSRF.to.Disconnect.Sites.From.Patreon MEDIUM" "patreon-connect 1.2.2 PHP.Object.Injection CRITICAL" "posttabs No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "pricing-table-by-supsystic 1.9.13 Admin+.Content.Injection LOW" "pricing-table-by-supsystic 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.9 Authenticated.SQL.Injections CRITICAL" "pricing-table-by-supsystic 1.9.0 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "pricing-table-by-supsystic 1.8.2 Unauthenticated.Stored.XSS HIGH" "pricing-table-by-supsystic 1.8.2 Insecure.Permissions.on.AJAX.Actions HIGH" "pricing-table-by-supsystic 1.8.1 Cross-Site.Request.Forgery.to.XSS.and.Setting.Changes HIGH" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS MEDIUM" "premmerce-redirect-manager 1.0.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-redirect-manager 1.0.11 Cross-Site.Request.Forgery MEDIUM" "premmerce-redirect-manager 1.0.12 Admin+.Stored.XSS LOW" "premmerce-redirect-manager 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "popup-by-supsystic 1.10.30 Admin+.Remote.Code.Execution MEDIUM" "popup-by-supsystic 1.10.28 Missing.Authorization MEDIUM" "popup-by-supsystic 1.10.20 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "popup-by-supsystic 1.10.19 Prototype.Pollution MEDIUM" "popup-by-supsystic 1.10.9 Unauthenticated.Subscriber.Email.Addresses.Disclosure HIGH" "popup-by-supsystic 1.10.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "popup-by-supsystic 1.7.9 Cross-Site.Request.Forgery.(CSRF) HIGH" "post-title-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pkt1-centro-de-envios 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "postmatic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "postmatic 2.2.10 Subscriber+.PHP.Object.Injection MEDIUM" "postmatic 2.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "postmatic 1.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "post-carousel-slider-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "petfinder-listings 1.1 Admin+.Stored.Cross-Site.Scripting LOW" "platformly-for-woocommerce 1.1.7 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "pocket-news-generator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "pocket-news-generator No.known.fix .Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "page-health-o-meter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "page-views-count 2.6.1 Contributor+.Stored.XSS MEDIUM" "page-views-count 2.5.6 Settings.Reset.via.CSRF MEDIUM" "page-views-count 2.4.15 Unauthenticated.SQL.Injection HIGH" "page-views-count 2.4.9 Contributor+.Stored.XSS MEDIUM" "photo-gallery-pearlbells No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation MEDIUM" "personalize-woocommerce-cart-page 4.0 Missing.Authorization.to.Unuthenticated.Settings.Update MEDIUM" "personalize-woocommerce-cart-page 2.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "post-slider-carousel 1.0.21 Admin+.Stored.XSS LOW" "payment-page 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "payment-page 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "patron-button-and-widgets-by-codebard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Cross-Site.Request.Forgery MEDIUM" "patron-button-and-widgets-by-codebard 2.2.0 Reflected.XSS MEDIUM" "patron-button-and-widgets-by-codebard 2.1.9 Reflected.XSS HIGH" "pdf-generator-for-wp 1.1.2 Reflected.XSS HIGH" "product-expiry-for-woocommerce 2.6 Subscriber+.Settings.Update MEDIUM" "parcelpanel 4.3.3 Reflected.Cross-Site.Scripting MEDIUM" "parcelpanel 3.9.0 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "profile-builder-pro 3.10.1 Cross-Site.Request.Forgery HIGH" "profile-builder-pro 3.10.1 Authenticated.(Subscriber+).Time-Based.One-Time.Password.Sensitive.Information.Exposure MEDIUM" "profile-builder-pro 3.10.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder-pro 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder-pro 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "plenigo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "publish-post-email-notification 1.0.2.3 Admin+.Stored.XSS LOW" "pingmeter-uptime-monitoring No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perfect-portal-widgets 3.0.4 Contributor+.Stored.XSS MEDIUM" "pre-orders-for-woocommerce 1.2.14 Contributor+.Stored.XSS MEDIUM" "pin-locations-on-map No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "prepost-seo No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "post-duplicator 2.36 Missing.Authorization MEDIUM" "post-duplicator 2.37 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "post-duplicator 2.32 Missing.Authorization.via.mtphr_duplicate_post MEDIUM" "post-duplicator 2.27 Admin+.Stored.Cross-Site.Scripting LOW" "post-type-modifier-simple 1.04 Reflected.Cross-Site.Scripting MEDIUM" "product-category-tree No.known.fix Reflected.XSS HIGH" "product-category-tree No.known.fix CSRF MEDIUM" "post-content-xmlrpc No.known.fix Admin+.SQL.Injections HIGH" "portfolio-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "portfolio-elementor 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "portfolio-elementor 2.1.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pretty-url No.known.fix Cross-Site.Request.Forgery MEDIUM" "pretty-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pretty-url No.known.fix Admin+.Stored.XSS.in.plugin.settings LOW" "page-builder-by-azexo No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "page-builder-by-azexo No.known.fix Subscriber+.Post.Creation MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "page-builder-by-azexo No.known.fix Cross-Site.Request.Forgery.(CSRF).to.Stored.XSS MEDIUM" "pdf-print 2.0.3 Unauthenticated.Cross-Site-Scripting.(XSS) MEDIUM" "pdf-print 1.9.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "protected-posts-logout-button 1.4.6 Admin+.Stored.XSS LOW" "protected-posts-logout-button 1.4.5 Settings.Update.via.CSRF MEDIUM" "protected-posts-logout-button 1.4.6 Missing.Authorization MEDIUM" "pb-seo-friendly-images No.known.fix Admin+.Stored.XSS LOW" "postmagthemes-demo-import 1.0.8 Admin+.Arbitrary.File.Upload MEDIUM" "podlove-subscribe-button 1.3.11 Authenticated.(Contributor+).SQL.Injection HIGH" "podlove-subscribe-button 1.3.9 Admin+.Stored.XSS LOW" "podlove-subscribe-button 1.3.9 Multiple.CSRF MEDIUM" "private-files No.known.fix Protection.Disabling.via.CSRF MEDIUM" "prime-mover 1.9.3 Directory.Listing.to.Sensitive.Data.Exposure HIGH" "prime-mover 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "prime-mover 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "peters-collaboration-e-mails No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "puredevs-customer-history-for-woocommerce 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "plugins-on-steroids 4.1.3 Missing.Authorization.via.update_options MEDIUM" "pdf-embedder 4.8.0 Arbitrary.JavaScript.Execution MEDIUM" "pdf-embedder 4.7.1 Contributor+.Stored.XSS MEDIUM" "plerdy-heatmap 1.3.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "panda-pods-repeater-field 1.5.4 Reflected.XSS HIGH" "platformly 1.14 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "pondol-formmail No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Cross-Site.Request.Forgery MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Missing.Authorization.to.Arbitrary.Post/Page.Deletion MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor-pro No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "paid-membership 2.9.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "paid-membership 1.9.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "premium-blocks-for-gutenberg 2.1.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.34 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-blocks-for-gutenberg 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pray-for-me No.known.fix Settings.Update.via.CSRF MEDIUM" "pray-for-me No.known.fix Unauthenticated.Stored.XSS HIGH" "post-list-with-featured-image No.known.fix Reflected.XSS HIGH" "proofreading 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "proofreading 1.1 Reflected.XSS HIGH" "pdf-invoicing-for-woocommerce 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "product-filter-for-woocommerce-product No.known.fix Unauthenticated.SQLi HIGH" "profile-builder 3.13.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "profile-builder 3.12.2 Admin+.Stored.Cross.Site.Scripting LOW" "profile-builder 3.11.9 Unauthenticated.Privilege.Escalation CRITICAL" "profile-builder 3.11.8 Unauthenticated.Media.Upload MEDIUM" "profile-builder 3.11.3 Restricted.Email.Bypass MEDIUM" "profile-builder 3.10.9 Missing.Authorization.to.Plugin.Settings.Change.via.wppb_two_factor_authentication_settings_update HIGH" "profile-builder 3.10.8 Contributor+.User.Metadata.Disclosure MEDIUM" "profile-builder 3.10.4 Plugins.Activation/Deactivation.CSRF MEDIUM" "profile-builder 3.9.8 Unauthenticated.Plugin's.Pages.Creation MEDIUM" "profile-builder 3.9.1 Subscriber+.Arbitrary.User.Meta.Disclosure MEDIUM" "profile-builder 3.9.1 Unauthorised.Password.Reset HIGH" "profile-builder 3.6.1 Settings.Import.via.CSRF LOW" "profile-builder 3.6.8 Admin+.Stored.Cross-Site.Scripting LOW" "profile-builder 3.6.2 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "profile-builder 3.4.9 Admin.Access.via.Password.Reset CRITICAL" "profile-builder 3.4.8 Authenticated.Stored.XSS MEDIUM" "profile-builder 3.3.3 Authenticated.Blind.SQL.Injection MEDIUM" "profile-builder 3.1.1 User.Registration.With.Administrator.Role CRITICAL" "profile-builder 2.5.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 2.4.1 Privilege.Escalation HIGH" "profile-builder 2.2.5 XSS MEDIUM" "profile-builder 2.1.4 Missing.Access.Controls HIGH" "profile-builder 2.0.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "profile-builder 1.1.60 Password.Recovery.Bypass MEDIUM" "profile-builder 1.1.66 Multiple.XSS MEDIUM" "publishpress-authors 4.7.4 Authenticated.(Administrator+).SQL.Injection MEDIUM" "publishpress-authors 4.7.2 Insecure.Direct.Object.Reference.to.Authenticated.(Author+).Arbitrary.User.Email.Update.and.Account.Takeover HIGH" "post-types-carousel-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-types-carousel-slider 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-search 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-search 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "paid-member-subscriptions 2.13.8 Authentication.Bypass.via.pms_payment_id CRITICAL" "paid-member-subscriptions 2.13.5 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "paid-member-subscriptions 2.13.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "paid-member-subscriptions 2.12.9 Reflected.Cross-Site.Scripting MEDIUM" "paid-member-subscriptions 2.11.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.pms_stripe_connect_handle_authorization_return MEDIUM" "paid-member-subscriptions 2.11.2 Missing.Authorization.via.creating_pricing_table_page MEDIUM" "paid-member-subscriptions 2.10.5 Cross-Site.Request.Forgery.via.ajax_add_log_entry MEDIUM" "paid-member-subscriptions 2.4.2 Authenticated.SQL.Injection MEDIUM" "paid-member-subscriptions 2.4.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "preloader-sws No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "post-by-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "phraseanet-client No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payflex-payment-gateway 2.6.2 Open.Redirect MEDIUM" "payflex-payment-gateway 2.6.0 Missing.Authorization.to.Order.Status.Update MEDIUM" "posts-and-products-views 2.1.1 Contributor+.Stored.XSS MEDIUM" "people-lists 2.0.0 Missing.Authorization MEDIUM" "plugversions 0.0.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Creation HIGH" "piotnet-addons-for-elementor 2.4.33 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "piotnet-addons-for-elementor 2.4.32 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "piotnet-addons-for-elementor 2.4.32 Contributor+.Stored.XSS MEDIUM" "piotnet-addons-for-elementor 2.4.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.30 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "piotnet-addons-for-elementor 2.4.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widget.Attributes HIGH" "piotnet-addons-for-elementor 2.4.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "piotnet-addons-for-elementor 2.4.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "piotnet-addons-for-elementor 2.4.27 Contributor+.Stored.XSS MEDIUM" "provide-forex-signals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "predict-when No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "preloader-for-website 1.3 Missing.Authorization.via.plwao_register_settings() MEDIUM" "parone 1.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "phone-orders-for-woocommerce 3.7.2 Subscriber+.Sensitive.Data.Exposure MEDIUM" "phpsword-favicon-manager No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "posts-filter No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "password-protect-plugin-for-wordpress No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "parsi-font 4.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "popup-zyrex 1.1 Admin+.Arbitrary.File.Upload MEDIUM" "push-envoy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "podlove-web-player 5.7.4 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "podlove-web-player 5.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "php-execution-plugin No.known.fix Settings.Update.via.CSRF HIGH" "progress-planner 0.9.3 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "progress-planner 0.9.2 Missing.Authorization MEDIUM" "phoenix-media-rename 3.4.4 Author.Arbitrary.Media.File.Renaming MEDIUM" "property-hive-stamp-duty-calculator 1.0.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.13 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-brands 1.2.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "page-and-post-lister No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "product-image-watermark-for-woo 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "package-quantity-xforwc 1.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "postbox-email-logs 1.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Log.Export MEDIUM" "payment-gateway-groups-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "payment-gateway-groups-for-woocommerce 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-and-page-reactions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "photo-video-gallery-master No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "private-google-calendars 20240106 Contributor+.Stored.XSS MEDIUM" "payment-form-for-paypal-pro 1.1.65 Unauthenticated.SQL.Injection CRITICAL" "payment-form-for-paypal-pro 1.0.2 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "product-blocks-for-woocommerce 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pixcodes 2.3.7 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "plugmatter-pricing-table No.known.fix Reflected.Cross-Site.Scripting HIGH" "premmerce-woocommerce-product-filter 3.7.3 Missing.Authorization MEDIUM" "premmerce-woocommerce-product-filter 3.7.2 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-product-filter 3.6.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-product-filter 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "post-category-image-with-grid-and-slider 1.4.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "paritypress 1.0.1 Admin+.Stored.XSS LOW" "promotion-slider No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "pdf-invoices-and-packing-slips-for-woocommerce 1.3.8 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "per-page-add-to No.known.fix Authenticated.Stored.XSS LOW" "per-page-add-to 1.4.4 CSRF.to.Stored.XSS HIGH" "player No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "player No.known.fix Reflected.XSS HIGH" "pubydoc-data-tables-and-charts No.known.fix Admin+.Stored.XSS MEDIUM" "pagemash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "paytm-payments 2.7.7 Editor+.SQLi MEDIUM" "photo-contest No.known.fix CSRF.Bypass MEDIUM" "photo-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "password-protected-woo-store 2.3 Unauthenticated.Arbitrary.Post.Tile.&.Content.Access MEDIUM" "php-compatibility-checker 1.6.0 Cross-Site.Request.Forgery MEDIUM" "primer-mydata 4.2.2 Reflected.Cross-Site.Scripting MEDIUM" "pagebar 2.70 Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "parallax-slider-block 1.2.6 Author+.Stored.XSS MEDIUM" "product-filter-widget-for-elementor 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "pronamic-google-maps 2.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.3 Cross-Site.Request.Forgery.via.ajax_transcript_delete.Function MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Feed.Name MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.24 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 4.2.1 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 4.1.17 Authenticated.(Admin+).Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.1.14 Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "podlove-podcasting-plugin-for-wordpress 4.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.15 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.1.1 Missing.Authorization MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.14 Authenticated.(Contributor+).SQL.Injection CRITICAL" "podlove-podcasting-plugin-for-wordpress 4.0.10 Reflected.Cross-Site.Scripting MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Settings.Import MEDIUM" "podlove-podcasting-plugin-for-wordpress 4.0.12 Missing.Authorization.to.Unauthenticated.Data.Export MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.4 Cross-Site.Request.Forgery MEDIUM" "podlove-podcasting-plugin-for-wordpress 3.8.3 Admin+.Stored.XSS LOW" "podlove-podcasting-plugin-for-wordpress 3.5.6 Unauthenticated.SQL.Injection MEDIUM" "podlove-podcasting-plugin-for-wordpress 2.6.0 Authenticated.SQL.Injection HIGH" "podlove-podcasting-plugin-for-wordpress 2.3.16 Multiple.SQLi.&.XSS CRITICAL" "photo-video-store No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "photo-video-store No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "photoxhibit No.known.fix Reflected.XSS.Issues MEDIUM" "photo-image-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-input-fields-for-woocommerce 1.12.1 Unauthenticated.Limited.File.Upload HIGH" "product-input-fields-for-woocommerce 2.0 .Contributor+.Arbitrary.File.Read MEDIUM" "product-input-fields-for-woocommerce 1.8.0 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "product-input-fields-for-woocommerce 1.2.7 Unauthenticated.File.Download HIGH" "pressforward 5.2.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pie-calendar 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.piecal.Shortcode MEDIUM" "pubsubhubbub 3.2.0 Admin+.Stored.XSS MEDIUM" "phonetrack-meu-site-manager No.known.fix Authenticated.Stored.XSS MEDIUM" "private-content No.known.fix Unauthenticated.Privilege.Escalation.via.Account.Takeover CRITICAL" "private-content 8.4.4 Brute.Force.Protection.Bypass MEDIUM" "perfmatters 2.1.7 Cross-Site.Request.Forgery MEDIUM" "perfmatters 2.2.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Reflected.Cross-Site.Scripting MEDIUM" "perfmatters 2.1.7 Missing.Authorization MEDIUM" "premmerce-woocommerce-wishlist 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wishlist 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wishlist 1.1.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "pre-publish-checklist 1.1.2 Insecure.Direct.Object.Reference.to.Arbitrary.Post.'_ppc_meta_key'.Update MEDIUM" "postaffiliatepro 1.26.10 Admin+.Stored.XSS LOW" "push-notifications-for-wp 6.0.1 Settings.Update.via.CSRF MEDIUM" "permalink-finder No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "php-everywhere 3.0.0 Contributor+.RCE.via.Metabox CRITICAL" "php-everywhere 3.0.0 Subscriber+.RCE.via.Shortcode CRITICAL" "php-everywhere 3.0.0 Contributor+.RCE.via.Gutenberg.Block CRITICAL" "php-everywhere 2.0.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "product-configurator-for-woocommerce 1.2.32 Unauthenticated.Arbitrary.File.Deletion HIGH" "portfolio-wp 2.1.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "playlist-for-youtube No.known.fix Editor+.Stored.XSS LOW" "ps-phpcaptcha 1.2.0 PS.PHPCaptcha.<.1,2,0.-Denial.of.Service CRITICAL" "ppo-call-to-actions No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "peepso-core No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.4.6.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.content.Parameter MEDIUM" "peepso-core 6.4.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.7.1 Unauthenticated.Sensitive.Information.Disclosure.via.Log.file MEDIUM" "peepso-core 6.3.1.2 User.Post.Creation.via.CSRF MEDIUM" "peepso-core 6.3.1.2 Reflected.XSS HIGH" "peepso-core 6.2.7.0 Reflected.Cross-Site.Scripting HIGH" "peepso-core 6.2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "peepso-core 6.2.0.0 Cross-Site.Request.Forgery.via.delete MEDIUM" "peepso-core 6.0.3.0 Multiple.CSRF MEDIUM" "peepso-core 1.6.1 Authenticated.Privilege.Escalation HIGH" "print-page 1.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "product-table-for-woocommerce 1.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "php-to-page No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion.to.Remote.Code.Execution.via.Shortcode CRITICAL" "parsian-bank-gateway-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting HIGH" "product-loops 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "project-status No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "private-messages-for-wordpress No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "private-messages-for-wordpress No.known.fix Arbitrary.Message.Sent.via.CSRF MEDIUM" "product-visibility-by-country-for-woocommerce No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "popup-modal-for-youtube No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "pixproof No.known.fix Missing.Authorization MEDIUM" "price-calculator-to-your-website No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "portfolio-responsive-gallery 1.1.8 Authenticated.Blind.SQL.Injections HIGH" "portfolio-responsive-gallery 1.1.8 Reflected.Cross-Site.Scripting.(XSS) HIGH" "pdf-invoices-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pressference-exporter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "pricing-tables-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wdo_pricing_tables.Shortcode MEDIUM" "pcrecruiter-extensions 1.4.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pure-chat 2.41 Reflected.Cross-Site.Scripting.via.purechatWidgetName.Parameter MEDIUM" "pure-chat 2.23 Cross-Site.Request.Forgery MEDIUM" "pure-chat No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.57 Missing.Authorization LOW" "premium-addons-for-elementor 4.10.61 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Video.Box.Widget MEDIUM" "premium-addons-for-elementor 4.10.53 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Media.Grid.Widget MEDIUM" "premium-addons-for-elementor 4.10.39 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Content.Deletion.and.Arbitrary.Title.Update MEDIUM" "premium-addons-for-elementor 4.10.37 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Animated.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.36 Regular.Expressions.Denial.of.Service LOW" "premium-addons-for-elementor 4.10.36 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "premium-addons-for-elementor 4.10.34 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text.Widget MEDIUM" "premium-addons-for-elementor 4.10.32 Missing.Authorization.to.Information.Disclosure MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.DOM-Based.Stored.Cross-Site.Scripting.via.Global.Tooltip MEDIUM" "premium-addons-for-elementor 4.10.32 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.31 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.29 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.26 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Contributor+.Stored.Cross-Site.Scripting.via.Wrapper.Link.Widget MEDIUM" "premium-addons-for-elementor 4.10.28 Contributor+.Stored.Cross-Site.Scripting.via.Button MEDIUM" "premium-addons-for-elementor 4.10.25 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.23 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "premium-addons-for-elementor 4.10.24 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.22 Contributor+.Stored.XSS MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.19 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.10.17 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "premium-addons-for-elementor 4.5.2 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "premium-addons-for-elementor 4.2.8 Contributor+.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "pdf-viewer-by-themencode 3.2.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "pdf-viewer-by-themencode 2.9.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "popup-maker-wp 1.3.7 Subscriber+.Stored.XSS HIGH" "posturinn 1.3.3 Reflected.XSS HIGH" "pjw-mime-config No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "portfolio-builder-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "photospace-responsive 2.1.2 Admin+.Stored.XSS MEDIUM" "photographer-connections No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "plainview-protect-passwords No.known.fix Cross-Site.Request.Forgery MEDIUM" "plainview-protect-passwords No.known.fix Reflected.XSS HIGH" "persian-fonts No.known.fix Admin+.Stored.XSS LOW" "projectopia-core 5.1.8 Missing.Authorization.to.Privilege.Escalation.via.pto_reset_password() CRITICAL" "projectopia-core 5.1.5 Reflected.Cross-Site.Scripting MEDIUM" "projectopia-core 5.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "plugin-groups 2.0.7 Missing.Authorization.to.Unauthenticated.Denial.of.Service MEDIUM" "pdf24-post-to-pdf No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "poll-maker 5.6.6 Authenticated.(Administrator+).SQL.Injection MEDIUM" "poll-maker 5.5.4 Admin+.Stored.XSS LOW" "poll-maker 5.5.7 Missing.Authorization MEDIUM" "poll-maker 5.5.5 Unauthenticated.HTML.Injection MEDIUM" "poll-maker 5.5.5 Cross-Site.Request.Forgery.to.Poll.Duplication MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Time-Based.SQL.Injection MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Poll.Settings MEDIUM" "poll-maker 5.4.7 Authenticated.(Administrator+).SQL.Injection.via.Order_by.Parameter MEDIUM" "poll-maker 5.1.9 Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "poll-maker 5.1.9 .Missing.Authorization.to.Unauthenticated.Email.Enumeration MEDIUM" "poll-maker 4.8.1 Missing.Authorization MEDIUM" "poll-maker 4.7.2 Missing.Authorization MEDIUM" "poll-maker 4.7.1 Reflected.XSS HIGH" "poll-maker 4.0.2 Admin+.Stored.Cross-Site.Scripting LOW" "poll-maker 3.4.2 Unauthenticated.Time.Based.SQL.Injection CRITICAL" "poll-maker 3.2.9 Reflected.Cross-Site.Scripting HIGH" "poll-maker 3.2.1 Authenticated.Blind.SQL.Injections HIGH" "pepro-cf7-database 1.9.0 Cross-Site.Request.Forgery MEDIUM" "pepro-cf7-database 1.8.0 Unauthenticated.Stored.XSS HIGH" "preview-link-generator 1.0.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "pinterest-rss-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "product-customizer-light No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "price-commander-xforwc 1.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "private-only No.known.fix CSRF.&.XSS HIGH" "prime-affiliate-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "popup-surveys No.known.fix Missing.Authorization MEDIUM" "premmerce 1.3.18 Reflected.Cross-Site.Scripting MEDIUM" "premmerce 1.3.17 Cross-Site.Request.Forgery MEDIUM" "premmerce 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pdf-thumbnail-generator 1.4 Reflected.Cross-Site.Scripting MEDIUM" "premium-seo-pack 1.6.002 Authenticated.(Contributor+).SQL.Injection MEDIUM" "premium-seo-pack No.known.fix Unauthenticated.Information.Exposure MEDIUM" "post-and-page-builder 1.27.7 Path.Traversal.to.Authenticated.(Contributor+).Arbitrary.File.Read.via.template_via_url.Function MEDIUM" "post-and-page-builder 1.27.6 Contributor+.Stored.XSS MEDIUM" "post-and-page-builder 1.26.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "post-and-page-builder 1.26.5 Authenticated.(Contributer+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.26.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "post-and-page-builder 1.24.2 Editor.Settings.Update.via.CSRF MEDIUM" "post-indexer 3.0.6.2 Authenticated.SQL.Injection HIGH" "post-indexer 3.0.6.2 PHP.Object.Injection.via.MitM HIGH" "pdq-csv 2.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "plestar-directory-listing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pagelayer 2.0.0 Missing.Authorization.to.Authenticated.(Contributor+).Post.Publication MEDIUM" "pagelayer 1.9.9 Authenticated.(Contributor+).Private.Post.Disclosure.in.pagelayer_builder_posts_shortcode MEDIUM" "pagelayer 1.9.9 Cross-Site.Request.Forgery.(CSRF).To.Post.Contents.Modification MEDIUM" "pagelayer 1.9.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.9.0 Admin+.Stored.XSS LOW" "pagelayer 1.8.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.8.8 Admin+.Stored.XSS LOW" "pagelayer 1.8.2 Missing.Authorization MEDIUM" "pagelayer 1.8.5 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.Attributes MEDIUM" "pagelayer 1.8.3 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.0 Author+.Stored.XSS LOW" "pagelayer 1.7.9 Contributor+.Stored.XSS MEDIUM" "pagelayer 1.8.1 Admin+.Stored.XSS LOW" "pagelayer 1.7.7 Unauthenticated.Stored.XSS HIGH" "pagelayer 1.7.8 Author+.Stored.XSS MEDIUM" "pagelayer 1.7.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pagelayer 1.3.5 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.CSRF.leading.to.XSS HIGH" "pagelayer 1.1.2 Drag.and.Drop.website.builder.<.1.1.2.-.Unprotected.AJAX's.leading.to.XSS HIGH" "product-shipping-countdown-free-version No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "product-shipping-countdown-free-version No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pricetable No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "portugal-ctt-tracking-woocommerce 2.2 Reflected.Cross-Site.Scripting MEDIUM" "portfolio-gallery 2.1.11 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "preloader-for-divi 1.5 Reflected.Cross-Site.Scripting MEDIUM" "preloader-for-divi 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "portfolio-filter-gallery 1.6.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "portfolio-filter-gallery 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "protect-admin-account 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "pilotpress 2.0.31 Subscriber+.Report.Access.&.DB.Transients.Purging MEDIUM" "post-slider-and-carousel 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "post-slider-and-carousel 2.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "participants-database 2.5.9.3 Unauthenticated.PHP.Object.Injection HIGH" "participants-database 2.5.6 Missing.Authorization MEDIUM" "participants-database 1.9.5.6 Authenticated.Time.Based.SQL.Injection HIGH" "participants-database 1.7.5.10 Cross-Site.Scripting MEDIUM" "participants-database 1.5.4.9 Unauthenticated.SQL.Injection CRITICAL" "polldaddy No.known.fix Cross-Site.Request.Forgery MEDIUM" "polldaddy 3.1.0 Reflected.Cross-Site.Scripting HIGH" "polldaddy 3.1.0 Rating.Update.via.CSRF MEDIUM" "polldaddy 3.0.10 Contributor+.Rating.Settings.Update MEDIUM" "polldaddy 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "pdfjs-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "posts-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "perfect-pullquotes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "point-maker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "point-maker 0.1.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "post-lockdown 4.0.3 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Disclosure MEDIUM" "pathomation No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pathomation No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "pay-addons-for-elementor 1.2.1 Reflected.Cross-Site.Scripting MEDIUM" "pirate-forms 2.6.0 Admin+.Stored.XSS LOW" "pirate-forms 2.6.0 Admin+.Stored.XSS LOW" "pirate-forms 2.6.1 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "pirate-forms 2.5.2 HTML.Injection.&.CSRF MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "pickup-and-delivery-from-customer-locations-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "pmpro-payfast 1.4.2 Unauthenticated.Information.Exposure MEDIUM" "pop-up-pop-up 1.2.0 Subscriber+.Plugin.Installation MEDIUM" "pop-up-pop-up 1.2.0 Plugin.Installation.via.CSRF MEDIUM" "pop-up-pop-up 1.1.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "plugnedit 6.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "post-page-notes No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "paid-memberships-pro 3.0.6 Authenticated.(Administrator+).SQL.Injection CRITICAL" "paid-memberships-pro 3.0.5 Unauthenticated.Insecure.Direct.Object.Reference.to.Order.Status.Update MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery.to.Membership.Modification MEDIUM" "paid-memberships-pro 3.0.2 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 3.0 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.9 Contributor+.Arbitrary.User.Custom.Field.Disclosure MEDIUM" "paid-memberships-pro 2.12.8 Cross-Site.Request.Forgery MEDIUM" "paid-memberships-pro 2.12.7 Information.Exposure.in.Debug.Logs MEDIUM" "paid-memberships-pro 2.12.6 Missing.Authorization.via.API MEDIUM" "paid-memberships-pro 2.12.4 Subscriber+.Arbitrary.File.Upload HIGH" "paid-memberships-pro 2.9.12 Subscriber+.SQL.Injection HIGH" "paid-memberships-pro 2.9.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "paid-memberships-pro 2.9.8 Unauthenticated.SQLi HIGH" "paid-memberships-pro 2.6.7 Unauthenticated.Blind.SQL.Injection CRITICAL" "paid-memberships-pro 2.6.6 Reflected.Cross-Site.Scripting HIGH" "paid-memberships-pro 2.5.10 Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.5.6 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.5.3 Unauthorised.Order.Information.Disclosure MEDIUM" "paid-memberships-pro 2.5.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "paid-memberships-pro 2.4.3 Arbitrary.Settings.Update.via.CSRF MEDIUM" "paid-memberships-pro 2.4.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "paid-memberships-pro 2.3.3 Authenticated.SQL.Injection MEDIUM" "paid-memberships-pro 2.0.6 Authenticated.Open.Redirect MEDIUM" "pretty-grid 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "post-timeline 2.3.10 Reflected.XSS HIGH" "post-timeline 2.3.10 Reflected.Cross-Site.Scripting MEDIUM" "post-timeline 2.2.6 Reflected.XSS HIGH" "payment-forms-for-paystack No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "payment-forms-for-paystack 4.0.0 Contributor+.Stored.XSS MEDIUM" "presto-player 3.0.3 Missing.Authorization MEDIUM" "presto-player 2.2.3 Contributor+.Stored.XSS MEDIUM" "paygreen-payment-gateway 1.0.27 Reflected.Cross-Site.Scripting MEDIUM" "post-views-stats No.known.fix Reflected.Cross-Site.Scripting.via.from.and.to MEDIUM" "postman-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "postmash No.known.fix Reflected.Cross-Site.Scripting.via.m MEDIUM" "postmash No.known.fix Unauthenticated.SQL.Injection CRITICAL" "pojo-forms 1.4.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.via.form_preview_shortcode MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.10 Reflected.Cross-Site.Scripting MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "premmerce-woocommerce-wholesale-pricing 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "personalization-by-flowcraft No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "product-lister-walmart No.known.fix Unauthenticated.RCE.via.Outdated.PHPUnit CRITICAL" "post-smtp 3.1.3 Authenticated.(Administrator+).SQL.Injection.via.columns.Parameter MEDIUM" "post-smtp 3.1.0 Unauthenticated.Stored.XSS HIGH" "post-smtp 2.9.12 Missing.Authorization.via.regenerate_qrcode() MEDIUM" "post-smtp 2.9.10 Admin+.SQLi MEDIUM" "post-smtp 2.9.4 Administrator+.SQL.Injection MEDIUM" "post-smtp 2.8.8 Authorization.Bypass.via.type.connect-app.API CRITICAL" "post-smtp 2.8.8 Unauthenticated.Stored.Cross-Site.Scripting.via.device HIGH" "post-smtp 2.8.7 Admin+.SQL.Injection MEDIUM" "post-smtp 2.8.7 Reflected.Cross-Site.Scripting HIGH" "post-smtp 2.7.1 Unauthenticated.Cross-site.Scripting HIGH" "post-smtp 2.6.1 Authenticated.(Administrator+).SQL.Injection HIGH" "post-smtp 2.5.8 Reflected.Cross-Site.Scripting MEDIUM" "post-smtp 2.5.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Contents HIGH" "post-smtp 2.5.7 Account.Takeover.via.CSRF MEDIUM" "post-smtp 2.5.7 Arbitrary.Log.Deletion.via.CSRF MEDIUM" "post-smtp 2.1.7 Admin+.Blind.SSRF LOW" "post-smtp 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "post-smtp 2.0.21 CSRF.Nonce.Bypass MEDIUM" "phpinfo-wp 6.0 Unauthenticated.Information.Exposure MEDIUM" "pixnet No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "post-meta 1.1.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ploxel 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "persian-nested-showhide-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pago-redsys-tpv-grafreak 1.0.13 Reflected.Cross-Site.Scripting MEDIUM" "photoshow 1.0.19 Update/Delete.Google.API.Key.via.CSRF MEDIUM" "progressive-wp No.known.fix Missing.Authorization MEDIUM" "post-ideas No.known.fix Unauthenticated.SQL.Injection HIGH" "post-type-x 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.show_products.Shortcode MEDIUM" "post-type-x 1.7.7 Sensitive.Information.Exposure.via.Product.CSV MEDIUM" "post-type-x 1.7.6 Cross-Site.Request.Forgery.via.ic_system_status MEDIUM" "post-type-x 1.7.0 Reflected.XSS HIGH" "post-type-x 1.5.13 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "post-type-x 1.5.13 Cross-Site.Request.Forgery MEDIUM" "payplus-payment-gateway 7.0.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "payplus-payment-gateway 6.6.9 Reflected.Cross-Site.Scripting MEDIUM" "payplus-payment-gateway 6.6.9 Unauthenticated.SQLi HIGH" "powerpack-elements 2.10.15 Contributor+.Privilege.Escalation HIGH" "powerpack-elements 2.10.18 Authenticated.(Contributor+).Privilege.Escalation HIGH" "powerpack-elements 2.10.8 Missing.Authorization.to.Settings.Reset HIGH" "powerpack-elements 2.10.8 Cross-Site.Request.Forgery.to.Plugin.Settings.Modification.and.Cross-Site.Scripting MEDIUM" "powerpack-elements 2.9.24 Reflected.Cross-Site.Scripting MEDIUM" "press-elements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "press-elements No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "press-elements No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "prodigy-commerce 3.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "prodigy-commerce 3.1.3 Missing.Authorization LOW" "protect-your-content No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "powerkit 2.9.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "powerkit 2.5.9 Post.Views.Settings.Update/Reset.via.CSRF MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Missing.Authorization.via.showTemplatePreview() MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.6 Cross-Site.Request.Forgery.to.Cross-Site.Scripting.via.process.php MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Unauthenticated.WC.Order.Data.Access MEDIUM" "print-google-cloud-print-gcp-woocommerce 4.5.4 Printer.Settings.Update.via.CSRF MEDIUM" "prdctfltr 8.2.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "pardot 2.1.1 Missing.Authorization MEDIUM" "plausible-analytics 1.3.4 Reflected.XSS HIGH" "plausible-analytics 1.2.4 Subscriber+.Arbitrary.Settings.Update MEDIUM" "plausible-analytics 1.2.3 Admin+.Stored.Cross-Site.Scripting MEDIUM" "post-expirator 2.6.0 Contributor+.Arbitrary.Post.Schedule.Deletion HIGH" "power-forms-builder No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "propertyshift No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pz-frontend-manager 1.0.6 CSRF.change.user.profile.picture MEDIUM" "pure-css-circle-progress-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pretty-simple-popup-builder 1.0.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "pretty-simple-popup-builder 1.0.10 Admin+.Stored.XSS LOW" "pretty-simple-popup-builder 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "popups 1.8 Reflected.Cross-Site.Scripting MEDIUM" "popups No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "pretty-google-calendar 2.0.0 Contributor+.Stored.XSS MEDIUM" "pretty-google-calendar 1.6.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.pretty_google_calendar.shortcode MEDIUM" "photographer-directory 1.0.9 Subscriber+.Privilege.Escalation CRITICAL" "plainview-activity-monitor 20180826 Remote.Command.Execution.(RCE) HIGH" "pop-up No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "paypal-promotions-and-insights No.known.fix Missing.Authorization MEDIUM" "pdf-for-woocommerce 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pz-linkcard 2.5.3 Reflected.XSS HIGH" "pz-linkcard 2.5.3 Admin+.Stored.XSS LOW" "pz-linkcard 2.5.3 Contributor+.SSRF LOW" "pz-linkcard 2.5.3 Caching.Management.via.CSRF MEDIUM" "pz-linkcard 2.4.5.3 Reflected.Cross-Site.Scripting MEDIUM" "pets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "pets 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-chat No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "quick-chat 4.00 SQL.Injection CRITICAL" "qodeblock No.known.fix Missing.Authorization MEDIUM" "qodeblock No.known.fix Missing.Authorization.to.Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "quick-event-manager 9.8.5.3 Reflected.Cross-Site.Scripting MEDIUM" "quick-event-manager 9.6.5 Admin+.Stored.XSS LOW" "quick-event-manager 9.7.5 Registration.Deletion/Update.via.CSRF MEDIUM" "quick-event-manager 9.7.5 Unauthenticated.Stored.XSS HIGH" "quick-event-manager 9.7.5 Reflected.Cross-Site HIGH" "quick-event-manager 9.2.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-license-manager 2.4.18 Reflected.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.0.6.8 Reflected.Cross-Site.Scripting MEDIUM" "quick-contact-form 8.0.4 Admin+.Stored.XSS LOW" "quick-contact-form 8.0.4 Contributor+.Stored.XSS MEDIUM" "quick-contact-form 8.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-adsense-reloaded 2.0.85 Missing.Authorization MEDIUM" "quote-requests-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-requests-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qr-twitter-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "qode-instagram-widget 2.0.2 Open.Redirect HIGH" "qode-twitter-feed 2.0.1 Open.Redirect HIGH" "quick-subscribe No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "qyrr-code 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "qyrr-code 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qyrr-code 0.7 Authenticated.(contributor+).Stored.XSS MEDIUM" "quote-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quote-press No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quote-tweet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "quizlord No.known.fix Admin+.Stored.XSS LOW" "qt-kentharadio 2.0.2 Unauthenticated.RFI.and.SSRF MEDIUM" "quran-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "q2w3-inc-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "qr-code-tag No.known.fix Contributor+.Stored.XSS MEDIUM" "quizzin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "qrmenu-lite No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "quick-count No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "quote-o-matic No.known.fix Admin+.SQLi MEDIUM" "quick-adsense 2.8.2 Subscriber+.Post.Stats.Reset MEDIUM" "quick-pagepost-redirect-plugin 5.2.4 Admin+.Stored.XSS LOW" "quick-pagepost-redirect-plugin 5.2.0 Authenticated.Settings.Update CRITICAL" "quick-restaurant-reservations 1.5.5 CSRF MEDIUM" "quick-restaurant-reservations 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "qards No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quote-me No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quickiebar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quiz-maker 8.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 21.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 31.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 31.8.0.100 Reflected.DOM.XSS.via.content HIGH" "quiz-maker 8.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 21.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 21.8.0.100 Unauthenticated.SQL.Injection.via.id HIGH" "quiz-maker 8.8.0.100 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "quiz-maker 31.8.0.100 Unauthenticated.Stored.XSS HIGH" "quiz-maker 6.5.9.9 Admin+.Stored.XSS LOW" "quiz-maker 6.5.8.4 Unauthenticated.SQL.Injection.via.'ays_questions'.Parameter CRITICAL" "quiz-maker 6.5.2.5 Missing.Authorization.to.Unauthenticated.Quiz.Data.Retrieval MEDIUM" "quiz-maker 6.5.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Quiz.Creation.&.Modification MEDIUM" "quiz-maker 6.5.0.6 Denial.of.Service MEDIUM" "quiz-maker 6.5.1.2 Missing.Authorization MEDIUM" "quiz-maker 6.4.9.5 Unauthenticated.Email.Address.Disclosure MEDIUM" "quiz-maker 6.4.9.5 Reflected.Cross-Site.Scripting HIGH" "quiz-maker 6.4.2.7 Reflected.XSS MEDIUM" "quiz-maker 6.2.0.9 Multiple.Authenticated.Blind.SQL.Injections HIGH" "quicksand-jquery-post-filter No.known.fix Missing.Authorization.via.quicksand_admin_ajax CRITICAL" "quicksand-jquery-post-filter No.known.fix Cross-Site.Request.Forgery.via.renderAdmin MEDIUM" "quick-edit-template-link No.known.fix Cross-Site.Request.Forgery MEDIUM" "quick-view-and-buy-now-for-woocommerce 1.5.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Custom.CSS.Code MEDIUM" "qtranslate-slug No.known.fix CSRF.Bypass.in.Multiple.Plugins MEDIUM" "qtranslate-slug No.known.fix Cross-Site.Request.Forgery MEDIUM" "qa-heatmap-analytics 4.1.1.2 Unauthenticated.Settings.Update MEDIUM" "quotes-for-woocommerce 2.0.2 Missing.Authorization MEDIUM" "quotes-for-woocommerce 2.0.2 Quote.Status.Update./.Quote.Sending.via.CSRF MEDIUM" "quadmenu 2.0.7 Unauthenticated.RCE.via.compiler_save CRITICAL" "quttera-web-malware-scanner 3.4.2.1 Admin+.Path.Traversal MEDIUM" "quttera-web-malware-scanner 3.4.2.1 Directory.Listing.to.Sensitive.Data.Exposure MEDIUM" "quick-learn No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "quran-text-multilanguage 2.3.22 Reflected.Cross-Site.Scripting.via.sourate.and.lang.Parameters MEDIUM" "querywall No.known.fix Admin+.SQLi MEDIUM" "quickswish 1.1.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "quiz-master-next 9.2.1 Author+.Stored.XSS MEDIUM" "quiz-master-next 9.1.3 Author+.Stored.XSS MEDIUM" "quiz-master-next 9.1.1 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.1.0 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Contributor+.SQLi MEDIUM" "quiz-master-next 9.0.2 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 9.0.2 Authenticated.(Contributor+).SQL.Injection CRITICAL" "quiz-master-next 8.2.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.17 Unauthenticated.Unauthorised.Action MEDIUM" "quiz-master-next 8.1.19 Quiz.Results.Deletion.via.CSRF MEDIUM" "quiz-master-next 8.1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 8.1.19 Multiple.Cross-Site.Request.Forgery MEDIUM" "quiz-master-next 8.1.16 Cross-Site.Request.Forgery.via.'display_results' MEDIUM" "quiz-master-next 8.1.11 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 8.0.8 Text.Message.Setting.Update.via.CSRF MEDIUM" "quiz-master-next 8.0.9 Unauthenticated.Arbitrary.Media.File.Delete MEDIUM" "quiz-master-next 8.0.5 Improper.Input.Validation MEDIUM" "quiz-master-next 8.0.5 Unauthenticated.iFrame.Injection HIGH" "quiz-master-next 7.3.7 Multiple.Author+.IDOR LOW" "quiz-master-next 7.3.11 Sensitive.Information.Disclosure MEDIUM" "quiz-master-next 7.3.11 Subscriber+.XSS MEDIUM" "quiz-master-next 7.3.5 Admin+.SQL.Injection MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Contributor+.Stored.XSS MEDIUM" "quiz-master-next 7.3.11 Bypass MEDIUM" "quiz-master-next 7.3.5 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.5 Quiz.Update.via.IDOR LOW" "quiz-master-next 7.3.7 CSRF MEDIUM" "quiz-master-next 7.3.7 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.7 Reflected.Cross-Site.Scripting MEDIUM" "quiz-master-next 7.3.2 Admin+.Stored.Cross-Site.Scripting LOW" "quiz-master-next 7.1.14 Reflected.Cross-Site.Scripting HIGH" "quiz-master-next 7.1.18 Reflected.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.19 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 7.1.14 Authenticated.SQL.injection.via.Rest.API HIGH" "quiz-master-next 7.1.12 Authenticated.SQL.injection.via.shortcode HIGH" "quiz-master-next 7.0.2 Unauthenticated.Arbitrary.File.Upload HIGH" "quiz-master-next 7.0.1 Unauthenticated..Arbitrary.File.Deletion CRITICAL" "quiz-master-next 7.0.1 Arbitrary.File.Upload CRITICAL" "quiz-master-next 7.0.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "quiz-master-next 6.3.5 Authenticated.Reflected.XSS HIGH" "quiz-master-next 6.2.2 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "quiz-master-next 4.7.9 Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "quiz-master-next 4.4.4 Authenticated.Blind.SQL.Injection MEDIUM" "qubely 1.8.14 Contributor+.Sensitive.Information.Exposure LOW" "qubely 1.8.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'align'.and.'UniqueID' MEDIUM" "qubely 1.8.6 Unauthenticated.Arbitrary.E-mail.Sending MEDIUM" "qubely 1.8.5 Contributor+.Stored.XSS MEDIUM" "qubely 1.8.1 Authenticated.Arbitrary.Settings.Update MEDIUM" "qubely 1.7.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "qi-blocks 1.3.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-blocks 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-blocks 1.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "qe-seo-handyman No.known.fix Admin+.SQLi MEDIUM" "quotes-collection No.known.fix Admin+.SQL.Injection MEDIUM" "quotes-collection 2.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quiz-expert No.known.fix Cross-Site.Request.Forgery MEDIUM" "qr-code-composer 2.0.4 Subscriber+.Stored.XSS HIGH" "qi-addons-for-elementor 1.8.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qi-addons-for-elementor 1.8.1 Sensitive.Information.Exposure MEDIUM" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-addons-for-elementor 1.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "qi-addons-for-elementor 1.7.1 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.8 Contributor+.Stored.XSS MEDIUM" "qi-addons-for-elementor 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qi-addons-for-elementor 1.6.5 Contributor+.Stored.XSS MEDIUM" "qqworld-auto-save-images No.known.fix Missing.Authorization.to.Arbitrary.Post.Content.Retrieval MEDIUM" "quotes-and-tips 1.45 Admin+.Arbitrary.File.Upload MEDIUM" "quotes-and-tips 1.32 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "quotes-and-tips 1.20 Cross-Site.Scripting.(XSS) MEDIUM" "quick-affiliate-store No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qmean No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "query-wrangler 1.5.52 Reflected.XSS HIGH" "qs-dark-mode 3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "quillforms 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quillforms 3.4.0 Cross-Site.Request.Forgery MEDIUM" "qrcode-wprhe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-restaurant-menu 2.1.0 Subscriber+.Arbitrary.Post.Deletion/Updating MEDIUM" "quick-restaurant-menu 2.1.0 .Menu.Items.Update.via.CSRF MEDIUM" "quick-restaurant-menu 2.1.0 Admin+.Stored.XSS LOW" "quick-orders-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-orders-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "quick-featured-images 13.7.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Thumbnail.Deletion/Setting MEDIUM" "quotes-llama 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 3.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quotes-llama 1.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "quiz-tool-lite No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "quiz-cat 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "quote-comments No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "quick-interest-slider 2.9.5 Cross-Site.Request.Forgery MEDIUM" "quick-interest-slider 2.9.4 Admin+.Stored.XSS LOW" "quick-audio-player No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "quick-audio-player No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "quick-paypal-payments 5.7.28 Reflected.Cross-Site.Scripting MEDIUM" "quick-paypal-payments 5.7.26.4 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.26 Contributor+.Stored.XSS MEDIUM" "quick-paypal-payments 5.7.26 Unauthenticated.Stored.XSS HIGH" "quick-paypal-payments 5.7.26 Unauthenticated.Payment.Message.Deletion/Update MEDIUM" "quick-paypal-payments 5.7.26 Admin+.Stored.XSS LOW" "quick-paypal-payments 5.7.22 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "qr-code-and-barcode-scanner-reader No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "q2w3-post-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "qwiz-online-quizzes-and-flashcards 3.62 Admin+.Stored.Cross.Site.Scripting LOW" "quiz-organizer No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "quick-call-button No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "quran-phrases-about-most-people-shortcodes 1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quick-code No.known.fix Stored.XSS.via.CSRF HIGH" "quotemedia-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "qr-redirector 1.6 Subscriber+.Arbitrary.QR.Redirect.Response.Status.Update MEDIUM" "qr-redirector 1.6.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "qtranslate-x No.known.fix Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "qtranslate-x 3.4.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "quote-post-type-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "quform 2.21.0 WordPress.Form.Builder.<.2.21.0.-.Unauthenticated.Sensitive.Information.Exposure MEDIUM" "quietly-insights No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "qubotchat 1.1.6 Unauthenticated.Stored.XSS HIGH" "qubotchat 1.1.6 Qubotchat.<.1,1,6.–.Admin+.Stored.XSS LOW" "quasar-form No.known.fix Subscriber+.SQLi HIGH" "qode-essential-addons 1.6.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "qode-essential-addons 1.5.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation MEDIUM" "responsive-client-logo-carousel-slider 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restrict-taxonomies No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "random-sorting-order-for-woocommerce No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rapid-cache No.known.fix Unauthenticated.Cache.Poisoning HIGH" "real-cookie-banner 3.4.10 Contributor+.Stored.XSS MEDIUM" "real-cookie-banner 2.18.2 Reflected.Cross-Site.Scripting MEDIUM" "real-cookie-banner 2.14.2 Settings.Reset.via.CSRF MEDIUM" "r-animated-icon No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "rccp-free No.known.fix Stored.XSS.via.CSRF HIGH" "rich-snippets-vevents No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "real3d-flipbook-lite 4.8.5 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "real3d-flipbook-lite 3.72 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real3d-flipbook-lite 3.63 Reflected.Cross-Site.Scripting MEDIUM" "root-cookie No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.8.8 Authenticated.(Administrator+).SQL.Injection HIGH" "redirect-404-error-page-to-homepage-or-custom-page 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "redirect-404-error-page-to-homepage-or-custom-page 1.7.9 Log.Deletion.via.CSRF MEDIUM" "recapture-for-woocommerce 1.0.44 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "restrict-for-elementor 1.0.8 Protection.Mechanism.Bypass MEDIUM" "restrict-for-elementor 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resize-at-upload-plus No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "rate-limiting-for-contact-form-7 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rate-my-post 4.2.5 Unauthenticated.Voting.On.Scheduled.Posts MEDIUM" "rate-my-post 3.4.5 Insecure.Direct.Object.Reference MEDIUM" "rate-my-post 3.4.3 IP.Spoofing MEDIUM" "rate-my-post 3.3.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "rate-my-post 3.3.5 Cross-Site.Request.Forgery MEDIUM" "rate-my-post 3.3.5 Subscriber+.Votes.Tampering.via.Race.Condition MEDIUM" "reverbnation-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "review-widgets-for-tripadvisor 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "relicwp-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "really-simple-ssl-pro 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "reviews-feed 1.2.0 Cross-Site.Request.Forgery MEDIUM" "reviews-feed 1.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "rabbit-loader 2.21.1 Reflected.Cross-Site.Scripting MEDIUM" "rabbit-loader 2.19.14 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "rightmessage No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rise-blocks 3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TitleTag.Parameter MEDIUM" "rise-blocks 3.2 Cross-Site.Request.Forgery MEDIUM" "rsfirewall 1.1.25 IP.Block.Bypass MEDIUM" "rac No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "ruby-help-desk 1.3.4 Subscriber+.Ticket.Update.via.IDOR MEDIUM" "rating-bws 1.6 Rating.Denial.of.Service MEDIUM" "rating-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "random-featured-post-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "responsive-filterable-portfolio 1.0.9 Authenticated.(Admin+).SQL.Injection MEDIUM" "responsive-filterable-portfolio 1.0.23 Server-Side.Request.Forgery MEDIUM" "responsive-filterable-portfolio 1.0.20 Reflected.XSS HIGH" "rt-easy-builder-advanced-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 2.1 Missing.Authorization MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.9 Reflected.Cross-Site.Scripting MEDIUM" "rt-easy-builder-advanced-addons-for-elementor 1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reusable-text-blocks No.known.fix Author+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "relevant 1.2.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "relevant 1.0.8 Cross-Site.Scripting.(XSS) MEDIUM" "rocket-maintenance-mode 4.4 Admin+.Stored.XSS LOW" "rocket-maintenance-mode 4.4 Reflected.Cross-Site.Scripting MEDIUM" "rocket-maintenance-mode 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rucy No.known.fix CSRF.Bypass MEDIUM" "rucy No.known.fix Cross-Site.Request.Forgery MEDIUM" "romancart-on-wordpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).SQL.Injection CRITICAL" "responsive-horizontal-vertical-and-accordion-tabs 1.1.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.XSS HIGH" "responsive-horizontal-vertical-and-accordion-tabs 1.1.16 Reflected.Cross-Site.Scripting MEDIUM" "radslide No.known.fix Missing.Authorization MEDIUM" "rara-one-click-demo-import 1.3.0 Arbitrary.File.Upload.via.CSRF HIGH" "rig-elements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "real-kit 5.1.1 Contributor+.Stored.XSS MEDIUM" "regpack No.known.fix Admin+.Stored.XSS LOW" "readme-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reaction-buttons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "rock-convert 3.0.0 Admin+.Stored.XSS LOW" "rock-convert 2.11.0 Admin+.Stored.Cross-Site.Scripting LOW" "rock-convert 2.6.0 Reflected.Cross-Site.Scripting MEDIUM" "responsive-coming-soon 2.2.2 Maintenance.Mode.Bypass MEDIUM" "responsive-coming-soon 1.8.2 Arbitrary.Settings.Reset MEDIUM" "responsive-header-image-slider No.known.fix Contributor+.Stored.XSS MEDIUM" "rss-in-page No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remember-me-controls 2.1 Unauthenticated.Full.Path.Disclosure MEDIUM" "replace-image 1.1.11 Insecure.Direct.Object.Reference MEDIUM" "rss-feed-widget 3.0.1 Reflected.XSS MEDIUM" "rss-feed-widget 3.0.0 Contributor+.Stored.XSS MEDIUM" "rss-feed-widget 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rfw-youtube-videos.Shortcode MEDIUM" "rss-feed-widget 2.9.8 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "rss-feed-widget 2.8.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "rocket-media-library-mime-type No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "related-post 2.0.60 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "related-post 2.0.59 Sensitive.Information.Exposure MEDIUM" "related-post 2.0.54 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "request-a-quote 2.4.1 Admin+.Stored.XSS LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.9 Admin+.Stored.Cross-Site.Scripting LOW" "request-a-quote 2.3.4 Authenticated.Stored.XSS MEDIUM" "rw-divi-unite-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rw-divi-unite-gallery No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rw-divi-unite-gallery No.known.fix Security.Bypass.via.Outdated.Freemius CRITICAL" "rduplicator No.known.fix Contributor+.SQLi HIGH" "rest-routes 5.5.4 Reflected.Cross-Site.Scripting MEDIUM" "rest-routes 4.24.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "remove-footer-credit 1.0.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "remove-footer-credit 1.0.11 Admin+.Stored.Cross-Site.Scripting LOW" "remove-footer-credit 1.0.6 CSRF.to.Stored.Cross-Site.Scripting HIGH" "rich-web-share-button No.known.fix Unauthenticated.SQL.Injection CRITICAL" "rich-web-share-button No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "required-taxonomies 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "required-taxonomies 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "realty 1.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realty 1.1.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "run-time-image-resizing No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "run-time-image-resizing No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "remove-slug-from-custom-post-type No.known.fix Settings.Update.via.CSRF MEDIUM" "ratemyagent-official 1.5.0 Cross-Site.Request.Forgery.to.API.Key.Update MEDIUM" "real-estate-manager No.known.fix CAPTCHA.Bypass MEDIUM" "real-estate-manager No.known.fix Subscriber+.Privilege.Escalation HIGH" "real-estate-manager 7.0 Subscriber+.Settings.Update MEDIUM" "rometheme-for-elementor 1.5.3 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.5.3 Contributor+.Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "rometheme-for-elementor 1.5.4 Missing.Authorization.in.save_options.and.reset_widgets MEDIUM" "rometheme-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rometheme-for-elementor 1.4.2 Missing.Authorization MEDIUM" "rometheme-for-elementor 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rename-media-files No.known.fix Authenticated.(Contributor+).Remote.Code.Execution HIGH" "recurwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurwp No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revisionary 3.5.16 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "revisionary 3.5.15 Reflected.Cross-Site.Scripting MEDIUM" "royal-core No.known.fix Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "real-wp-shop-lite No.known.fix Admin+.Stored.XSS LOW" "review-widgets-for-booking-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "resume-upload-form No.known.fix Captcha.Bypass MEDIUM" "redirect-by-cookie 1.07 Reflected.Cross-Site.Scripting MEDIUM" "radio-station 2.5.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "radio-station 2.5.0 Reflected.XSS HIGH" "radio-station 2.5.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-station 2.4.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "really-simple-featured-video 0.7.2 Reflected.Cross-Site.Scripting MEDIUM" "really-simple-featured-video 0.5.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "relais-2fa No.known.fix Authentication.Bypass CRITICAL" "responsive-gallery-grid 2.3.15 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.11 Admin+.Stored.XSS LOW" "responsive-gallery-grid 2.3.14 Settings.Update.via.CSRF MEDIUM" "responsive-gallery-grid 2.3.9 Contributor+.Stored.XSS MEDIUM" "rsv-google-maps No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.19 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "revslider 6.7.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Elementor.wrapperid.and.zindex MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Add.Layer.class,.id,.and.title.Attributes MEDIUM" "revslider 6.7.11 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.7.0 Missing.Authorization MEDIUM" "revslider 6.7.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.htmltag.Parameter MEDIUM" "revslider 6.7.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.19 Author+.Insecure.Deserialization.leading.to.RCE HIGH" "revslider 6.6.16 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "revslider 6.6.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revslider 6.6.13 Author+.Remote.Code.Execution MEDIUM" "revslider 4.1.5 Local.File.Disclosure HIGH" "revslider 3.0.96 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "real-time-auto-find-and-replace 1.6.8 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "real-time-auto-find-and-replace 1.6.2 Unauthenticated.PHP.Object.Injection HIGH" "real-time-auto-find-and-replace 1.3.6 Admin+.SQLi MEDIUM" "real-time-auto-find-and-replace 1.2.9 Reflected.Cross-Site.Scripting HIGH" "rs-members No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "rankbear No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rankbear No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "related-youtube-videos 1.9.9 CSRF.&.XSS HIGH" "really-simple-google-tag-manager 1.0.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "random-image-selector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "rebrand-fluent-forms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "restrict-anonymous-access 1.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "relevanssi-premium 2.25.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi-premium 2.25 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "relevanssi-premium 2.25.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi-premium 2.16.5 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi-premium 1.14.6.1 SQL.Injection.&.PHP.Object.Injection HIGH" "responsive-owl-carousel-elementor 1.2.1 Local.File.Inclusion HIGH" "review-widgets-for-arukereso 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "rrdevs-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "risk-warning-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "racar-clear-cart-for-woocommerce 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "razorpay-subscription-button-elementor No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.and.remove_query_arg.Functions MEDIUM" "read-more No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Read.More.Button.Deletion MEDIUM" "read-more No.known.fix Cross-Site.Request.Forgery MEDIUM" "restrict-content 3.2.14 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restrict-content 3.2.9 Missing.Authorization MEDIUM" "restrict-content 3.2.8 Information.Exposure.via.legacy.log.file MEDIUM" "restrict-content 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "restrict-content 3.2.3 Restrict.Content.<.3.2.3.-.Reflected.XSS HIGH" "realty-workstation No.known.fix Missing.Authorization MEDIUM" "realty-workstation No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "realty-workstation 1.0.15 Agent.SQLi HIGH" "recently-viewed-most-viewed-and-sold-products-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "rencontre 3.11.2 Subscriber+.PHP.Object.Injection HIGH" "rencontre 3.11 Privilege.Escalation CRITICAL" "rencontre 3.11 Unauthenticated.Arbitrary.File.Upload CRITICAL" "rencontre 3.2.3 Multiple.CSRF CRITICAL" "realia No.known.fix User.Email.Change.via.Cross-Site.Request.Forgery HIGH" "realia No.known.fix Unauthenticated.IDOR.leading.to.Arbitrary.Post.Deletion HIGH" "relevanssi-live-ajax-search 2.5 Unauthenticated.WP_Query.Argument.Injection MEDIUM" "reach-us-contact-form No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reach-us-contact-form No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reach-us-contact-form No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "role-scoper 1.3.67 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "rsvpmaker 11.4.6 Missing.Authorization MEDIUM" "rsvpmaker 10.6.7 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') LOW" "rsvpmaker 9.9.4 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') CRITICAL" "rsvpmaker 10.6.7 Admin+.Stored.XSS HIGH" "rsvpmaker 10.6.7 Unauthenticated.PHP.Object.Injection HIGH" "rsvpmaker 10.6.7 Unauthenticated.Stored.XSS HIGH" "rsvpmaker 10.5.5 Admin+.SQL.Injection.(SQLi) HIGH" "rsvpmaker 9.2.7 Unauthenticated.SQLi MEDIUM" "rsvpmaker 9.2.6 Unauthenticated.SQLi CRITICAL" "rsvpmaker 8.7.3 Authenticated.(admin+).SSRF HIGH" "rsvpmaker 7.8.2 Unauthenticated.SQL.Injection HIGH" "rsvpmaker 6.2 SQL.Injection CRITICAL" "rss-control 3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "rss-control 2.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "removehide-author-date-category-like-entry-meta No.known.fix Settings.Update.via.CSRF MEDIUM" "relevanssi 4.23.1 Contributor+.Stored.XSS MEDIUM" "relevanssi 4.23.0 Unauthenticated.Information.Exposure MEDIUM" "relevanssi 4.22.2 Missing.Authorization.to.Unauthenticated.Count.Option.Update MEDIUM" "relevanssi 4.22.1 Unauthenticated.Query.Log.Export MEDIUM" "relevanssi 4.22.0 Unauthenticated.Private/Draft.Post.Disclosure MEDIUM" "relevanssi 4.14.6 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "relevanssi 4.14.3 A.Better.Search.<.4.14.3.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "relevanssi 4.0.5 Cross-Site.Scripting.(XSS) MEDIUM" "relevanssi 3.6.1 Authenticated.Admin.SQL.Injection MEDIUM" "realtycandy-idx-broker-extended No.known.fix Cross-Site.Request.Forgery MEDIUM" "require-taxonomy-image-category-tag 1.27 Reflected.Cross-Site.Scripting MEDIUM" "rover-idx 3.0.0.2905 Authenticated.(Subscriber+).Missing.Authorization.via.Multiple.Functions MEDIUM" "rover-idx 3.0.0.2906 Authenticated.(Subscriber+).Authentication.Bypass.to.Administrator HIGH" "restaurant-solutions-checklist No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "rocket-wp-mobile No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "real-estate-listing-realtyna-wpl 4.14.14 Admin+.Arbitrary.File.Upload MEDIUM" "real-estate-listing-realtyna-wpl 4.14.8 Reflected.XSS HIGH" "real-estate-listing-realtyna-wpl 4.14.8 Unauthenticated.SQLi HIGH" "reviewx 1.6.29 Insufficient.Rating.Validation MEDIUM" "reviewx 1.6.28 Missing.Authorization MEDIUM" "reviewx 1.6.22 Missing.Authorization MEDIUM" "reviewx 1.6.23 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reviewx 1.6.14 Subscriber+.Privilege.Escalation HIGH" "reviewx 1.6.4 Subscriber+.SQLi HIGH" "reviewx 1.2.9 Unauthorised.AJAX.call.via.CSRF MEDIUM" "responsive-tabs 4.0.11 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 4.0.7 Contributor+.Stored.XSS MEDIUM" "responsive-tabs 2.2.7 Editor+.Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-tabs 4.0.6 Authenticated.(Contributor+).Content.Injection MEDIUM" "responsive-tabs 4.0.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "reftagger-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rsv-pdf-preview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "randomize No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "remove-schema 1.6 Cross-Site.Request.Forgery MEDIUM" "remove-schema 1.6 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "responsive-coming-soon-page No.known.fix Unauthenticated.Information.Exposure MEDIUM" "responsive-coming-soon-page 1.6.0 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') HIGH" "recently 3.0.5 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "recently 3.0.5 Authenticated.Code.Injection HIGH" "rescue-shortcodes 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.rescue_progressbar.Shortcode MEDIUM" "rescue-shortcodes 2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rescue-shortcodes 2.6 Contributor+.Stored.XSS MEDIUM" "robin-image-optimizer 1.7.0 Missing.Authorization MEDIUM" "rest-api-fns No.known.fix Privilege.Escalation CRITICAL" "rest-api-fns No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "rlm-elementor-widgets-pack 1.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rocket-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "registrations-for-the-events-calendar 2.13.4 Admin+.Stored.XSS LOW" "registrations-for-the-events-calendar 2.12.4 Unauthenticated.Stored.XSS HIGH" "registrations-for-the-events-calendar 2.12.2 Missing.Authorization MEDIUM" "registrations-for-the-events-calendar 2.12.3 Authenticated.(Contributor+).SQL.Injection CRITICAL" "registrations-for-the-events-calendar 2.7.10 Reflected.Cross-Site.Scripting HIGH" "registrations-for-the-events-calendar 2.7.6 Unauthenticated.SQL.Injection HIGH" "registrations-for-the-events-calendar 2.7.5 Reflected.Cross-Site.Scripting HIGH" "rs-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "role-and-customer-based-pricing-for-woocommerce 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rolo-slider No.known.fix Missing.Authorization.to.Authenticated(Subscriber+).Settings.Change MEDIUM" "revy No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "revy No.known.fix Unauthenticated.SQL.Injection HIGH" "rezgo No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "rezgo 4.1.8 Reflected.Cross-Site-Scripting MEDIUM" "rezgo 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "review-widgets-for-amazon 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "redirection-plus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "read-offline No.known.fix Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "read-offline No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "rss-feed-post-generator-echo 5.4.7 Unauthenticated.Privilege.Escalation CRITICAL" "remove-add-to-cart-woocommerce 1.4.5 Settings.Update.via.CSRF MEDIUM" "remove-add-to-cart-woocommerce 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "responsive-css-editor No.known.fix Admin+.SQLi MEDIUM" "rsvpmaker-for-toastmasters 6.2.5 Unauthenticated.Arbitrary.File.Upload CRITICAL" "responsive-cookie-consent 1.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "resume-builder No.known.fix Subscriber+.Stored.XSS HIGH" "reservit-hotel 3.0 Admin+.Stored.XSS LOW" "responsive-menu 4.1.8 Subscriber+.Arbitrary.File.Upload./.Theme.Deletion./.Plugin.Settings.Update HIGH" "responsive-menu 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "responsive-menu 3.1.4 XSS.and.CSRF HIGH" "ra-qrcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reloaded-rezdy No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "read-more-copy-link No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ravpage No.known.fix PHP.Object.Injection CRITICAL" "ravpage 2.25 Reflected.Cross-Site.Scripting MEDIUM" "recently-viewed-and-most-viewed-products No.known.fix Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "reactflow-session-replay-heatmap No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "really-simple-ssl-pro-multisite 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "recencio-book-reviews No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "roi-calculator 1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "relogo No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "rocket-font No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "reviewscouk-for-woocommerce 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rename-wp-login No.known.fix Secret.URL.Update.via.CSRF MEDIUM" "rockhoist-badges No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "responsive-accordion-tabs 1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "reviews-plus 1.3.5 Missing.Authorization.to.Notice.Dismissal MEDIUM" "reviews-plus 1.2.14 Subscriber+.Reviews.DoS LOW" "restricted-content 2.2.9 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "restricted-content 2.2.5 Reflected.XSS HIGH" "restricted-content 2.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rays-grid No.known.fix Cross-Site.Request.Forgery MEDIUM" "rays-grid 1.2.3 CSRF.Bypass MEDIUM" "ragic-shortcode 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rewp 1.0.2 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "review-widgets-for-airbnb 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "restrict-user-access 2.6 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.6 Information.Exposure MEDIUM" "restrict-user-access 2.4.3 Reflected.Cross-Site.Scripting MEDIUM" "restrict-user-access 2.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-buddypress-groups 2.8.4 Subscriber+.Arbitrary.Settings.Update.&.Review.Modification MEDIUM" "review-buddypress-groups 2.8.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "responsive-iframe No.known.fix Contributor+.Stored.XSS HIGH" "rife-elementor-extensions 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Shortcode MEDIUM" "rife-elementor-extensions 1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Writing.Effect.Headline.Widget MEDIUM" "rife-elementor-extensions 1.1.6 Contributor+.Stored.XSS MEDIUM" "radio-forge No.known.fix Reflected.Cross-Site.Scripting HIGH" "responsive-video-embed 0.5.1 Contributor+.Stored.XSS MEDIUM" "restrict-usernames-emails-characters 3.1.4 Admin+.Stored.XSS LOW" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "renee-work-in-progress No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "reflex-gallery 3.1.5 jQuery.prettyPhoto.DOM.Cross-Site.Scripting.(XSS) MEDIUM" "review-widgets-for-capterra 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "review-schema 2.2.5 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "review-schema 2.2.0 Missing.Authorization.to.Arbitrary.Review.Update MEDIUM" "ratings-shorttags No.known.fix Stored.XSS.via.CSRF HIGH" "responsive-tabs-for-wpbakery No.known.fix Contributor+.Stored.XSS MEDIUM" "re-attacher 1.0.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "restaurant-pickup-delivery-dine-in No.known.fix Admin+.Stored.XSS LOW" "revenueflex-easy-ads 1.5.1 Missing.Authorization.to.Authenticated.(Editor+).Settings.Update LOW" "rss-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "redirects No.known.fix Missing.Authorization.via.save MEDIUM" "redirects No.known.fix Missing.Authorization MEDIUM" "real-media-library-lite 4.11.12 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "real-media-library-lite 4.22.8 Contributor+.Stored.XSS MEDIUM" "real-media-library-lite 4.18.29 Author+.Stored.XSS MEDIUM" "real-media-library-lite 4.14.2 Author.Stored.Cross-Site.Scripting MEDIUM" "restropress 3.1.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restropress 3.1.2.1 Cross-Site.Request.Forgery.via.rpress_orders_list_table_process_bulk_actions MEDIUM" "restropress 2.8.3 Cart.Manipulation.via.CSRF MEDIUM" "restropress 2.8.3.1 Unauthorised.AJAX.Calls HIGH" "recipes-writer No.known.fix XSS MEDIUM" "rafflepress 1.12.17 Admin+.Stored.XSS LOW" "rafflepress 1.12.16 Editor+.Stored.XSS LOW" "rafflepress 1.12.14 Editor+.Stored.XSS LOW" "rafflepress 1.12.5 Missing.Authorization MEDIUM" "rafflepress 1.12.11 IP.Spoofing MEDIUM" "rafflepress 1.12.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "rafflepress 1.12.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "rafflepress 1.11.3 Contributor+.Stored.XSS MEDIUM" "read-more-without-refresh 3.2 Admin+.Stored.Cross-Site.Scripting LOW" "royal-slider 3.2.7 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "responsive-flipbook No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "redirect-404-to-parent 1.3.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "royal-elementor-addons 1.7.1008 Reflected.XSS HIGH" "royal-elementor-addons 1.7.1007 Stored.XSS.via.CSRF HIGH" "royal-elementor-addons 1.7.1002 Reflected.Cross-Site.Scripting HIGH" "royal-elementor-addons 1.7.1002 Missing.Authorization LOW" "royal-elementor-addons 1.7.1 Contributor+.Stored.XSS MEDIUM" "royal-elementor-addons 1.7.1004 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Google.Maps.Widget MEDIUM" "royal-elementor-addons 1.7.1002 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Author+).External.Entity.Injection MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Subscriber+).Private.Post.Disclosure MEDIUM" "royal-elementor-addons 1.3.987 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Member.Widget MEDIUM" "royal-elementor-addons 1.3.985 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.981 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.Magazine.Grid/Slider.Widget MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.977 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Uploads MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Back.to.Top.Widget MEDIUM" "royal-elementor-addons 1.3.976 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.975 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Form.Builder.Widget MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.IP.Spoofing MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Flip.Carousel,.Flip.Box,.Post.Grid,.and.Taxonomy.List.Widget.Attributes MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.Advanced.Accordion.Title.Tags MEDIUM" "royal-elementor-addons 1.3.972 Contributor+.Stored.Cross-Site.Scripting.via.HTML.Tags MEDIUM" "royal-elementor-addons 1.3.95 Unauthenticated.Limited.File.Upload HIGH" "royal-elementor-addons 1.3.95 Contributor+.Stored.Cross-Site.Scriting MEDIUM" "royal-elementor-addons 1.3.92 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Logo.Widget MEDIUM" "royal-elementor-addons 1.3.88 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.88 Multiple.Cross-Site.Request.Forgery MEDIUM" "royal-elementor-addons 1.3.88 Missing.Authorization.via.wpr_update_form_action_meta MEDIUM" "royal-elementor-addons 1.3.81 Unauthenticated.Arbitrary.Post.Read MEDIUM" "royal-elementor-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.79 Unauthenticated.Arbitrary.File.Upload CRITICAL" "royal-elementor-addons 1.3.71 Reflected.Cross-Site.Scripting MEDIUM" "royal-elementor-addons 1.3.71 Unauthenticated.API.Key.Disclosure MEDIUM" "royal-elementor-addons 1.3.60 Menu.Template.Creation.via.CSRF MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Mega.Menu.Settings.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Import.Deletion MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Deactivation MEDIUM" "royal-elementor-addons 1.3.60 Reflected.XSS HIGH" "royal-elementor-addons 1.3.60 Subscriber+.Template.Kit.Import MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Template.Condition.Update MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Template.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "royal-elementor-addons 1.3.60 Subscriber+.Arbitrary.Theme.Activation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Creation MEDIUM" "royal-elementor-addons 1.3.56 Subscriber+.Arbitrary.Post.Deletion HIGH" "royal-elementor-addons 1.3.33 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "recent-backups No.known.fix Remote.File.Download HIGH" "report-broken-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "report-broken-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rate-star-review 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rate-star-review 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "rss-import No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "resermy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "resermy No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "resermy No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rotatingtweets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "redirect-after-login No.known.fix Admin+.Stored.XSS LOW" "realtyna-provisioning 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "regenerate-post-permalinks No.known.fix Cross-Site.Request.Forgery MEDIUM" "related-posts-line-up-exactry-by-milliard No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "raygun4wp 1.8.3 XSS MEDIUM" "raygun4wp 1.8.1 Unauthenticated.Reflected.XSS MEDIUM" "rebuild-permalinks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "redirect-redirection 1.2.0 Subscriber+.Unauthorised.Action.Calls MEDIUM" "redirect-redirection 1.1.4 Plugin.Installation.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Subscriber+.Plugin.Installation MEDIUM" "redirect-redirection 1.1.5 Plugin.Reset.via.CSRF MEDIUM" "redirect-redirection 1.1.4 Redirect.Creation.via.CSRF MEDIUM" "remove-add-to-cart-button-for-woocommerce 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "remove-add-to-cart-button-for-woocommerce 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "redi-restaurant-reservation 24.1015 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 24.0712 Missing.Authorization MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Cross-Site.Request.Forgery.via.redi_restaurant_admin_options_page() MEDIUM" "redi-restaurant-reservation 24.0303 Reflected.Cross-Site.Scripting MEDIUM" "redi-restaurant-reservation 21.0426 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "remove-wp-update-nags 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "remove-wp-update-nags 1.4.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "random-banner No.known.fix Contributor+.Stored.XSS MEDIUM" "random-banner No.known.fix Admin+.Stored.XSS LOW" "random-banner 4.1.6 Admin+.Stored.Cross-Site.Scripting LOW" "random-banner 2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "reveal-template No.known.fix Unauthenticated.Full.Path.Disclosure MEDIUM" "realbig-media 1.0.7 Settings.Update.via.CSRF MEDIUM" "responsivity No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "role-based-pricing-for-woocommerce 1.6.3 Subscriber+.PHAR.Deserialization HIGH" "role-based-pricing-for-woocommerce 1.6.2 Subscriber+.Arbitrary.File.Upload HIGH" "responsive-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revi-io-customer-and-product-reviews 5.8.0 Reflected.Cross-Site.Scripting MEDIUM" "review-engine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-engine No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "review-engine No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "registered-user-sync-activecampaign No.known.fix Missing.Authorization MEDIUM" "rb-internal-links No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "rj-quickcharts No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "related-posts 1.8.2 XSS MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "recurring-bookings-for-woocommerce No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "radio-buttons-for-taxonomies 2.0.6 Cross-Site.Request.Forgery MEDIUM" "robo-gallery 3.2.22 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.24 Admin+.Stored.XSS LOW" "robo-gallery 3.2.22 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "robo-gallery 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Private.Gallery.Title.Disclosure MEDIUM" "robo-gallery 3.2.22 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Gallery.Title MEDIUM" "robo-gallery 3.2.20 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Image.Title MEDIUM" "robo-gallery 3.2.20 Cross-Site.Request.Forgery.to.Post.Creation.and.Limited.Data.Loss HIGH" "robo-gallery 3.2.19 Unauthenticated.Information.Exposure MEDIUM" "robo-gallery 3.2.18 Author+.Stored.XSS MEDIUM" "robo-gallery 3.2.16 Admin+.Stored.XSS LOW" "robo-gallery 3.2.13 Contributor+.Stored.XSS MEDIUM" "robo-gallery 3.2.11 Plugin.Activation/Deactivation.via.CSRF MEDIUM" "robo-gallery 3.2.12 Cross-Site.Request.Forgery MEDIUM" "rss-for-yandex-turbo 1.31 Admin+.Stored.Cross-Site.Scripting LOW" "rss-for-yandex-turbo 1.30 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.section_tag.Parameter MEDIUM" "responsive-block-editor-addons 1.9.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-block-editor-addons 1.8.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reviewpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reviewpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "responsive-vector-maps 6.4.2 Responsive.Vector.Maps.<.6.4.2.-.Subscriber+.Arbitrary.File.Read HIGH" "recall-products No.known.fix Authenticated.SQL.Injection MEDIUM" "recall-products No.known.fix Authenticated.Cross-Site.Scripting MEDIUM" "rough-chart No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "rapidexpcart No.known.fix Stored.XSS.via.CSRF CRITICAL" "rich-event-timeline No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "restricted-site-access 7.3.2 Access.Bypass.via.IP.Spoofing MEDIUM" "republish-old-posts 1.27 Cross-Site.Request.Forgery.via.rop_options_page MEDIUM" "rich-table-of-content 1.3.9 Contributor+.Stored.XSS MEDIUM" "reviews-widgets 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rimons-twitter-widget 1.3 XSS MEDIUM" "review-widgets-for-opentable 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "razorpay-payment-button 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "rsvpmaker-volunteer-roles No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "related-post-shortcode No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "redux-converter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "review-widgets-for-hotels-com 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "rest-api-to-miniprogram No.known.fix Cross-Site.Request.Forgery MEDIUM" "rest-api-to-miniprogram 4.7.6 Unauthenticated.Arbitrary.User.Email.Update.and.Privilege.Escalation.via.Account.Takeover CRITICAL" "rest-api-to-miniprogram No.known.fix Unauthenticated.SQL.Injection HIGH" "rest-api-to-miniprogram No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "robotcpa No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "real-wysiwyg No.known.fix Reflected.Cross-Site.Scripting HIGH" "rate-own-post No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "remove-cpt-base 5.9 CPT.Deletion.via.CSRF MEDIUM" "rm-mailchimp-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rm-mailchimp-manager No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "revolution-for-elementor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "revolution-for-elementor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "rehub-framework 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "ruven-toolkit No.known.fix tinymce/popup.php.popup.Parameter.Reflected.XSS MEDIUM" "related-posts-for-wp 2.2.2 Cross-Site.Request.Forgery MEDIUM" "related-posts-for-wp 2.0.5 Authenticated.Stored.XSS.&.XFS MEDIUM" "related-posts-for-wp 2.0.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "related-posts-for-wp 1.8.2 Cross-Site.Scripting.(XSS) CRITICAL" "radio-player No.known.fix Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.79 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Player.Deletion MEDIUM" "radio-player 2.0.74 Missing.Authorization.to.Settings.Update MEDIUM" "radio-player 2.0.74 Missing.Authorization MEDIUM" "radio-player 2.0.74 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "radio-player 2.0.74 Unauthenticated.Server-Side.Request.Forgery HIGH" "radio-player 2.0.74 Missing.Authorization.to.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "radio-player 2.0.74 Missing.Authorization.via.get_players MEDIUM" "radio-player 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "radio-player 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rsvp 2.7.15 Authenticated.(Administrator+).SQL.Injection MEDIUM" "rsvp 2.7.14 Missing.Authorization MEDIUM" "rsvp 2.7.8 Unauthenticated.Entries.Export HIGH" "rsvp 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "rsvp 2.3.8 XSS MEDIUM" "rentpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "realteo 1.2.9 Real.Estate.Plugin.by.Purethemes.<.1.2.9.-.Authentication.Bypass.via.'do_register_user' CRITICAL" "realteo 1.2.4 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "realteo 1.2.4 Arbitrary.Property.Deletion.via.IDOR HIGH" "rk-responsive-contact-form No.known.fix Authenticated.Blind.SQL.Injection CRITICAL" "revolut-gateway-for-woocommerce 4.17.4 Missing.Authorization.to.Unauthenticated.Order.Status.Update MEDIUM" "revolut-gateway-for-woocommerce 4.9.8 Missing.Authorization MEDIUM" "reader-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "real-estate-pro 1.7.1 Subscriber+.Privilege.Escalation CRITICAL" "recent-posts-slider No.known.fix Cross-Site.Request.Forgery MEDIUM" "recent-posts-slider No.known.fix Unauthenticated.Stored.XSS HIGH" "responsive-google-maps 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-addons-for-elementor 1.6.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "responsive-addons-for-elementor 1.6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-addons-for-elementor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "recurring-donation 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "recipe-card-blocks-by-wpzoom 3.4.4 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Disclosure MEDIUM" "recipe-card-blocks-by-wpzoom 3.3.2 Missing.Authorization MEDIUM" "recipe-card-blocks-by-wpzoom 2.8.1 Reflected.Cross-Site.Scripting HIGH" "recipe-card-blocks-by-wpzoom 2.8.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "razorpay-payment-button-elementor 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "rsv-360-view No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive-lightbox2 1.0.4 Contributor+.Stored.XSS MEDIUM" "responsive-lightbox2 1.0.3 Authenticated.Stored.Cross-Site.Scripting LOW" "resads No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "resads No.known.fix Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "resads 1.0.2 .Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "real-time-find-and-replace 4.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "refer-a-friend-widget-for-wp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Featherlight.js.JavaScript.Library MEDIUM" "responsive-lightbox 2.4.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "responsive-lightbox 2.4.9 Author+.Stored.XSS MEDIUM" "responsive-lightbox 2.4.8 Missing.Authorization MEDIUM" "responsive-lightbox 2.4.8 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.File.Upload MEDIUM" "responsive-lightbox 2.4.7 Information.Disclosure MEDIUM" "responsive-lightbox 2.4.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.name MEDIUM" "responsive-lightbox 1.7.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "review-widgets-for-szallas-hu 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "restaurant-reservations 2.6.17 Missing.Authorization MEDIUM" "restaurant-reservations 2.6.8 Reflected.Cross-Site.Scripting HIGH" "restaurant-reservations 2.4.12 Unauthenticated.Arbitrary.Payment.Status.Update.to.Stored.XSS HIGH" "restaurant-reservations 2.4.8 Subscriber+.Stored.Cross-Site.Scripting HIGH" "radius-blocks 2.2.0 Cross-Site.Request.Forgery MEDIUM" "radius-blocks 2.2.0 Contributor+.Stored.XSS MEDIUM" "reviews-widgets-for-yelp 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "remove-duplicate-posts 1.3 Reflected.Cross-Site.Scripting MEDIUM" "rollover-tab No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rsvpmaker-excel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reset 1.7 Cross-Site.Request.Forgery.to.Database.Reset HIGH" "react-webcam No.known.fix Contributor+.Stored.XSS MEDIUM" "rss-icon-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "rustolat No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "restrict-categories No.known.fix Reflected.XSS HIGH" "rich-counter 1.2.0 Cross-Site.Scripting.(XSS) MEDIUM" "rio-photo-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "responsive-flickr-gallery No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "remove-old-slugspermalinks 2.7.0 Cross-Site.Request.Forgery MEDIUM" "referrer-detector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "rvg-optimize-database 5.1 Missing.Authorization.via.'odb_csv_download' MEDIUM" "rvg-optimize-database 5.1.1 Database.Optimization.via.CSRF MEDIUM" "rock-form-builder 2.5 Privilege.Escalation HIGH" "read-and-understood 2.2 Authenticated.Stored.XSS.&.CSRF HIGH" "robokassa 1.6.2 Reflected.Cross-Site.Scripting MEDIUM" "rsvp-me No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "rsvp-me No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "rsvp-me No.known.fix Unauthenticated.SQL.Injection HIGH" "rating-widget 3.2.0 Reflected.Cross-Site.Scripting MEDIUM" "rating-widget 3.2.1 Contributor+.Stored.XSS MEDIUM" "rating-widget 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "reciply No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reciply 1.1.8 Unauthenticated.File.Upload MEDIUM" "recaptcha-jetpack No.known.fix Settings.Update.via.CSRF MEDIUM" "recaptcha-jetpack No.known.fix Stored.XSS.via.CSRF HIGH" "reactive-mortgage-calculator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rss-news-scroller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "raise-prices-with-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "raise-prices-with-sales-for-woocommerce 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rich-reviews No.known.fix Arbitrary.Reviews.Deletion.via.CSRF MEDIUM" "rich-reviews 1.9.6 Admin+.SQL.Injection MEDIUM" "really-simple-ssl 9.2.0 Cross-Site.Request.Forgery MEDIUM" "really-simple-ssl 9.1.2 9.1.1.1.-.Authentication.Bypass CRITICAL" "really-simple-ssl 8.0.0 Admin+.Server-Side.Request.Forgery MEDIUM" "responsive-add-ons 3.1.5 Authenticated.(Contributor+).Blind.Server-Side.Request.Forgery.via.remote_request MEDIUM" "responsive-add-ons 3.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "responsive-add-ons 2.2.6 Unprotected.AJAX.Endpoints CRITICAL" "responsive-youtube-videos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "role-includer No.known.fix Reflected.Cross-Site.Scripting.via.user_id.Parameter MEDIUM" "rng-refresh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "revision-manager-tmc 2.8.20 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Email.Sending MEDIUM" "revision-manager-tmc 2.8.0 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.6.0 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.4 Missing.Authorization.via.multiple.AJAX.functions LOW" "restaurant-cafe-addon-for-elementor 1.5.3 Cross-Site.Request.Forgery MEDIUM" "restaurant-cafe-addon-for-elementor 1.5.3 Missing.Authorization MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.8 Reflected.Cross-Site.Scripting MEDIUM" "restaurant-cafe-addon-for-elementor 1.4.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rumbletalk-chat-a-chat-with-themes 6.2.0 Missing.Authorization.via.handleRequest HIGH" "rotating-posts No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "responsive-column-widgets No.known.fix Reflected.XSS HIGH" "responsive-column-widgets No.known.fix Open.Redirect.via.responsive_column_widgets_link MEDIUM" "restaurantconnect-reswidget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "romethemeform 1.1.6 Missing.Authorization.via.export_entries,.rtformnewform,.and.rtformupdate MEDIUM" "romethemeform 1.1.3 Missing.Authorization MEDIUM" "redux-framework 4.4.18 .4.4.17.-.Unauthenticated.JSON.File.Upload.to.Stored.Cross-Site.Scripting HIGH" "redux-framework 4.2.13 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "redux-framework 4.2.13 Contributor+.Arbitrary.Plugin.Installation.and.Post.Deletion HIGH" "redux-framework 4.1.24 4.1.23.-.CSRF.Nonce.Validation.Bypass MEDIUM" "redux-framework 4.1.21 CSRF.Nonce.Validation.Bypass MEDIUM" "randomtext No.known.fix Subscriber+.SQLi HIGH" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "read-more-excerpt-link 1.6.1 Settings.Update.via.CSRF MEDIUM" "rearrange-woocommerce-products 3.0.8 Subscriber+.SQL.Injection HIGH" "responsivevoice-text-to-speech 1.7.7 Contributor+.Stored.XSS MEDIUM" "reglevel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "responsive-menu-pro 4.0.4 CSRF.to.Arbitrary.File.Upload HIGH" "responsive-menu-pro 4.0.4 CSRF.to.Settings.Update MEDIUM" "responsive-menu-pro 4.0.4 4.0.3.-.Authenticated.Arbitrary.File.Upload CRITICAL" "responsive-facebook-and-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "redirection 3.6.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "redirection 2.8 Authenticated.Local.File.Inclusion MEDIUM" "review-widgets-for-foursquare 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "r3w-instafeed No.known.fix Reflected.XSS HIGH" "responsive-data-table No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reviewstap 1.1.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "reservation-studio-widget 1.0.12 Admin+.Stored.XSS LOW" "reservation-studio-widget 1.0.12 Cross-Site.Request.Forgery MEDIUM" "retain No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "reset-course-progress-for-learndash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "reset-course-progress-for-learndash No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "rename-author-slug No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "resmushit-image-optimizer 0.4.4 Subscriber+.AJAX.Calls MEDIUM" "resmushit-image-optimizer 0.4.7 Multiple.CSRF MEDIUM" "resmushit-image-optimizer 0.4.6 Admin+.Cross-Site.Scripting LOW" "recipepress-reloaded No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "remote-content-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "remote-content-shortcode No.known.fix Authenticated(Contributor+).Local.File.Inclusion.via.shortcode MEDIUM" "review-stream 1.6.6 Admin+.Stored.XSS LOW" "replace-word No.known.fix Cross-Site.Request.Forgery MEDIUM" "residential-address-detection 2.5.5 Unauthenticated.Arbitrary.Options.Update CRITICAL" "role-based-bulk-quantity-pricing 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "responsive-jquery-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rss-chimp 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "rss-chimp 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "recently-purchased-products-for-woo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.view.Parameter MEDIUM" "site-offline 1.5.7 Admin+.Stored.XSS LOW" "site-offline 1.5.3 Access.Bypass MEDIUM" "site-offline 1.4.4 Multiple.Cross-Site.Request.Forgery MEDIUM" "sender-net-automated-emails 2.6.16 Reflected.Cross-Site.Scripting MEDIUM" "sender-net-automated-emails 2.6.19 Cross-Site.Request.Forgery MEDIUM" "subscribe-to-comments-reloaded 240119 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "subscribe-to-comments-reloaded 220502 Multiple.CSRF MEDIUM" "subscribe-to-comments-reloaded 150820 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "showhide-shortcode 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "speedycache 1.1.9 Cross-Site.Request.Forgery MEDIUM" "speedycache 1.1.4 Missing.Authorization.to.Plugin.Options.Update MEDIUM" "speedycache 1.1.3 .Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "sharebar No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "sharebar 1.2.2 SQL.Injection.&.Cross.Site.Scripting CRITICAL" "seo-meta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "search-filter-pro 2.5.20 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Meta.Exposure MEDIUM" "search-filter-pro 2.5.18 Admin+.Stored.XSS LOW" "smooth-dynamic-slider No.known.fix Reflected.Cross-Site.Scriptign MEDIUM" "secupress-pro 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "stream-status-for-twitch 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-slider-3 3.5.1.23 Contributor+.Stored.XSS.via.SVG.Upload MEDIUM" "smart-slider-3 3.5.1.14 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 Contributor+.Stored.XSS MEDIUM" "smart-slider-3 3.5.1.11 PHP.Object.Injection MEDIUM" "smart-slider-3 3.5.0.9 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-theme-options 1.7 Admin+.Stored.Cross-Site.Scripting LOW" "sensly-online-presence No.known.fix Admin+.Stored.XSS LOW" "stripe-payments 2.0.87 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accept_stripe_payment_ng.Shortcode MEDIUM" "stripe-payments 2.0.80 Insecure.Direct.Object.Reference MEDIUM" "stripe-payments 2.0.64 Admin+.Stored.Cross-Site.Scripting LOW" "stripe-payments 2.0.40 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "surbma-salesautopilot-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "same-but-different No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simply-featured-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "square-thumbnails 1.1.2 Missing.Authorization MEDIUM" "show-all-comments-in-one-page 7.0.1 Reflected.XSS HIGH" "standout-color-boxes-and-buttons No.known.fix Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "skype-online-status No.known.fix Contributor+.Stored.XSS MEDIUM" "sticky-social-icons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sticky-social-icons No.known.fix Admin+.Stored.XSS LOW" "single-sign-on-client No.known.fix Authentication.Bypass HIGH" "search-everything 8.1.7 SQL.Injection CRITICAL" "search-everything 8.1.6 SQL.Injection CRITICAL" "store-locator No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "store-locator No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "store-locator 3.98.8 Settings.Update.via.CSRF MEDIUM" "store-locator 3.34 SQL.Injection CRITICAL" "ssquiz No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "smartsoftbutton-widget-de-botones-de-chat No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF HIGH" "smart-countdown-fx No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slotti-ajanvaraus 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slotti-ajanvaraus 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-cart-solution No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-cart-solution 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "service-area-postcode-checker No.known.fix Admin+.Stored.XSS LOW" "seo-for-local 9.2.1 Reflected.Cross-Site.Scripting MEDIUM" "seo-for-local 9.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-signup-form No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "serped-net 4.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "slideshow-ck 1.4.10 Admin+.Stored.Cross-Site.Scripting LOW" "sql-chart-builder No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "site-launcher No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stockdio-historical-chart 2.8.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stockdio-historical-chart 2.8.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "stock-exporter-for-woocommerce 1.2.0 Reflected.XSS HIGH" "social-login-lite-for-woocommerce No.known.fix Authentication.Bypass CRITICAL" "small-package-quotes-fedex-edition 4.3.2 Unauthenticated.SQL.Injection HIGH" "sk-wp-settings-backup No.known.fix Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "stock-in No.known.fix Authenticated.SQL.Injection MEDIUM" "stock-in No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "send-emails-with-mandrill 1.4.2 Missing.Authorization MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.Unauthorised.Actions MEDIUM" "social-share-buttons-by-supsystic 2.2.4 Subscriber+.SQLi HIGH" "social-share-buttons-by-supsystic 2.2.4 Multiple.CSRF MEDIUM" "social-analytics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "skillbars 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "softtemplates-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-jwt-login 3.2.1 Arbitrary.Settings.Update.to.Site.Takeover.via.CSRF HIGH" "simple-jwt-login 3.3.0 Insecure.Password.Creation LOW" "sticky-popup No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "stars-testimonials-with-slider-and-masonry-grid 3.3.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stars-testimonials-with-slider-and-masonry-grid 3.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stars_testimonials.Shortcode MEDIUM" "simple-youtube-responsive 3.0 Contributor+.Stored.XSS MEDIUM" "shortcodes-for-amp-web-stories-and-elementor-widget 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-table-manager 1.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "seo-automatic-wp-core-tweaks No.known.fix Arbitrary.Admin.Account.Creation./.Admin.Email.Update.via.CSRF HIGH" "searchterms-tagging-2 No.known.fix XSS.&.Authenticated.SQL.Injection HIGH" "search-order-by-product-sku-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-block-slider 2.8 Missing.Authorization MEDIUM" "smart-recent-posts-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-buttons-creator No.known.fix Unauthenticated.Stored.XSS HIGH" "simple-buttons-creator No.known.fix Aribtrary.Button.Deletion.via.CSRF MEDIUM" "suretriggers 1.0.48 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Trigger.Link.Shortcode MEDIUM" "suretriggers 1.0.24 Cross-Site.Request.Forgery MEDIUM" "s2member 250214 Reflected.Cross-Site.Scripting MEDIUM" "s2member 250214 Reflected.Cross-Site.Scripting MEDIUM" "s2member 241216 Authenticated.(Contributor+).Sensitive.Information.Exposure HIGH" "s2member 241216 Unauthenticated.Remote.Code.Execution HIGH" "s2member 240325 Limited.Privilege.Escalation MEDIUM" "s2member 240315 Information.Exposure MEDIUM" "simply-rets 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "siteorigin-panels 2.31.5 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.31.1 Contributor+.Stored.XSS.via.Row.Label.Parameter MEDIUM" "siteorigin-panels 2.29.16 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "siteorigin-panels 2.29.7 Contributor+.Stored.XSS MEDIUM" "siteorigin-panels 2.10.16 CSRF.to.Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-membership-custom-messages 2.5 Reflected.Cross-Site.Scripting MEDIUM" "sql-reporting-services No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sql-reporting-services No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spatialmatch-free-lifestyle-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-booking-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-auto-tag No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shortcode-for-current-date 2.1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "stklcode-liveticker 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "search-filter 1.2.16 Contributor+.Stored.XSS MEDIUM" "sparkle-demo-importer 1.4.8 Missing.Authorization.to.Authorized(Subscriber+).Post/Pages/Attachements.Deletion.and.Demo.Data.Import MEDIUM" "sync-qcloud-cos 2.0.1 Admin+.Stored.Cross-Site.Scripting LOW" "secupress 2.3 Missing.Authorization MEDIUM" "secupress 2.3 Contributor+.Stored.XSS MEDIUM" "secupress 2.2.5.2 Cross-Site.Request.Forgery.to.Banned.IP.Address MEDIUM" "secupress 2.0 Unauthenticated.Arbitrary.IP.Ban MEDIUM" "step-by-step No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-tweet No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "simple-tweet No.known.fix Admin+.Stored.XSS LOW" "skt-builder 4.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "skt-builder 4.2 Missing.Authorization.to.Authenticated(Subscriber+).Content.Injection MEDIUM" "simple-admin-language-change 2.0.2 Arbitrary.User.Locale.Change MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Cross-Site.Request.Forgery MEDIUM" "schema-app-structured-data-for-schemaorg 2.2.1 Missing.Authorization MEDIUM" "schema-app-structured-data-for-schemaorg 1.22.4 Missing.Authorization.via.page_init MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "snazzyadmin-wp-admin-theme No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "skip-to No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sinking-dropdowns No.known.fix Cross-Site.Request.Forgery HIGH" "surbma-font-awesome 3.1 Contributor+.Stored.XSS MEDIUM" "sharethis-share-buttons 2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sharethis-inline-buttons.Shortcode MEDIUM" "srs-simple-hits-counter 1.1.1 Settings.Update.via.CSRF MEDIUM" "srs-simple-hits-counter 1.1.0 1.0.4.-.Unauthenticated.Blind.SQL.Injection CRITICAL" "spice-post-slider 2.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "spice-post-slider 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "safe-svg 2.2.6 Author+.SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.10 SVG.Sanitisation.Bypass MEDIUM" "safe-svg 1.9.6 XSS.Protection.Bypass HIGH" "secure-admin-ip No.known.fix Missing.Authorization.via.'saveSettings' MEDIUM" "shortcode-gallery-for-matterport-showcase 2.2.0 Cross-Site.Request.Forgery MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.8 Contributor+.Stored.XSS.via.shortcode MEDIUM" "shortcode-gallery-for-matterport-showcase 2.1.7 Reflected.XSS HIGH" "shortcode-gallery-for-matterport-showcase 2.1.5 Contributor+.Stored.XSS MEDIUM" "sg-security 1.5.1 Missing.Authorization.via.hide_notice() MEDIUM" "sg-security 1.3.1 Admin+.SQLi MEDIUM" "sg-security 1.2.6 Authorization.Weakness.to.Authentication.Bypass.via.2-FA.Back-up.Codes HIGH" "sg-security 1.2.6 Authentication.Bypass.via.2-FA.Authentication.Setup CRITICAL" "simple-form 2.12.2 Admin+.Stored.XSS LOW" "spotify-play-button No.known.fix Contributor+.Stored.XSS MEDIUM" "seo-keywords No.known.fix Reflected.Cross-Site.Scripting.via.google_error.Parameter MEDIUM" "studiocart 2.5.20 Reflected.Cross-Site.Scripting MEDIUM" "studiocart 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sponsors-carousel No.known.fix Admin+.Stored.XSS LOW" "site-is-offline-plugin No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "simple-facebook-twitter-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-facebook-twitter-widget No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smooth-page-scroll-updown-buttons 1.4.1 Authenticated.Stored.XSS.via.psb_positioning LOW" "smooth-page-scroll-updown-buttons 1.4 Authenticated.Stored.XSS MEDIUM" "simple-dashboard No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "solid-affiliate No.known.fix Sensitive.Information.Exposure MEDIUM" "s3bubble-amazon-s3-audio-streaming No.known.fix Arbitrary.File.Download HIGH" "simple-email-subscriber No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sikshya 0.0.22 Reflected.Cross-Site.Scripting MEDIUM" "sikshya 0.0.22 Reflected.Cross-Site.Scripting.via.page.Parameter MEDIUM" "shoutcast-icecast-html5-radio-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-event-planner 1.5.5 Contributor+.Stored.XSS LOW" "simple-event-planner 1.5.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "shortcode-factory 2.8 Local.File.Inclusion CRITICAL" "shortcode-factory 1.1.1 XSS MEDIUM" "search-field-for-gravity-forms 0.6 Reflected.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Fancy.Text,.Countdown.Widget,.and.Login.Form.Shortcodes MEDIUM" "sina-extension-for-elementor 3.6.0 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Sina.Image.Differ MEDIUM" "sina-extension-for-elementor 3.5.8 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Sina.Modal.Box.Widget.Elementor.Template MEDIUM" "sina-extension-for-elementor 3.5.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.read_more_text.Parameter MEDIUM" "sina-extension-for-elementor 3.5.5 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).Stored.Cross-site.Scriping.via.'Sina.Particle.Layer' MEDIUM" "sina-extension-for-elementor 3.5.4 Authenticated.(Contributor+).DOM-Based.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.5.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sina-extension-for-elementor 3.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Sina.Fancy.Text.Widget MEDIUM" "sina-extension-for-elementor 3.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sina-extension-for-elementor 3.3.12 Contributor+.Stored.XSS MEDIUM" "sina-extension-for-elementor 2.2.1 LFI HIGH" "srs-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smtp2go 1.5.0 Admin+.Stored.XSS LOW" "sendpulse-web-push 1.3.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "sendpulse-web-push 1.3.2 CSRF MEDIUM" "select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons 1.3.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-schools-staff-directory No.known.fix Admin+.Arbitrary.File.Upload CRITICAL" "salesking 1.6.30 Unauthenticated.Sensitive.Information.Exposure HIGH" "salesking 1.6.30 Unauthenticated.Privilege.Escalation CRITICAL" "salesking 1.6.30 Missing.Authorization.to.Settings.Change MEDIUM" "swatchly 1.2.1 Cross-Site.Request.Forgery MEDIUM" "scroll-to-top-builder No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "scribble-maps No.known.fix Reflected.Cross-Site.Scripting HIGH" "simply-gallery-block 3.2.4.3 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.galleryID.and.className.Parameters MEDIUM" "simply-gallery-block 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-gallery-block 3.0.8 Subscriber+.Arbitrary.Options.Update HIGH" "simply-gallery-block 2.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simply-gallery-block 2.2.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "simple-google-icalendar-widget 2.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-shopify-product No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "slidedeck-lite-for-wordpress No.known.fix Reflected.XSS HIGH" "sell-media-file No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "schreikasten No.known.fix Author+.SQL.Injections HIGH" "seo-title-tag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simpleshop-cz 2.10.1 Cross-Site.Request.Forgery MEDIUM" "simpleshop-cz 2.10.3 Missing.Authorization MEDIUM" "svg-flags-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-flags-lite 0.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-mobile-url-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "soliloquy-lite 2.7.7 Missing.Authorization.to.Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "soliloquy-lite 2.7.3 Subscriber+.Slider.Data.Access MEDIUM" "simple-image-popup 2.5.3 Admin+.Stored.XSS LOW" "simple-image-popup 2.0.0 Admin+.Stored.XSS LOW" "surly No.known.fix Missing.Authorization MEDIUM" "safe-ai-malware-protection-for-wp 1.0.18 Missing.Authorization.to.Unauthenticated.Database.Export HIGH" "socialsnap No.known.fix Admin+.Stored.XSS LOW" "socialsnap 1.3.6 Missing.Authorization MEDIUM" "saan-world-clock No.known.fix Contributor+.Stored.XSS MEDIUM" "seo-booster 3.8.10 Cross-Site.Request.Forgery MEDIUM" "seo-booster 3.8.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-booster 3.8.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-booster 3.8 Admin+.SQL.Injection MEDIUM" "skyboot-portfolio-gallery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "security-ninja 5.159 Reflected.Cross-Site.Scripting MEDIUM" "security-ninja 5.135 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sparkle-elementor-kit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seriously-simple-stats 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-stats 1.5.2 Reflected.XSS HIGH" "seriously-simple-stats 1.5.1 Podcast.Manager+.SQLi HIGH" "spectra-pro 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.IDs MEDIUM" "spectra-pro 1.1.6 Authenticated.(Author+).Privilege.Escalation HIGH" "simple-staff-list 2.2.5 Missing.Authorization.via.ajax_flush_rewrite_rules.and.staff_member_export MEDIUM" "simple-staff-list 2.2.4 Editor+.Stored.XSS MEDIUM" "simple-staff-list 2.2.3 Contributor+.Stored.XSS MEDIUM" "smartlink-dinamic-urls 1.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-link-groups No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "simple-custom-website-data No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "station-pro 2.3.4 Reflected.Cross-Site.Scripting MEDIUM" "station-pro 2.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "station-pro 2.2.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "styler-for-ninja-forms-lite No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Deletion.via.deactivate_license MEDIUM" "semantic-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.aThemes:.Portfolio.Widget MEDIUM" "sydney-toolbox 1.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sydney-toolbox 1.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Filterable.Gallery MEDIUM" "sydney-toolbox 1.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id MEDIUM" "sydney-toolbox 1.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-download-button-shortcode No.known.fix Sensitive.Data.Disclosure MEDIUM" "spam-control-xforwc 1.5.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "sb-core No.known.fix Authentication.Bypass CRITICAL" "smart-marketing-for-wp 5.0.5 Missing.Authorization MEDIUM" "smart-marketing-for-wp 2.0.0 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "simple-slider-ssp No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "show-posts 1.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "sw-contact-form No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "safe-editor 1.2 Unauthenticated.CSS/JS-injection MEDIUM" "supersaas-appointment-scheduling 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.after.Parameter MEDIUM" "supersaas-appointment-scheduling 2.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "singsong No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sola-testimonials No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "sola-testimonials No.known.fix Cross-Site.Request.Forgery MEDIUM" "shared-files 1.7.43 Limited.Unauthenticated.Stored.Cross-Site.Scripting.via.File.Upload HIGH" "shared-files 1.7.29 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "shared-files 1.7.20 Missing.Authorization MEDIUM" "shared-files 1.7.17 Missing.Authorization.to.Notice.Dismissal MEDIUM" "shared-files 1.7.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "shared-files 1.7.1 Reflected.Cross-Site.Scripting MEDIUM" "shared-files 1.6.72 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shared-files 1.6.61 Admin+.Stored.Cross-Site.Scripting LOW" "shared-files 1.6.57 Admin+.Stored.Cross-Site.Scripting LOW" "slash-admin 3.8.2 Cross-Site.Request.Forgery MEDIUM" "shockingly-simple-favicon No.known.fix Settings.Update.via.CSRF MEDIUM" "sola-newsletters No.known.fix CSRF.to.Stored.XSS HIGH" "sexy-contact-form 1.0.0 Shell.Upload CRITICAL" "snapshot-backup No.known.fix Stored.XSS.via.CSRF HIGH" "seraphinite-post-docx-source 2.16.10 Missing.Authorization MEDIUM" "seraphinite-post-docx-source 2.16.10 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "seraphinite-post-docx-source 2.16.7 Settings.Update/Reset/Import.via.CSRF MEDIUM" "speedsize-ai-image-optimizer 1.5.2 Cross-Site.Request.Forgery.to.Clear.Cache MEDIUM" "simple-goods No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scroll-post-excerpt No.known.fix Admin+.Stored.XSS LOW" "stax-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-job-board 2.12.4 Authenticated.(Editor+).PHP.Object.Injection HIGH" "simple-job-board 2.12.2 Admin+.Stored.XSS LOW" "simple-job-board 2.12.6 Unauthenticated.Resumes.Download LOW" "simple-job-board 2.11.1 Unauthenticated.PHP.Object.Injection.via.Job.Application.Fields CRITICAL" "simple-job-board 2.11.0 Missing.Authorization.to.Unauthenticated.Information.Disclosure MEDIUM" "simple-job-board 2.10.7 Cross-Site.Request.Forgery MEDIUM" "simple-job-board 2.10.6 Missing.Authorization MEDIUM" "simple-job-board 2.10.4 Settings.Update.via.CSRF MEDIUM" "simple-job-board 2.10.0 Resume.Disclosure.via.Directory.Listing MEDIUM" "simple-job-board 2.9.5 Admin+.Stored.Cross-Site.Scripting LOW" "simple-job-board 2.9.4 Authenticated.Path.Traversal.Leading.to.Arbitrary.File.Download HIGH" "simple-job-board 2.4.4 Reflected.XSS MEDIUM" "shortcode-in-comment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "stars-menu No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "slick-social-share-buttons No.known.fix Authenticated.(Subscriber+).Arbitrary.Option.Update HIGH" "subscriptiondna 2.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ship-to-ecourier 1.0.2 Plugin's.Settings.Update.via.CSRF MEDIUM" "simple-project-managment No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-social-share-block No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sliderpro 4.8.7 Missing.Authorization.via.AJAX.actions MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Reflected.Cross-Site.Scripting.via.monthly_sales_current_year.Parameter MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Sell.products.through.Paypal.<=.3.1.2.-.Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update./.Data.Access MEDIUM" "simple-e-commerce-shopping-cart No.known.fix Arbitrary.File.Upload CRITICAL" "sksdev-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "superstorefinder-wp 7.1 Unauthenticated.SQL.Injection.to.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "superstorefinder-wp 6.9.8 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "superstorefinder-wp 6.9.8 Unauthenticated.SQL.Injection CRITICAL" "superstorefinder-wp 6.9.4 Unauthenticated.Email.Creation/Sending MEDIUM" "superstorefinder-wp 6.5 Unauthenticated.SQL.Injections CRITICAL" "superstorefinder-wp 6.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "suki-sites-import No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "simple-downloads-list 1.4.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "selection-lite 1.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "selection-lite 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ssv-events No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "smart-custom-fields No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-custom-fields 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Disclosure MEDIUM" "search-logger No.known.fix Admin+.SQLi MEDIUM" "social-web-suite 4.1.12 Directory.Traversal.to.Arbitrary.File.Download HIGH" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "spiritual-gifts-survey No.known.fix Unauthenticated.CSRF.to.XSS MEDIUM" "smart-variations-images 5.2.8 Reflected.Cross-Site.Scripting MEDIUM" "smart-variations-images 5.1.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sp-announcement 2.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "salvador-ai-image-generator No.known.fix Missing.Authorization MEDIUM" "server-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "server-info 0.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spendino No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "stylish-cost-calculator 7.0.4 Subscriber+.Unauthorised.AJAX.Calls.to.Stored.XSS HIGH" "simple-sponsorships No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-sponsorships 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simplemodal No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supportbubble No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supportbubble No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sticky-header-on-scroll No.known.fix Missing.Authorization MEDIUM" "simple-popup-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-popup-plugin 4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "stock-locations-for-woocommerce 2.6.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.settings MEDIUM" "stock-ticker 3.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.stock_ticker.Shortcode MEDIUM" "stock-ticker 3.23.5 Authenticated.(Contributor+).Stored.Cross-Site.Scritping MEDIUM" "stock-ticker 3.23.4 Reflected.XSS HIGH" "stock-ticker 3.23.3 Reflected.XSS HIGH" "stock-ticker 3.23.1 Missing.Authorization.in.AJAX.Actions MEDIUM" "soisy-pagamento-rateale No.known.fix Missing.Authorization.to.Sensitive.Information.Exposure HIGH" "social-photo-gallery No.known.fix Remote.Code.Execution.(RCE) HIGH" "social-pug-author-box No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smoove-elementor 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "s2member-pro 250214 Unauthenticated.PHP.Object.Injection CRITICAL" "spider-event-calendar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spider-event-calendar 1.5.52 Admin+.SQL.injection MEDIUM" "spider-event-calendar 1.5.52 Authenticated.Blind.SQL.Injection CRITICAL" "spider-event-calendar 1.4.14 Unauthenticated.SQL.Injection HIGH" "scrollto-top No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "simple-iframe 1.2.0 Contributor+.Stored.XSS MEDIUM" "simple-code-insert-shortcode No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "slp-extenders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extenders 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "securimage-wp-fixed No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "seatgeek-affiliate-tickets No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "salon-booking-system 10.9.1 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "salon-booking-system 1.9.4 Admin+.Stored.XSS LOW" "salon-booking-system 10.9 Unauthenticated.Open.Redirect MEDIUM" "salon-booking-system 10.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "salon-booking-system 10.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 10.0 Missing.Authorization MEDIUM" "salon-booking-system 10.0 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "salon-booking-system 9.6.6 Settings.Update.via.CSRF MEDIUM" "salon-booking-system 9.6.6 Editor+.Stored.XSS LOW" "salon-booking-system 9.6.6 Editor+.Stored.XSS.via.Email.Settings LOW" "salon-booking-system 9.5.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 9.6.3 Unauthenticated.Stored.XSS HIGH" "salon-booking-system 8.7 Authenticated.(Editor+).Privilege.Escalation HIGH" "salon-booking-system 8.4.9 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 8.4.8 User.Role.change.via.CSRF MEDIUM" "salon-booking-system 7.9.4 Reflected.Cross-Site.Scripting MEDIUM" "salon-booking-system 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-system 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "salon-booking-system 7.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "salon-booking-system 6.3.1 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "simple-image-manipulator No.known.fix Remote.File.Download HIGH" "shipping-labels-for-woo 2.3.9 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting LOW" "simple-support-ticket-system 1.2.1 Unauthenticated.SQL.Injection CRITICAL" "simple-responsive-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "superlogoshowcase-wp 2.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "smoothscroller No.known.fix Admin+.Stored.XSS LOW" "scheduled-announcements-widget 1.0 Contributor+.Stored.XSS MEDIUM" "socialdriver-framework 2024.04.30 Contributor+.Stored.XSS MEDIUM" "socialdriver-framework 2024.04.30 Reflected.XSS HIGH" "socialdriver-framework 2024.04.30 Admin+.Stored.XSS.via.Settings LOW" "socialdriver-framework 2024.0.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "standard-box-sizes 1.6.14 Missing.Authorization MEDIUM" "setsail-membership 1.1 Authentication.Bypass CRITICAL" "seo-automatic-links No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "social-pug 1.34.4 Admin+.Stored.XSS LOW" "social-pug 1.33.2 PHP.Object.Injection HIGH" "social-pug 1.33.1 Unauthenticated.Password.Protected.Posts.Access MEDIUM" "social-pug 1.32.0 Admin+.Stored.XSS LOW" "social-pug 1.30.1 Missing.Authorization.via.multiple.admin_init.actions MEDIUM" "social-pug 1.19.0 Reflected.Cross-Site.Scripting MEDIUM" "social-pug 1.2.6 Social.Pug.<=.1.2.5.-.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "sip-reviews-shortcode-woocommerce No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "svg-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "salesmanago 3.2.5 Log.Injection.via.Weak.Authentication.Token MEDIUM" "spider-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "surveyjs 1.12.18 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion.via.SurveyJS_DeleteFile HIGH" "surveyjs 1.12.4 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "sangar-slider-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "social-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-kit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "small-package-quotes-purolator-edition 3.6.5 Unauthenticated.SQL.Injection HIGH" "seraphinite-old-slugs-mgr 1.4 Cross-Site.Request.Forgery MEDIUM" "shortcode-addons No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-addons No.known.fix Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "shortcode-addons 3.2.0 Authenticated.Arbitrary.Options.Update MEDIUM" "shortcode-addons 3.1.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "scratch-win-giveaways-for-website-facebook 2.9.0 Missing.Authorization.to.Unauthenticated.Coupon.Creation MEDIUM" "scratch-win-giveaways-for-website-facebook 2.8.0 Cross-Site.Request.Forgery.via.reset_installation.Function MEDIUM" "scratch-win-giveaways-for-website-facebook 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv-columns-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-columns-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spiffy-calendar 4.9.14 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.13 Authenticated.(Admin+).SQL.Injection MEDIUM" "spiffy-calendar 4.9.12 Authenticated.(Administrator+).SQL.Injection CRITICAL" "spiffy-calendar 4.9.11 Missing.Authorization MEDIUM" "spiffy-calendar 4.9.10 Reflected.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.9 Broken.Access.Control LOW" "spiffy-calendar 4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spiffy-calendar 4.9.4 Reflected.XSS MEDIUM" "spiffy-calendar 4.9.2 SQL.Injection HIGH" "spiffy-calendar 4.9.1 Arbitrary.Event.Deletion.via.CSRF MEDIUM" "spiffy-calendar 4.9.1 Subscriber+.Arbitrary.Event.Edition/Deletion.via.IDOR MEDIUM" "spiffy-calendar 3.3.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "specific-content-for-mobile 0.1.9.6 Reflected.Cross-Site.Scripting MEDIUM" "simple-post-notes 1.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-post-notes 1.7.7 Cross-Site.Request.Forgery MEDIUM" "simple-post-notes 1.7.6 Admin+.Stored.Cross-Site.Scripting LOW" "shortcode-menu No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "smpl-shortcodes No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "stm-megamenu 2.3.13 Unauthenticated.Local.File.Inclusion CRITICAL" "social-share-and-social-locker-arsocial 1.4.2 Admin+.Stored.XSS LOW" "simple-revisions-delete 1.5.4 Cross-Site.Request.Forgery MEDIUM" "smaily-for-wp No.known.fix Contributor+.Stored.XSS MEDIUM" "ssl-zen 4.6.0 Unauthenticated.Private.Keys.Access MEDIUM" "ssl-zen 4.5.2 Reflected.Cross-Site.Scripting MEDIUM" "ssl-zen 4.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sucuri-scanner 1.8.34 Event.log.Entry.Creation.via.CSRF MEDIUM" "saphali-woocommerce-lite 1.9.0 Settings.Update/Reset.via.CSRF MEDIUM" "style-tweaker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sailthru-triggermail No.known.fix Subscriber+.Stored.XSS HIGH" "sailthru-triggermail No.known.fix Reflected.XSS HIGH" "sailthru-triggermail No.known.fix Admin+.Stored.XSS LOW" "slideshow-gallery 1.8.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-gallery 1.8.2 Authenticated.(Contributor+).SQL.Injection HIGH" "slideshow-gallery 1.7.9 Contributor+.SQLi MEDIUM" "slideshow-gallery 1.7.9 Settings.Reset.via.CSRF MEDIUM" "slideshow-gallery 1.8.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "slideshow-gallery 1.7.4 Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-gallery 1.6.9 XSS.and.SQLi CRITICAL" "slideshow-gallery 1.6.6 Multiple.Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "shop-page-wp 1.2.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "simple-page-access-restriction 1.0.30 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-page-access-restriction 1.0.23 Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "schema-and-structured-data-for-wp 1.36 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "schema-and-structured-data-for-wp 1.34.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "schema-and-structured-data-for-wp 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.How.To.and.FAQ.Blocks MEDIUM" "schema-and-structured-data-for-wp 1.27 Contributor+.reCaptcha.Key.Update MEDIUM" "schema-and-structured-data-for-wp 1.27 Authenticated.Stored.XSS MEDIUM" "schema-and-structured-data-for-wp 1.26 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "schema-and-structured-data-for-wp 1.24 Contributor+.Stored.XSS MEDIUM" "simpleform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "structured-content 1.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sc_fs_local_business.Shortcode MEDIUM" "structured-content 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "structured-content 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Classic.Editor.Shortcode MEDIUM" "structured-content 1.6 Contributor+.Stored.XSS MEDIUM" "structured-content 1.6 Contributor+.PHP.Object.Injection HIGH" "structured-content 1.5.1 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "side-cart-woocommerce 2.3 Admin+.Stored.XSS LOW" "side-cart-woocommerce 2.2 Settings.Reset.via.CSRF MEDIUM" "side-cart-woocommerce 2.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "slingblocks 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slingblocks 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "set-admin-colour-on-staging-and-dev No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sahu-tiktok-pixel No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "super-forms 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "super-forms 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "slidedeck2 2.3.5 Unspecified.File.Inclusion CRITICAL" "seers-cookie-consent-banner-privacy-policy 8.1.1 Cross-Site.Request.Forgery MEDIUM" "seers-cookie-consent-banner-privacy-policy 8.1.2 Unauthenticated.Cookie.Policy.Update MEDIUM" "simple-tooltips No.known.fix Admin+.Stored.XSS LOW" "simple-tooltips 2.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "social-locker No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "social-locker 4.2.5 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shmapper-by-teplitsa 1.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "shmapper-by-teplitsa 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stax 1.3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stock-sync-for-woocommerce 2.4.1 Reflected.XSS HIGH" "small-package-quotes-ups-edition 4.5.17 Unauthenticated.SQL.Injection HIGH" "seo-blogger-to-wordpress-301-redirector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "steam-group-viewer No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scripts-organizer 3.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "sky-elementor-addons 2.6.2 Cross-Site.Request.Forgery.to.Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.3 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update HIGH" "sky-elementor-addons 2.6.2 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Content.Switcher.Widget.Elementor.Template MEDIUM" "sky-elementor-addons 2.5.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sky-elementor-addons 2.5.8 Contributor+.Stored.XSS MEDIUM" "sky-elementor-addons 2.5.0 Authenticated(Contributor+).Stored.Cross-site.scripting.via.Wrapper.Link.URL MEDIUM" "simplified No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "sitetweet-tweets-user-behaviors-on-your-site-on-twitter No.known.fix Stored.XSS.via.CSRF HIGH" "scripts-n-styles 3.5.8 Admin+.Stored.XSS LOW" "sandbox No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sandbox.Download MEDIUM" "sandbox No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-lite 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "simplistic-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spotify-play-button-for-wordpress 2.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spotifyplaybutton.Shortcode MEDIUM" "spotify-play-button-for-wordpress 2.11 Settings.Update.via.CSRF MEDIUM" "spotify-play-button-for-wordpress 2.08 Admin+.Stored.XSS LOW" "spotify-play-button-for-wordpress 2.06 Contributor+.Stored.XSS MEDIUM" "smart-donations No.known.fix Cross-Site.Request.Forgery MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Stored.XSS.via.CSRF HIGH" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Admin+.SQLi MEDIUM" "smart-donations No.known.fix Smart.Donations.<=.4.0.12.-.Reflected.XSS HIGH" "simple-posts-ticker 1.1.6 Admin+.Stored.XSS LOW" "simple-posts-ticker 1.1.6 Contributor+.Stored.XSS MEDIUM" "simple-share-buttons-adder 8.5.1 Admin+.Stored.XSS LOW" "simple-share-buttons-adder 8.4.12 Authenticated(Administrator+).Stored.Cross-Site.Scripting.via.CSS.Settings MEDIUM" "simple-share-buttons-adder 8.5.1 CSRF MEDIUM" "simple-share-buttons-adder 6.0.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "showbizpro No.known.fix Shell.Upload CRITICAL" "subscribers-com 1.5.4 Free.Web.Push.Notifications.<.1.5.4.-.Admin+.Stored.XSS LOW" "spotbot No.known.fix Reflected.XSS HIGH" "smart-logo-showcase-lite No.known.fix Contributor+.Stored.XSS MEDIUM" "smart-logo-showcase-lite 1.1.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "smart-id 4.7 Reflected.Cross-Site.Scripting MEDIUM" "sprout-invoices 20.8.2 Missing.Authorization MEDIUM" "sprout-invoices 20.8.1 Insecure.Direct.Object.Reference MEDIUM" "sprout-invoices 20.5.4 Sensitive.Information.Exposure MEDIUM" "sprout-invoices 19.0.1 Reflected.Cross-Site.Scripting MEDIUM" "sprout-invoices 19.9.7 Admin+.Stored.Cross-Site.Scripting LOW" "sell-photo 1.0.6 Authenticated.Stored.Cross-Site.Scripting LOW" "simple-popup-newsletter No.known.fix Reflected.Cross-Site.Scripting HIGH" "shopbuilder 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "shopbuilder 2.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "st-gallery-wp No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "slicko-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-connect No.known.fix Authentication.Bypass CRITICAL" "smsify 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "share-print-pdf-woocommerce 2.8.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "shortcode-imdb No.known.fix Cross-Site.Request.Forgery MEDIUM" "shortcode-imdb No.known.fix Admin+.SQLi MEDIUM" "sheet-to-wp-table-for-google-sheet 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STWT_Sheet_Table.Shortcode MEDIUM" "scan-external-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-testimonials-and-reviews-widget 5.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting HIGH" "social-testimonials-and-reviews-widget 5.00 Missing.Authorization MEDIUM" "social-testimonials-and-reviews-widget 5.02 CSRF MEDIUM" "sync-ecommerce-neo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sync-ecommerce-neo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "subscribe-to-comments 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "subscribe-to-comments 2.3 Authenticated.Local.File.Inclusion MEDIUM" "so-pinyin-slugs 2.3.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seo-bulk-editor No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "simply-show-hooks No.known.fix Injected.Backdoor CRITICAL" "svgator No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "svgator 1.2.5 API.Token.Update/Deletion.&.Import.Projects.via.CSRF MEDIUM" "simple-icons 2.7.8 Simple.Icons.<.2.7.8.-.Contributor+.Stored.XSS MEDIUM" "simplr-registration-form No.known.fix Subscriber+.Arbitrary.User.Password.Change.via.IDOR HIGH" "startend-subscription-add-on-for-gravityforms 4.0.6 Reflected.Cross-Site.Scripting MEDIUM" "super-testimonial-pro 1.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "simplelender-by-umatidocs-com No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "spider-facebook No.known.fix Cross-Site.Request.Forgery MEDIUM" "spider-facebook No.known.fix Reflected.XSS HIGH" "slider-comparison-image-before-and-after No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-progressive-web-apps 2.2.22 Missing.Authorization MEDIUM" "super-progressive-web-apps 2.1.13 Authenticated.(High.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "super-progressive-web-apps 2.1.12 Authenticated.(Low.Privileged).Arbitrary.File.Upload.to.RCE HIGH" "streamweasels-twitch-integration 1.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-twitch-embed.Shortcode MEDIUM" "streamweasels-twitch-integration 1.8.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "streamweasels-twitch-integration 1.7.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-twitch-integration 1.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sp-blog-designer No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "site-search-360 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-cloudflare-turnstile 1.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sermone-online-sermons-management No.known.fix Reflected.XSS HIGH" "sermone-online-sermons-management No.known.fix Contributor+.Stored.XSS MEDIUM" "software-license-manager 4.5.1 Arbitrary.Domain.Deletion.via.CSRF HIGH" "software-license-manager 4.5.0 Admin+.Stored.Cross-Site.Scripting LOW" "software-license-manager 4.4.8 Reflected.Cross-Site.Scripting HIGH" "software-license-manager 4.4.6 CSRF.to.Stored.XSS HIGH" "social-media-buttons-toolbar No.known.fix Admin+.Stored.XSS MEDIUM" "school-management-system 4.2 Admin+.SQLi MEDIUM" "support-x 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "support-x 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "spoontalk-social-media-icons-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "swipehq-payment-gateway-wp-e-commerce No.known.fix Multiple.XSS.Issues MEDIUM" "smart-blocks 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slide-anything 2.4.9 Author+.Stored.XSS MEDIUM" "slide-anything 2.3.47 Author+.Cross.Site.Scripting.in.slide.title MEDIUM" "slide-anything 2.3.44 Editor+.Stored.Cross-Site.Scripting LOW" "slide-anything 2.3.41 Contributor+.SQLi HIGH" "setup-default-feature-image 1.3 Missing.Authorization MEDIUM" "small-package-quotes-usps-edition 1.3.6 Unauthenticated.SQL.Injection HIGH" "simple-ads-manager No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "simple-ads-manager 2.9.5.118 SQL.Injection MEDIUM" "simple-download-counter 2.1 Authenticated.(Author+).Arbitrary.File.Read MEDIUM" "simple-download-counter 1.6.1 Contributor+.Stored.XSS MEDIUM" "seo-free No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-file-list 6.1.13 Reflected.Cross-Site.Scripting HIGH" "simple-file-list 6.1.10 Admin+.Stored.XSS LOW" "simple-file-list 6.1.10 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "simple-file-list 6.0.10 Admin+.Stored.XSS LOW" "simple-file-list 4.4.13 Page.Creation.via.CSRF MEDIUM" "simple-file-list 4.4.12 Admin+.Stored.Cross-Site.Scripting LOW" "simple-file-list 4.4.12 Reflected.Cross-Site.Scripting MEDIUM" "simple-file-list 4.2.8 Authenticated.Arbitrary.File.Deletion HIGH" "simple-file-list 4.2.3 Unauthenticated.Arbitrary.File.Upload.RCE CRITICAL" "simple-file-list 3.2.8 Unauthenticated.Arbitrary.File.Download HIGH" "svg-support 2.5.9 Stored.Cross-Site.Scripting.via.Vulnerability.Dependency MEDIUM" "svg-support 2.5.11 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "svg-support 2.5.8 Author+.Cross-Site.Scripting.via.SVG MEDIUM" "svg-support 2.5.2 Author+.Stored.XSS MEDIUM" "svg-support 2.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "svg-support 2.3.20 Admin+.Stored.Cross-Site.Scripting LOW" "sparkpost 2.3.6 Admin+.Stored.XSS LOW" "small-package-quotes-unishippers-edition 2.4.10 Reflected.Cross-Site.Scripting MEDIUM" "small-package-quotes-unishippers-edition 2.4.10 Missing.Authorization MEDIUM" "small-package-quotes-unishippers-edition 2.4.9 Unauthenticated.SQL.Injection HIGH" "smart-tools-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-tools-for-woocommerce 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sitemap-index No.known.fix Admin+.XSS LOW" "slickr-flickr No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "seo-landing-page-generator 1.66.3 Reflected.Cross-Site.Scripting MEDIUM" "seo-landing-page-generator 1.62.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smooth-scrolling-links-ssl No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "simplemodal-contact-form-smcf No.known.fix Admin+.Stored.XSS LOW" "superb-slideshow-gallery 13.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "svg-uploads-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "security-malware-firewall 2.150 Unauthenticated.Arbitrary.File.Upload CRITICAL" "security-malware-firewall 2.145.1 Authorization.Bypass.via.Reverse.DNS.Spoofing.to.Unauthenticated.SQL.Injection HIGH" "security-malware-firewall 2.121 IP.Spoofing MEDIUM" "security-malware-firewall 2.51 Security.Nonce.Leak.leading.to.Unauthorised.AJAX.call HIGH" "shortcodes-ui No.known.fix Contributor+.Stored.XSS MEDIUM" "shortcodes-ui No.known.fix CSRF MEDIUM" "school-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "school-management 93.0.0 Authenticated.(Student+).SQL.Injection.via.'view-attendance' MEDIUM" "school-management 93.0.0 Authenticated.(Subscriber+).SQL.Injection.via.'mj_smgt_show_event_task' MEDIUM" "school-management No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "school-management No.known.fix Student+.Account.Takeover.and.Privilege.Escalation HIGH" "school-management 92.0.0 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "school-management 92.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "stratum 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Vulnerability.via.Image.Hotspot.Widget MEDIUM" "stratum 1.4.5 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "stratum 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "stratum 1.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-downloads 1.0.8 Insufficient.Restrictions.when.Brute-Force.Purchase.IDs HIGH" "sided No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seatreg 1.56.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "siteimprove 2.0.7 Cross-Site.Request.Forgery MEDIUM" "swifty-page-manager No.known.fix Page.Creation/Deletion.via.CSRF MEDIUM" "swifty-page-manager No.known.fix Admin+.Stored.XSS LOW" "slider-by-supsystic 1.8.11 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-by-supsystic 1.8.11 Authenticated.(Admin+).SQL.Injection CRITICAL" "slider-by-supsystic 1.8.7 Missing.Authorization MEDIUM" "slider-by-supsystic 1.8.7 CSRF MEDIUM" "starfish-reviews 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "starfish-reviews 3.0.26 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "starfish-reviews 2.0.1 Subscriber+.Arbitrary.Option.Update CRITICAL" "shortcode-elementor 1.0.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "songkick-concerts-and-festivals 0.10.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sendpulse-email-marketing-newsletter 2.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchwp 4.2.6 Subscriber+.Settings.Update MEDIUM" "slider-slideshow No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-slideshow No.known.fix Contributor+.Stored.XSS MEDIUM" "slider-slideshow No.known.fix Cross-Site.Request.Forgery HIGH" "smart-scroll-to-top-lite 1.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "sfwd-lms 4.20.0.3 Missing.Authorization MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.assignments MEDIUM" "sfwd-lms 4.10.2 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.10.3 Sensitive.Information.Exposure.via.API MEDIUM" "sfwd-lms 4.5.3.1 SQL.Injection MEDIUM" "sfwd-lms 4.6.0.1 User.Account.Takeover.via.Insecure.Direct.Object.References HIGH" "sfwd-lms 3.1.6 Unauthenticated.SQL.Injection CRITICAL" "sfwd-lms 3.1.2 Reflected.Cross.Site.Scripting.(XSS).issue.on.the.[ld_profile].search.field. MEDIUM" "sfwd-lms 2.5.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "sp-rental-manager No.known.fix Unauthenticated.SQL.Injection HIGH" "slider-pro-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shantz-wordpress-qotd No.known.fix Arbitrary.Setting.Update.via.CSRF MEDIUM" "simple-responsive-image-gallery No.known.fix Reflected.Cross-Site.Scripting HIGH" "social-buttons-pack 1.1.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "stepbyteservice-openstreetmap No.known.fix Use.of.Polyfill.io MEDIUM" "stepbyteservice-openstreetmap 1.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "starcat-review No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starcat-review 0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "site-pin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "support-svg 1.1.1 .Authenticated.(Author+).Stored.Cross-site.Scripting.via.SVG.File.Upload MEDIUM" "support-svg 1.1.0 Stored.XSS.via.SVG.Upload MEDIUM" "sugar-calendar-lite 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "saoshyant-element No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-media-feather 2.1.4 Subscriber+.Unauthorised.Action MEDIUM" "social-media-feather 2.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "skt-templates 6.15 Reflected.Cross-Site.Scripting MEDIUM" "skt-templates 4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "support-chat 2.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsaio_snapchat.Shortcode MEDIUM" "sip-calculator No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "scrollbar-by-webxapp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-for-redirection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sitesupercharger 5.2.0 Unauthenticated.SQLi HIGH" "simplegmaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Deletion MEDIUM" "svs-pricing-tables No.known.fix Cross-Site.Request.Forgery.to.Pricing.Table.Edit/Creation MEDIUM" "screenshot-machine-shortcode 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "saaspricing No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slicknav-mobile-menu 1.9.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "seo-optimized-images 2.1.4 Injected.Backdoor CRITICAL" "seo-optimized-images 2.1 Reflected.Cross-Site.Scripting MEDIUM" "sirv 7.3.1 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Option.Deletion HIGH" "sirv 7.3.0 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "sirv 7.2.8 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "sirv 7.2.8 Authenticated(Subscriber+).Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "sirv 7.2.7 Authenticated.(Contributor+).Arbitrary.File.Upload CRITICAL" "sirv 7.2.3 Missing.Authorization.to.Arbitrary.Options.Update CRITICAL" "sirv 7.2.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "sirv 7.2.1 Missing.Authorization MEDIUM" "sirv 7.1.3 Missing.Authorization.via.sirv_disconnect MEDIUM" "sirv 6.8.1 Admin+.Stored.XSS LOW" "sirv 1.3.2 Authenticated.SQL.Injection HIGH" "secondary-title 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "svgplus No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "smdp-affiliate-platform No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sendit No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "spiderpowa-embed-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-custom-author-profiles No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "sociable No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "salient-core 2.0.8 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "salient-core 2.0.3 Reflected.Cross-Site.Scripting MEDIUM" "salient-core 2.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "st-daily-tip No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "sb-elementor-contact-form-db 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "sb-elementor-contact-form-db 1.6 Unauthenticated.&.Unauthorised.Form.Submissions.Export HIGH" "sb-elementor-contact-form-db 1.6 Plugin.Settings.Cross-Site.Request.Forgery MEDIUM" "simple-tour-guide 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "slider-for-writers No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "skt-nurcaptcha 3.6.0 Cross-Site.Request.Forgery..to.Stored.Cross-Site.Scripting MEDIUM" "simple-alert-boxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Alert.Shortcode MEDIUM" "surecart 2.29.4 Reflected.Cross-Site.Scripting MEDIUM" "surecart 2.5.1 Admin+.Stored.XSS LOW" "seos-contact-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slickquiz No.known.fix Unauthenticated.Stored.XSS MEDIUM" "slickquiz No.known.fix Authenticated.SQL.Injection HIGH" "super-transactional-emails-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "super-transactional-emails-for-woocommerce 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-basic-contact-form 20250114 Admin+.Stored.XSS LOW" "simple-basic-contact-form 20240511 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-basic-contact-form 20240502 Reflected.Cross-Site.Scripting MEDIUM" "simple-basic-contact-form 20221201 Admin+.Stored.XSS LOW" "surveys No.known.fix Authenticated.SQL.Injection CRITICAL" "sv-gravity-forms-enhancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sv-gravity-forms-enhancer 1.8.00 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shapepress-dsgvo 3.1.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shapepress-dsgvo 3.1.24 Unauthenticated.Arbitrary.Post.Deletion HIGH" "shapepress-dsgvo 3.1.24 Unauthenticated.Plugin's.Settings.Update.to.Stored.Cross-Site.Scripting HIGH" "shapepress-dsgvo 2.2.19 Authenticated.Reflected.XSS MEDIUM" "simple-sortsearch No.known.fix Ccontributor+.Stored.XSS MEDIUM" "slope-widgets 4.2.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shopready-elementor-addon No.known.fix Contributor+.Local.File.Inclusion MEDIUM" "simple-user-profile No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sumo-divi-modules No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sumo-divi-modules 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "selar-co-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "subscriber 1.3.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "special-feed-items No.known.fix Stored.XSS.via.CSRF HIGH" "secure-ip-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "secure-ip-logins No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-networks-auto-poster-facebook-twitter-g No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.4 Subscriber+.Sensitive.Information.Exposure MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.4.3 Reflected.Cross-Site.Scripting.via.code MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.26 Reflected.Cross-Site.Scripting MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.24 Unauthenticated.Stored.XSS HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.25 Arbitrary.Post.Deletion.via.CSRF MEDIUM" "social-networks-auto-poster-facebook-twitter-g 4.3.21 Reflected.Cross-Site.Scripting HIGH" "social-networks-auto-poster-facebook-twitter-g 4.3.18 Insufficient.Privilege.Validation HIGH" "social-networks-auto-poster-facebook-twitter-g 4.2.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "social-networks-auto-poster-facebook-twitter-g 3.4.18 CSRF.to.Stored.XSS MEDIUM" "so-widgets-bundle 1.64.1 Missing.Authorization LOW" "so-widgets-bundle 1.62.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Image.Grid.widget MEDIUM" "so-widgets-bundle 1.62.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.SiteOrigin.Blog.Widget MEDIUM" "so-widgets-bundle 1.61.0 Contributor+.Stored.XSS.via.siteorigin_widget.Shortcode MEDIUM" "so-widgets-bundle 1.58.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "so-widgets-bundle 1.58.2 Contributor+.Stored.XSS MEDIUM" "so-widgets-bundle 1.51.0 Admin+.Local.File.Inclusion MEDIUM" "simplebooklet 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-presenter 1.5.2 Reflected.Cross-Site.Scripting MEDIUM" "simple-social-share No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sticky-buttons 4.1.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "sticky-buttons 3.2.4 Button.Deletion.via.CSRF MEDIUM" "sticky-buttons 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sticky-buttons 3.1.1 Reflected.XSS MEDIUM" "share-this-image 2.02 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 2.04 Open.Redirect.via.link.Parameter HIGH" "share-this-image 2.03 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.STI.Buttons.Shortcode MEDIUM" "share-this-image 2.02 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.alignment.Parameter MEDIUM" "share-this-image 1.99 Open.Redirect MEDIUM" "share-this-image 1.81 Reflected.Cross-Site.Scripting MEDIUM" "share-this-image 1.67 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "share-this-image 1.20 Stored.XSS MEDIUM" "shortcoder 6.3.1 Subscriber+.Unauthorised.AJAX.Call MEDIUM" "sweepwidget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-cod-fee-for-woocommerce No.known.fix Missing.Authorization MEDIUM" "stop-spammer-registrations-plugin 2024.5 Cross-Site.Request.Forgery.(CSRF).via.sfs_process MEDIUM" "stop-spammer-registrations-plugin 2023 Admin+.Stored.XSS LOW" "stop-spammer-registrations-plugin 2023 Reflected.XSS HIGH" "stop-spammer-registrations-plugin 2022.6 Unauthenticated.PHP.Object.Injection MEDIUM" "stop-spammer-registrations-plugin 2021.18 Authenticated.Stored.XSS LOW" "stop-spammer-registrations-plugin 2021.9 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sastra-essential-addons-for-elementor 1.0.15 Missing.Authorization.to.Spexo.Theme.Install MEDIUM" "sastra-essential-addons-for-elementor 1.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-testimonial 4.0.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "super-testimonial 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-testimonial 3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "super-testimonial 2.7 Admin+.Stored.Cross-Site.Scripting LOW" "slicewp 1.1.24 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.19 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.21 Reflected.Cross-Site.Scripting MEDIUM" "slicewp 1.1.11 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slicewp 1.0.46 Reflected.Cross-Site.Scripting.(XSS) HIGH" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-popup-blaster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "social-sharing-toolkit No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "seo-backlinks No.known.fix CSRF.to.Stored.XSS HIGH" "slider-responsive-slideshow 1.4.2 Missing.Authorization MEDIUM" "slider-responsive-slideshow 1.4.0 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "semalt No.known.fix Admin+.Stored.XSS LOW" "shockingly-big-ie6-warning No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "soundcloud-is-gold 2.3.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "sign-in-with-google No.known.fix Authentication.Bypass.in.authenticate_user CRITICAL" "simple-certain-time-to-show-content 1.3.1 Reflected.XSS HIGH" "smart-wishlist-for-more-convert 1.8.8 Unauthenticated.Wishlist.Disclosure.via.download_pdf_file.Function HIGH" "smart-wishlist-for-more-convert 1.7.9 Missing.Authorization MEDIUM" "smart-wishlist-for-more-convert 1.7.3 Missing.Authorization MEDIUM" "storefront-footer-text No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "simple-ldap-login 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-payment 2.3.8 Reflected.Cross-Site.Scripting MEDIUM" "svg-block 1.1.25 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "svg-block 1.1.20 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "scrollsequence 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scrollsequence 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "scrollsequence 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sendsms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-events-calendar No.known.fix Authenticated.(admin+).SQL.Injection MEDIUM" "socialmark 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "socialmark 2.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sportspress 2.7.22 Admin+.Stored.XSS LOW" "sportspress 2.7.21 Missing.Authorization.to.Notice.Dismissal LOW" "sportspress 2.7.18 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "sportspress 2.7.9 Reflected.Cross-Site.Scripting HIGH" "sportspress 2.7.2 Authenticated.Stored.Cross-Site.Scripting HIGH" "smallerik-file-browser No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "seraphinite-accelerator-ext 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator-ext 2.21.13.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion MEDIUM" "strx-magic-floating-sidebar-maker No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sully 4.3.1 Reflected.XSS HIGH" "sully 4.3.1 Plugin.Reset.via.CSRF MEDIUM" "sully 4.3.1 Admin+.Stored.XSS LOW" "sully 4.3.1 Admin+.Stored.XSS.via.CSRF HIGH" "simple-pricing-tables-vc-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "show-notice-or-message-on-admin-area No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "shopping-pages No.known.fix Stored.XSS.via.CSRF HIGH" "sticky-chat-widget 1.1.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shortcode-bootstrap-visuals No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "subway No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "smart-maintenance-countdown No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-pixel No.known.fix Admin+.Stored.XSS LOW" "shiftnav-responsive-mobile-menu 1.7.2 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "sticky-related-posts No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "share-on-diaspora 0.7.2 XSS MEDIUM" "social-media-engine No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-grid-gallery 1.1.5 Vimeo.and.YouTube.Gallery.<.1.1.5.-.Admin+.Stored.Cross-Site.Scripting LOW" "simplified-content 1.0.1 XSS MEDIUM" "social-tape No.known.fix CSRF.to.Stored.XSS HIGH" "social-warfare No.known.fix Contributor+.Stored.XSS MEDIUM" "social-warfare 4.4.7.3 Injected.Backdoor CRITICAL" "social-warfare 4.4.6 Cross-Site.Request.Forgery MEDIUM" "social-warfare 4.4.6.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.4.4 Social.Warfare.<.4.4.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-warfare 4.3.1 Subscriber+.Post.Meta.Deletion MEDIUM" "social-warfare 4.4.0 Post.Meta.Deletion.via.CSRF MEDIUM" "social-warfare 3.5.3 Unauthenticated.Remote.Code.Execution.(RCE) MEDIUM" "swipehq-payment-gateway-woocommerce No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "sh-slideshow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "site-favicon 0.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-tracking-manager 1.8.02 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sparrow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sparrow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "squeeze 1.4.1 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "smooth-gallery-replacement No.known.fix CSRF.to.Stored.XSS HIGH" "social-autho-bio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "slideonline No.known.fix Contributor+.Stored.XSS MEDIUM" "suevafree-essential-kit 1.1.4 Contributor+.Stored.XSS MEDIUM" "solidres No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "solidres No.known.fix Reflected.XSS HIGH" "solidres No.known.fix Multiple.Reflected.XSS HIGH" "solidres No.known.fix Admin+.Stored.XSS LOW" "salavat-counter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-metrics No.known.fix Admin+.Stored.XSS LOW" "simple-banner 3.0.4 Admin+.Stored.XSS LOW" "simple-banner 2.12.0 Admin+.Stored.Cross.Site.Scripting LOW" "simple-banner 2.12.0 Admin+.Stored.Cross-Site.Scripting LOW" "simple-banner 2.10.4 Admin+.Stored.XSS MEDIUM" "static-html-output-plugin 6.0 Reflected.Cross-Site.Scripting MEDIUM" "smartsupp-live-chat 3.7 Cross-Site.Request.Forgery MEDIUM" "s-dev-seo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scriptless-social-sharing 3.2.2 Contributor+.Stored.XSS MEDIUM" "simple-baseball-scoreboard No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slivery-extender No.known.fix Authenticated(Contributor+).Remote.Code.Execution.via.shortcode HIGH" "simple-comment-editing 3.1.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "simple-shortcode-buttons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "star-cloudprnt-for-woocommerce 2.0.4 Reflected.XSS HIGH" "star-cloudprnt-for-woocommerce No.known.fix Reflected.XSS HIGH" "security-antivirus-firewall No.known.fix IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "simple-301-redirects-addon-bulk-uploader 1.2.5 Multiple.Issues MEDIUM" "salt-shaker 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "simply-static 3.1.4 Unauthenticated.Information.Exposure MEDIUM" "simply-static 3.1.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "similarity No.known.fix Stored.XSS.via.CSRF HIGH" "similarity No.known.fix Plugin.Reset.via.CSRF MEDIUM" "sermon-browser No.known.fix Arbitrary.File.Upload.via.CSRF MEDIUM" "sermon-browser 0.45.16 Multiple.XSS MEDIUM" "sms-ovh No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-feature-requests 2.2.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-feature-requests 2.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simpleschema-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smart-seo-tool 3.0.6 Reflected.Cross-Site.Scripting MEDIUM" "sticky-menu-block 1.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-dashboard-by-gutewebsites-de No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "social-media-builder No.known.fix Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "simple-portfolio-gallery No.known.fix Admin+.Stored.XSS MEDIUM" "shipengine-shipping-quotes 1.0.8 Unauthenticated.SQL.Injection HIGH" "search-analytics 1.4.11 Reflected.Cross-Site.Scripting MEDIUM" "search-analytics 1.4.10 Missing.Authorization MEDIUM" "search-analytics 1.4.8 Reflected.XSS HIGH" "search-analytics 1.4.6 Admin+.Stored.XSS LOW" "svg-complete No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "super-video-player 1.6.13 Reflected.Cross-Site.Scripting MEDIUM" "super-video-player 1.6.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-image-sizes 3.2.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-spoiler 1.4 1.3.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simple-spoiler 1.3 Admin+.Stored.XSS LOW" "smtp-amazon-ses 1.8 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "speakout 4.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "speakout 2.14.15.1 Unauthenticated.SQLi HIGH" "speakout 2.13.3 Reflected.Cross-Site.Scripting HIGH" "save-as-image-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-image-by-pdfcrowd 3.2.2 Admin+.Stored.XSS LOW" "save-as-image-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "stetic 1.0.9 CSRF.to.Stored.Cross-Site.Scripting HIGH" "seo-site-auditor-agency 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "seo-site-auditor-agency 1.2.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "single-post-exporter No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "simplemortgage No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "show-hidecollapse-expand 1.3.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "show-hidecollapse-expand No.known.fix Subscriber+.Settings.Update MEDIUM" "slider-blocks 2.7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "site-audit No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "send-to-twitter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "salert 1.2.2 Subscriber+.Missing.Authorization MEDIUM" "salert 1.2.2 Reflected.XSS HIGH" "sort-searchresult-by-title 11.0 CSRF MEDIUM" "sku-for-woocommerce 1.6.3 Reflected.Cross-Site.Scripting MEDIUM" "snazzy-maps 1.1.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "stop-registration-spam 1.24 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "smtp-sendgrid 1.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "sloth-logo-customizer No.known.fix Stored.XSS.via.CSRF HIGH" "secure-copy-content-protection 4.4.8 Missing.Authorization.to.Unauthenticated.User.Email.Retrieval.via.ays_sccp_reports_user_search.Function MEDIUM" "secure-copy-content-protection 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.1.7 Admin+.Stored.XSS LOW" "secure-copy-content-protection 4.0.9 Admin+.Stored.XSS LOW" "secure-copy-content-protection 3.9.1 Missing.Authorization MEDIUM" "secure-copy-content-protection 3.7.2 Missing.Authorization MEDIUM" "secure-copy-content-protection 2.8.2 Unauthenticated.SQL.Injection HIGH" "secure-copy-content-protection 2.6.7 Authenticated.Blind.SQL.Injections HIGH" "shortcode-collection No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "suremembers 1.10.7 Sensitive.Information.Exposure MEDIUM" "simple-org-chart No.known.fix Unauthenticated.Tree.Settings.Update MEDIUM" "simple-org-chart No.known.fix Settings.Update.via.CSRF MEDIUM" "sunshine-photo-cart 3.2.11 Open.Redirect MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.9 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.10 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.2.2 Missing.Authorization MEDIUM" "sunshine-photo-cart 3.1.2 Unauthenticated.PHP.Object.Injection CRITICAL" "sunshine-photo-cart 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "sunshine-photo-cart 3.1 Unauthenticated.Sensitive.Information.Exposure.via.Invoice MEDIUM" "sunshine-photo-cart 3.0 Insecure.Direct.Object.Reference.to.Order.Manipulation MEDIUM" "sunshine-photo-cart 2.9.15 Reflected.XSS HIGH" "sunshine-photo-cart 2.9.14 Image.Location.Update.via.CSRF MEDIUM" "sunshine-photo-cart 2.8.29 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "swoop-password-free-authentication No.known.fix Authentication.Bypass CRITICAL" "svt-simple No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "show-google-analytics-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stripe-manager No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "scroll-top-advanced No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "simple-slug-translate 2.7.3 Admin+.Stored.XSS LOW" "shopwarden 1.0.12 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "slp-extended-data-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-extended-data-manager 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-pdf-viewer No.known.fix Contributor+.XSS MEDIUM" "show-me-the-cookies No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "seo-beginner-auto-post No.known.fix Missing.Authorization.to.File.Overwrite/Upload.(Remote.Code.Execution) CRITICAL" "service No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "simple-woocommerce-csv-loader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smartemailing 2.2.6 Reflected.Cross-Site.Scripting MEDIUM" "smarty-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "smarty-for-wordpress No.known.fix Settings.Update.via.CSRF MEDIUM" "spicebox 2.2 Reflected.Cross-Site.Scripting MEDIUM" "sovratec-case-management No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "stafflist 3.2.4 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.7 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.6 Reflected.Cross-Site.Scripting MEDIUM" "stafflist 3.1.5 Admin+.SQLi MEDIUM" "stafflist 3.1.6 Arbitrary.Staff.Deletion.via.CSRF MEDIUM" "snap-pixel No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "snap-pixel No.known.fix Admin+.Stored.XSS LOW" "simple-ajax-chat 20240412 Admin+.Stored.XSS LOW" "simple-ajax-chat 20240223 .Unauthenticated.Stored.Cross-Site.Scripting HIGH" "simple-ajax-chat 20240216 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "simple-ajax-chat 20240223 Unauthenticated.Stored.XSS HIGH" "simple-ajax-chat 20220216 Sensitive.Information.Disclosure MEDIUM" "simple-ajax-chat 20220216 Log.Clearing.&.Arbitrary.Chat.Message.Deletion.via.CSRF MEDIUM" "simple-ajax-chat 20220216 Unauthenticated.Stored.XSS MEDIUM" "search-and-replace 3.2.3 Unauthenticated.PHP.Object.Injection MEDIUM" "search-and-replace 3.2.2 Admin+.SQL.injection MEDIUM" "search-and-replace 3.2.2 Administrator+.SQL.injection LOW" "smooth-streaming-player No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-travel-map No.known.fix Cross-Site.Request.Forgery MEDIUM" "seo-by-rank-math-pro 3.0.36 Unauthenticated.Reflected.XSS MEDIUM" "sitepress-multilingual-cms 4.6.13 Contributor+.RCE.via.Twig.Server-Side.Template.Injection CRITICAL" "sitepress-multilingual-cms 4.6.1 Reflected.Cross-Site.Scripting HIGH" "sitepress-multilingual-cms 4.5.14 CSRF MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Translation.Job.Status.Update MEDIUM" "sitepress-multilingual-cms 4.5.11 Subscriber+.Settings.Update MEDIUM" "sitepress-multilingual-cms 4.3.7 Authenticated.Cross.Site.Request.Forgery.leading.to.Remote.Code.Execution HIGH" "sitepress-multilingual-cms 4.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "sitepress-multilingual-cms 3.2.7 Cross-Site.Scripting.(XSS).in.Accept-Language.Header MEDIUM" "sales-page-addon No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "sales-page-addon 1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting HIGH" "simple-behace-portfolio No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "seo-for-woocommerce 1.6.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "simple-nav-archives No.known.fix Settings.Update.via.CSRF MEDIUM" "server-status-by-hostnameip No.known.fix Authenticated.SQL.Injection HIGH" "staggs 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "staggs 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "simple-post-gallery No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "smart-manager-for-wp-e-commerce 8.53.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "smart-manager-for-wp-e-commerce 8.46.0 Missing.Authorization MEDIUM" "smart-manager-for-wp-e-commerce 8.28.0 Admin+.SQL.Injection MEDIUM" "simple-link-directory 8.4.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "simple-link-directory 7.7.2 Unauthenticated.SQL.injection HIGH" "simple-link-directory 7.3.5 Cross-Site.Scripting.(XSS) MEDIUM" "surbma-gdpr-proof-google-analytics 17.8.2 Reflected.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.6.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "surbma-gdpr-proof-google-analytics 17.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sellsy 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shop-as-a-customer-for-woocommerce 1.1.8 Subscriber+.Privilege.Escalation CRITICAL" "shop-as-a-customer-for-woocommerce 1.2.4 Shop.Manager+.Privilege.Escalation CRITICAL" "seo-by-10web No.known.fix Reflected.XSS HIGH" "seo-by-10web 1.2.7 Admin+.Stored.XSS LOW" "statpresscn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "supra-csv-parser No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "share-one-drive 1.15.3 Reflected.Cross-Site.Scripting MEDIUM" "skt-skill-bar 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-notification No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-notification No.known.fix Missing.Authorization MEDIUM" "smart-cookie-kit 2.3.2 Contributor+.Stored.XSS MEDIUM" "sensei-lms 4.24.4 Unauthenticated.sensei_email/sensei_message.Disclosure MEDIUM" "sensei-lms 4.24.2 Unauthenticated.Email.Template.Leak MEDIUM" "sensei-lms 4.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "sensei-lms 4.18.0 Contributor+.Stored.XSS MEDIUM" "sensei-lms 4.20.0 Teacher+.Users.Email.Address.Disclosure MEDIUM" "sensei-lms 4.5.0 Unauthenticated.Private.Messages.Disclosure.via.Rest.API MEDIUM" "sensei-lms 4.5.2 Arbitrary.Private.Message.Sending.via.IDOR LOW" "subscribers-text-counter 1.7.1 Settings.Update.via.CSRF.to.Stored.XSS HIGH" "spotlight-social-photo-feeds 1.7.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "spotlight-social-photo-feeds 1.6.11 Cross-Site.Request.Forgery MEDIUM" "spotlight-social-photo-feeds 1.6.1 Reflected.Cross-Site.Scripting MEDIUM" "spotlight-social-photo-feeds 1.4.3 Contributor+.Stored.XSS MEDIUM" "spotlight-social-photo-feeds 0.10.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seo-wizard No.known.fix Unauthorised.robots.txt.&..htaccess.Edit.via.CSRF HIGH" "seo-wizard No.known.fix Unauthorised.AJAX.Calls HIGH" "sogrid 1.5.7 Unauthenticated.Local.File.Inclusion CRITICAL" "sogrid 1.5.5 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "sogrid 1.5.7 Authenticated.(Admin+).Local.File.Inclusion HIGH" "shiftcontroller 4.9.67 Reflected.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.65 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shiftcontroller 4.9.58 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "shiftcontroller 4.9.24 CSRF MEDIUM" "shiftcontroller 4.9.26 Reflected.Cross-Site.Scripting MEDIUM" "searchpro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "searchpro 1.7.7 Unauthenticated.Arbitrary.File.Uplaod CRITICAL" "searchpro 1.7.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "shortcodes-anywhere No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "sheets-to-wp-table-live-sync 3.7.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "site-editor No.known.fix Local.File.Inclusion.(LFI) HIGH" "salesforce-wordpress-to-candidate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.8 Stored.XSS.via.CSRF HIGH" "smart-agenda-prise-de-rendez-vous-en-ligne 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "skt-blocks 1.7 Contributor+.Stored.XSS MEDIUM" "script-planner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "script-planner No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-fields No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "simple-fields 1.4.11 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "search-exclude 1.2.7 Author+.Stored.Cross-Site.Scripting MEDIUM" "search-exclude 1.2.4 Arbitrary.Settings.Change HIGH" "show-visitor-ip-address No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "srbtranslatin 2.4.1 Cross-Site.Scripting.From.Third-party.Library HIGH" "srbtranslatin 1.47 Stored.XSS.&.CSRF HIGH" "shopconstruct No.known.fix Admin+.Stored.XSS LOW" "smartarget-contact-us No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "startklar-elmentor-forms-extwidgets No.known.fix Unauthenticated.Path.Traversal.to.Arbitrary.Directory.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "startklar-elmentor-forms-extwidgets 1.7.14 Unauthenticated.Arbitrary.File.Upload CRITICAL" "svegliat-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scancircle 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "salat-times 3.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "smsa-shipping-official 2.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "seo-redirection 9.1 Multiple.CSRF MEDIUM" "seo-redirection 9.1 404.Error.&.History.Deletion.via.CSRF MEDIUM" "seo-redirection 8.2 Subscriber+.SQL.Injection HIGH" "seo-redirection 7.9 Arbitrary.Redirect.Deletion.via.CSRF MEDIUM" "seo-redirection 7.4 Reflected.Cross-Site.Scripting HIGH" "seo-redirection 7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "seo-redirection 6.4 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "seo-redirection 4.3 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "seo-redirection 2.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "simple-headline-rotator No.known.fix Stored.XSS.via.CSRF HIGH" "simple-custom-admin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "syndication-links 1.0.2.1 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "seo-by-rank-math 1.0.236 Contributor+.Arbitrary.Schema.Deletion LOW" "seo-by-rank-math 1.0.236 Contributor+.Stored.XSS.via.Rank.Math.API MEDIUM" "seo-by-rank-math 1.0.232 Admin+.Remote.Code.Execution MEDIUM" "seo-by-rank-math 1.0.229 Admin+.PHP.Object.Injection MEDIUM" "seo-by-rank-math 1.0.229 Unauthenticated.User.and.Term.Metadata.Insert/Update/Deletion MEDIUM" "seo-by-rank-math 1.0.219 Authenticated.Stored.XSS LOW" "seo-by-rank-math 1.0.219-beta Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.218 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seo-by-rank-math 1.0.217 Contributor+.Stored.Cross-Site.Scripting.via.'titleWrapper' MEDIUM" "seo-by-rank-math 1.0.215 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.119.1 Contributor+.Stored.XSS MEDIUM" "seo-by-rank-math 1.0.107.3 Contributor+.LFI MEDIUM" "seo-by-rank-math 1.0.95.1 Unauthenticated.SSRF MEDIUM" "seo-by-rank-math 1.0.42.2 Authenticated.Missing.Access.Controls.to.Disable.Competitor.Plugins MEDIUM" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Privilege.Escalation.via.Unprotected.REST.API.Endpoint CRITICAL" "seo-by-rank-math 1.0.41 Rank.Math.<.1.0.41.-.Redirect.Creation.via.Unprotected.REST.API.Endpoint MEDIUM" "seo-by-rank-math 1.0.27.1 Authenticated.Settings.Reset MEDIUM" "subscribe2 10.44 Unauthenticated.Stored.Cross-Site.Scripting.via.IP.Parameter HIGH" "subscribe2 10.41 Sending.Emails.via.CSRF MEDIUM" "subscribe2 10.41 Missing.Access.Controls MEDIUM" "subscribe2 10.38 User.Deletion.via.CSRF HIGH" "subscribe2 10.16 XSS MEDIUM" "sitemap-by-click5 1.0.36 Unauthenticated.Arbitrary.Options.Update CRITICAL" "search-meter 2.13.3 CSV.Injection MEDIUM" "simple-social-buttons 5.1.1 Unauthenticated.Password.Protected.Post.Access MEDIUM" "simple-social-buttons 3.2.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.3 Contributor+.Stored.XSS MEDIUM" "simple-social-buttons 3.2.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "simple-social-buttons 3.2.0 Reflected.Cross-Site.Scripting CRITICAL" "simple-social-buttons 2.0.22 Authenticated.Option.Injection HIGH" "send-booking-invites-to-friends No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "small-package-quotes-wwe-edition 5.2.19 Unauthenticated.SQL.Injection HIGH" "small-package-quotes-wwe-edition 5.2.18 Unauthenticated.SQL.Injection HIGH" "stopbadbots 10.24 Missing.Authorization.to.Information.Expsoure MEDIUM" "stopbadbots 7.32 Admin+.Stored.XSS LOW" "stopbadbots 7.24 Subscriber+.Arbitrary.Plugin.Installation HIGH" "stopbadbots 6.930 Unauthenticated.SQLi HIGH" "stopbadbots 6.88 Unauthenticated.SQLi HIGH" "stopbadbots 6.67 Unauthenticated.SQL.Injection CRITICAL" "stopbadbots 6.62 Reflected.Cross-Site.Scripting HIGH" "stopbadbots 6.60 Authenticated.SQL.Injections MEDIUM" "service-updates-for-customers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slide No.known.fix Missing.Authorization.to.Content.Injection MEDIUM" "slide No.known.fix Missing.Authorization MEDIUM" "slide No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simplemap No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "salient-shortcodes 1.5.4 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "social-rocket No.known.fix Missing.Authorization.to.Settings.Update MEDIUM" "social-rocket No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "social-rocket 1.3.4 Reflected.Cross-Site.Scripting MEDIUM" "social-rocket 1.3.3 Admin+.Stored.Cross-Site.Scripting LOW" "social-rocket 1.2.10 Cross-Site.Request.Forgery.in.Settings MEDIUM" "schedule No.known.fix Reflected.XSS HIGH" "stackable-ultimate-gutenberg-blocks 3.13.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.7 Unauthenticated.CSS.Injection MEDIUM" "stackable-ultimate-gutenberg-blocks 3.13.2 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.12.12 Contributor+.Stored.XSS.via.Posts.Block MEDIUM" "stackable-ultimate-gutenberg-blocks 3.9.1 Reflected.Cross-Site.Scripting MEDIUM" "stackable-ultimate-gutenberg-blocks 3.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "svg-shortcode No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.Upload MEDIUM" "scroll-top 1.4.1 Admin+.Stored.Cross-Site.Scripting LOW" "splash-header 1.20.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "seur 2.2.12 Reflected.Cross-Site.Scripting MEDIUM" "seur 2.2.11 Unauthenticated.SQL.Injection HIGH" "seur 1.7.2 Admin+.Arbitrary.File.Download MEDIUM" "seur 1.7.0 Admin+.Stored.Cross-Site.Scripting MEDIUM" "saksh-escrow-system No.known.fix Authenticated.(Subscriber+).SQL.Injection HIGH" "shalom-world-media-gallery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "social-share-boost No.known.fix Plugin.Settings.Update.via.CSRF MEDIUM" "social-share-boost 4.5 Admin+.Stored.XSS LOW" "social-share-boost 4.5 Contributor+.Stored.XSS MEDIUM" "spider-contacts No.known.fix Reflected.XSS HIGH" "smart-phone-field-for-gravity-forms 2.1 Reflected.Cross-Site.Scripting MEDIUM" "sola-support-tickets 3.13 XSS.&.Configuration.Change MEDIUM" "sexy-author-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sexy-author-bio No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "sexbundle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "svg-vector-icon-plugin No.known.fix Admin+.Remote.Code.Execution.(RCE) MEDIUM" "svg-vector-icon-plugin 3.2.3 Cross-Site.Request.Forgery.(CSRF).leading.to.RCE HIGH" "stylish-google-sheet-reader 4.1 Reflected.XSS HIGH" "stylish-google-sheet-reader 4.1 Reflected.Cross-Site.Scripting HIGH" "scroll-styler No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sv-forms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sv-forms 2.0.2 Reflected.Cross-Site.Scripting MEDIUM" "sv-forms 1.8.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-auto-poster 5.3.16 Cross-Site.Request.Forgery MEDIUM" "social-auto-poster 5.3.16 Reflected.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.via.Multiple.Functions HIGH" "social-auto-poster 5.3.15 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "social-auto-poster 5.3.15 Cross-Site.Request.Forgery.via.Multiple.Functions MEDIUM" "social-auto-poster 5.3.15 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "social-auto-poster 5.3.15 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "social-auto-poster 5.3.15 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.via.wpw_auto_poster_update_tweet_template MEDIUM" "ssv-mailchimp No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "scrollup No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodehub 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "store-locator-le No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "store-locator-le 5.9 Unauthenticated.Stored.XSS HIGH" "store-locator-le 5.9 Authenticated.Privilege.Escalation CRITICAL" "site-reviews 7.2.5 Unauthenticated.Stored.XSS HIGH" "site-reviews 7.0.0 IP.Spoofing MEDIUM" "site-reviews 6.11.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "site-reviews 6.11.7 Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.display.name MEDIUM" "site-reviews 6.10.3 Missing.Authorization MEDIUM" "site-reviews 6.7.1 Admin+.Stored.XSS LOW" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.6.0 Contributor+.Stored.XSS MEDIUM" "site-reviews 6.4.0 Unauthenticated.CSV.Injection MEDIUM" "site-reviews 5.17.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "site-reviews 5.13.1 Admin+.Stored.XSS LOW" "site-reviews 2.15.3 Cross-Site.Scripting.(XSS) MEDIUM" "shortcode-variables 4.1.7 Authenticated.(Subscriber+).Shortcode.Deletion MEDIUM" "shortcode-variables 4.1.5 Cross-Site.Request.Forgery MEDIUM" "simple-google-maps-short-code 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sticky-header-oceanwp No.known.fix CSRF MEDIUM" "securesubmit No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "securesubmit No.known.fix Missing.Authorization MEDIUM" "simpel-reserveren No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "slick-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "spice-blocks 1.3 Reflected.Cross-Site.Scripting MEDIUM" "squirrly-seo 12.4.06 Authenticated.(Subscriber+).SQL.Injection.via.search.Parameter MEDIUM" "squirrly-seo No.known.fix Missing.Authorization MEDIUM" "squirrly-seo 12.3.21 Editor+.Stored.XSS LOW" "squirrly-seo 12.3.20 Contributor+.SQL.Injection.via.url.Parameter MEDIUM" "squirrly-seo 12.3.17 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.3.16 Admin+.Stored.XSS LOW" "squirrly-seo 12.1.21 Reflected.Cross-Site.Scripting HIGH" "squirrly-seo 12.1.21 Missing.Authorization MEDIUM" "squirrly-seo 12.1.11 Contributor+.Arbitrary.File.Upload CRITICAL" "squirrly-seo 11.1.12 Reflected.Cross-Site.Scripting MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Directory.Traversal MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Subscriber+).Arbitrary.Folder.Name.Update MEDIUM" "sp-client-document-manager No.known.fix Missing.Authorization MEDIUM" "sp-client-document-manager No.known.fix Data.Update.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Subscriber+.File.Download.via.IDOR MEDIUM" "sp-client-document-manager No.known.fix Authenticated.(Author+).SQL.Injeciton CRITICAL" "sp-client-document-manager No.known.fix Missing.Authorization.Stored.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.70 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "sp-client-document-manager 4.68 Admin+.Stored.XSS LOW" "sp-client-document-manager 4.68 Subscriber+.SQLi HIGH" "sp-client-document-manager 4.68 Subscriber+.Insecure.Direct.Object.References HIGH" "sp-client-document-manager 4.62 Reflected.Cross-Site.Scripting MEDIUM" "sp-client-document-manager 4.58 Sensitive.File.Disclosure MEDIUM" "sp-client-document-manager 4.26 Reflected.Cross-Site.Scripting HIGH" "sp-client-document-manager 4.24 Subscriber+.Shell.Upload HIGH" "sp-client-document-manager 4.22 Authenticated.Shell.Upload MEDIUM" "seedprod-coming-soon-pro-5 6.18.14 Authenticated.(Editor+).Remote.Code.Execution HIGH" "seedprod-coming-soon-pro-5 6.18.13 Authenticated.(Editor+).SQL.Injection MEDIUM" "seedprod-coming-soon-pro-5 6.18.13 Authenticated.(Administrator+).SQL.Injection MEDIUM" "slideshow-se 2.5.18 Authenticated.(Author+).Limited.Local.File.Inclusion HIGH" "slideshow-se No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "slideshow-se 2.5.6 Author+.Stored.XSS MEDIUM" "slideshow-se 2.5.6 Subscriber+.Stored.XSS HIGH" "slick-engagement 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.slick-grid.Shortcode MEDIUM" "side-menu 3.1.5 Authenticated.(admin+).SQL.Injection HIGH" "shortcodes-ultimate 7.3.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.3.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox.Shortcode MEDIUM" "shortcodes-ultimate 7.1.6 Contributor+.Stored.XSS.via.su_members.Shortcode MEDIUM" "shortcodes-ultimate 7.1.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.su_lightbox MEDIUM" "shortcodes-ultimate 7.1.0 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.5 Contributor+.Stored.Cross-Site.Scripting.via.'note_color'.Shortcode MEDIUM" "shortcodes-ultimate 7.0.4 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.3 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 7.0.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "shortcodes-ultimate 7.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 7.0.0 Insecure.Direct.Object.Reference.to.Information.Disclosure MEDIUM" "shortcodes-ultimate 5.13.1 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.User.Meta.Disclosure MEDIUM" "shortcodes-ultimate 5.12.8 Subscriber+.Arbitrary.Post.Access MEDIUM" "shortcodes-ultimate 5.12.7 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.Arbitrary.File.Access MEDIUM" "shortcodes-ultimate 5.12.7 Subscriber+.SSRF MEDIUM" "shortcodes-ultimate 5.12.1 Stored.XSS.via.CSRF MEDIUM" "shortcodes-ultimate 5.12.1 Settings.Preset.Update.via.CSRF MEDIUM" "shortcodes-ultimate 5.10.2 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate 5.0.1 Authenticated.Contributor.Code.Execution CRITICAL" "shortcodes-ultimate 4.10.0 Authenticated.Directory.Traversal MEDIUM" "smtp-mailing-queue 1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mailing-queue 2.0.1 Admin+.Stored.XSS LOW" "subscribe-sidebar No.known.fix Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "simple-select-all-text-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "staging-cdn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slider-wd 1.2.62 Admin+.Stored.XSS.via.Widget LOW" "slider-wd 1.2.62 Contributor+.Stored.XSS MEDIUM" "slider-wd 1.2.59 Admin+.Stored.XSS LOW" "slider-wd 1.2.58 Authenticated.(Contributor+).SQL.Injection.via.id.Parameter HIGH" "slider-wd 1.2.57 Editor+.Stored.XSS LOW" "slider-wd 1.2.56 Editor+.Stored.XSS LOW" "slider-wd 1.2.55 Reflected.Cross-Site.Scripting MEDIUM" "slider-wd 1.2.53 Admin+.Stored.XSS LOW" "slider-wd 1.2.52 Admin+.Stored.Cross-Site.Scripting LOW" "slider-wd 1.2.36 Multiple.Authenticated.SQL.Injection HIGH" "slider-video 1.4.8 Slider.Carousel.<.1.4.8.-.Admin+.Stored.Cross-Site.Scripting LOW" "social-network-tabs No.known.fix Social.Media.API.Key.Leakage CRITICAL" "schedule-posts-calendar 5.3 CSRF MEDIUM" "schedule-posts-calendar 5.3 Admin+.Stored.XSS LOW" "spotim-comments 4.0.4 Multiple.Vulnerabilities MEDIUM" "smart-youtube No.known.fix Cross-Site.Request.Forgery MEDIUM" "superfly-menu 5.0.30 Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "superfly-menu No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "sp-news-and-widget 4.0.1 Reflected.Cross-Site.Scripting MEDIUM" "slider-image 2.8.7 Authenticated.Blind.SQL.Injection HIGH" "seo-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Meta MEDIUM" "shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simple-author-box 2.52 Contributor+.Arbitrary.User.Information.Disclosure.via.IDOR LOW" "simple-author-box 2.4 Reflected.Cross-Site.Scripting MEDIUM" "surbma-premium-wp 10.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-photoswipe No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "simple-photoswipe No.known.fix Admin+.Stored.XSS LOW" "send-email-only-on-reply-to-my-comment No.known.fix Reflected.XSS HIGH" "send-email-only-on-reply-to-my-comment No.known.fix Stored.XSS.via.CSRF HIGH" "simple-restrict 1.2.8 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "simple-restrict 1.2.7 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "shipyaari-shipping-managment No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "simple-blueprint-installer 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "security-safe 2.5.2 Reflected.Cross-Site.Scripting MEDIUM" "security-safe 2.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sidebar-content-from-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "salon-booking-plugin-pro 7.6.3 Customer+.Bookings/Customers.Data.Disclosure HIGH" "salon-booking-plugin-pro 7.6.3 Unauthenticated.Sensitive.Data.Disclosure MEDIUM" "stream 4.1.0 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "stream 4.0.2 Cross-Site.Request.Forgery.to.Arbitrary.Options.Update HIGH" "stream 3.9.3 Missing.Authorization.via.load_alerts_settings MEDIUM" "stream 3.9.3 CSRF MEDIUM" "stream 3.9.2 Subscriber+.Alert.Creation MEDIUM" "stream 3.8.2 Admin+.SQL.Injection MEDIUM" "simple-video-embedder No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "searchwp-live-ajax-search 1.6.3 Unauthenticated.Local.File.Inclusion MEDIUM" "searchwp-live-ajax-search 1.6.2 Unauthenticated.Arbitrary.Post.Title.Disclosure MEDIUM" "supreme-modules-for-divi 2.5.52 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "supreme-modules-for-divi 2.5.4 Contrib+.DOM-Based.Cross-Site.Scripting MEDIUM" "service-boxs 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seguro-viagem 3.0.0 Stored.XSS.via.CSRF HIGH" "sticky-social-bar No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "securimage-wp No.known.fix Cross-Site.Request.Forgery MEDIUM" "smart-dofollow No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 4.4.1 Unauthenticated.PHP.Object.Injection HIGH" "save-as-pdf-by-pdfcrowd 4.2.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 4.0.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.1 Missing.Authorization MEDIUM" "save-as-pdf-by-pdfcrowd 3.2.0 Admin+.Stored.XSS LOW" "save-as-pdf-by-pdfcrowd 3.2.2 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "save-as-pdf-by-pdfcrowd 2.16.1 Admin+.Stored.XSS LOW" "site-notes No.known.fix Admin.Note.Deletion.via.CSRF MEDIUM" "sticky-chat-button No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "shorten-url No.known.fix Cross-Site.Request.Forgery.via.configuration_page MEDIUM" "shorten-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shorten-url No.known.fix Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "shorten-url No.known.fix CSRF MEDIUM" "shorten-url 1.6.5 Admin+.Cross.Site.Scripting LOW" "shorten-url 1.6.5 Admin+.Stored.Cross-Site.Scripting MEDIUM" "shorten-url 1.6.5 Subscriber+.SQLi HIGH" "simple-responsive-menu No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "solar-wizard-lite 1.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.tab.Shortcode MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.8 Cross-Site.Request.Forgery MEDIUM" "squelch-tabs-and-accordions-shortcodes 0.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.accordions.Shortcode MEDIUM" "soccer-engine-lite 1.13 Cross-Site.Request.Forgery MEDIUM" "s3bubble-amazon-web-services-oembed-media-streaming-support No.known.fix Reflected.XSS HIGH" "shortpixel-critical-css 1.0.3 Missing.Authorization MEDIUM" "simple-google-sitemap No.known.fix Cross-Site.Request.Forgery MEDIUM" "simple-long-form No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shopkeeper-extender 3.7 Contributor+.Stored.XSS MEDIUM" "simple-bitcoin-faucets No.known.fix Unauthorised.AJAX.Call.to.Stored.XSS MEDIUM" "speed-booster-pack 4.3.3.1 Admin+.SQL.Injection MEDIUM" "speed-booster-pack 4.2.0 Authenticated.(admin+).RCE CRITICAL" "spin360 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sema-api 5.30 Reflected.Cross-Site.Scripting.via.catid.Parameter MEDIUM" "sema-api 4.02 Unauthenticated.SQLi HIGH" "syncfields No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "save-grab No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "save-grab No.known.fix Cross-Site.Request.Forgery MEDIUM" "sender 1.2.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "shopengine 4.1.2 CSRF MEDIUM" "shariff 4.6.14 Unauthenticated.Local.File.Inclusion CRITICAL" "shariff 4.6.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shariff 4.6.10 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shariff 4.6.10 Admin+.Stored.XSS LOW" "story-chief 1.0.31 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "story-chief 1.0.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "system-dashboard 2.8.19 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "system-dashboard 2.8.18 Reflected.Cross-Site.Scripting.via.Filename.Parameter MEDIUM" "system-dashboard 2.8.15 Unauthenticated.Stored.XSS HIGH" "system-dashboard 2.8.15 Admin+.Path.Traversal MEDIUM" "system-dashboard 2.8.10 XSS.via.Header.Injection LOW" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_db_specs) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_option_value) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_php_info) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_global_value) MEDIUM" "system-dashboard 2.8.8 Missing.Authorization.to.Information.Disclosure.(sd_constants) MEDIUM" "single-user-chat No.known.fix Authenticated.(Subscriber+).Limited.Options.Update HIGH" "seraphinite-accelerator 2.22.16 Authenticated.(Subscriber+).Information.Exposure MEDIUM" "seraphinite-accelerator 2.21 Authenticated.(Subscriber+).Server-Side.Request.Forgery.in.OnAdminApi_HtmlCheck MEDIUM" "seraphinite-accelerator 2.20.48 Unauthenticated.Sensitive.Information.Exposure.via.Log.File MEDIUM" "seraphinite-accelerator 2.20.29 Reflected.Cross-Site.Scripting.via.rt MEDIUM" "seraphinite-accelerator 2.20.32 Unauthorised.Settings.Reset/Import MEDIUM" "seraphinite-accelerator 2.2.29 Reflected.XSS HIGH" "seraphinite-accelerator 2.2.29 Authenticated.Arbitrary.Redirect MEDIUM" "ssl-wireless-sms-notification 3.6.0 Unauthenticated.SQL.Injection HIGH" "ssl-wireless-sms-notification 3.7.0 Unauthenticated.Privilege.Escalation CRITICAL" "superior-faq No.known.fix CSRF MEDIUM" "social-login-wp No.known.fix CSRF MEDIUM" "simple-gallery-with-filter 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "security-force No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "scroll-triggered-animations 3.0.16 Reflected.Cross-Site.Scripting HIGH" "scroll-triggered-animations 3.0.11 Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "simple-popup-manager No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.6.0 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "seriously-simple-podcasting 3.3.0 Admin+.Stored.XSS LOW" "seriously-simple-podcasting 3.1.0 Reflected.Cross-Site.Scripting MEDIUM" "seriously-simple-podcasting 3.0.0 Unauthenticated.Administrator.Email.Disclosure MEDIUM" "seriously-simple-podcasting 2.19.1 Contributor+.Stored.XSS MEDIUM" "seriously-simple-podcasting 2.16.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.vg_display_data MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Post.Meta.Disclosure MEDIUM" "shortcode-to-display-post-and-user-data 1.3.0 Authenticated.(Contributor+).Code.Injection HIGH" "stars-smtp-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stars-smtp-mailer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "super-forms-bundle 4.9.703 Unauthenticated.PHP.File.Upload.to.RCE CRITICAL" "simple-tags 3.20.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-tags 3.6.5 Editor+.Stored.XSS LOW" "simple-tags 3.4.5 Reflected.Cross-Site.Scripting MEDIUM" "simple-tags 3.0.7.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "shabbos-and-yom-tov No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "slp-gravity-forms-locations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slp-gravity-forms-locations 5.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "seosamba-webmasters 1.0.6 Access.Key.Update.via.CSRF MEDIUM" "support-genix-lite 1.2.4 Missing.Authorization MEDIUM" "simpleform-contact-form-submissions No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-membership 4.5.6 Exposure.of.Private.Personal.Information.to.an.Unauthorized.Actor MEDIUM" "simple-membership 4.5.4 Unauthenticated.Open.Redirect MEDIUM" "simple-membership 4.4.6 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.4 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-membership 4.4.3 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "simple-membership 4.4.2 Open.Redirect MEDIUM" "simple-membership 4.3.9 Reflected.Cross-Site.Scripting.Vulnerability.via.environment_mode MEDIUM" "simple-membership 4.3.5 Account.Takeover.via.Password.Reset HIGH" "simple-membership 4.3.5 Privilege.escalation.via.Registration HIGH" "simple-membership 4.3.6 Reflected.XSS HIGH" "simple-membership 4.2.2 Contributor+.Stored.XSS MEDIUM" "simple-membership 4.1.3 Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.3 Unauthenticated.Membership.Privilege.Escalation MEDIUM" "simple-membership 4.1.1 Reflected.Cross-Site.Scripting MEDIUM" "simple-membership 4.1.0 Arbitrary.Transaction.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.9 Arbitrary.Member.Deletion.via.CSRF MEDIUM" "simple-membership 4.0.4 Authenticated.SQL.Injections CRITICAL" "simple-membership 3.8.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "simple-membership 3.5.7 XSS MEDIUM" "simple-membership 3.3.3 Multiple.CSRF HIGH" "simple-pricing-table No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchie No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-history 3.4.0 Improper.Neutralization.of.Formula.Elements.in.a.CSV.File MEDIUM" "supportflow 0.7 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "syncee-global-dropshipping 1.0.10 Global.Dropshipping.<.1.0.10.-.Authentication.Token.Disclosure HIGH" "sell-with-razorpay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sliced-invoices 3.9.3 Missing.Authorization MEDIUM" "sliced-invoices 3.8.4 Multiple.Vulnerabilities HIGH" "smart-scroll-posts 2.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "scrollbar-customizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sendpress No.known.fix Admin+.Stored.XSS.via.Settings LOW" "sendpress No.known.fix Admin+.Stored.XSS.via.Form.Settings LOW" "sendpress No.known.fix Reflected.XSS HIGH" "sendpress 1.23.11.6 Contributor+.Stored.XSS MEDIUM" "sendpress No.known.fix Admin+.Stored.XSS LOW" "sendpress No.known.fix CSRF MEDIUM" "sendpress 1.20.7.13 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "sendpress 1.2 Authenticated.SQL.Injection MEDIUM" "survey-maker 5.1.3.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 5.1.3.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Survey.Question MEDIUM" "survey-maker 5.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.9.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 4.2.9 Admin+.Stored.XSS.via.Plugin.Settings LOW" "survey-maker 3.6.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "survey-maker 4.1.0 IP.Address.Spoofing MEDIUM" "survey-maker 4.0.7 Reflected.Cross-Site.Scripting MEDIUM" "survey-maker 4.0.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "survey-maker 3.4.7 Reflected.XSS HIGH" "survey-maker 3.1.2 Subscriber+.SQLi HIGH" "survey-maker 3.1.4 Unauthenticated.Stored.XSS HIGH" "survey-maker 2.0.7 Unauthenticated.Store.Cross-Site.Scripting MEDIUM" "survey-maker 1.5.6 Authenticated.Blind.SQL.Injections HIGH" "survey-maker 1.5.6 Reflected.Cross-Site.Scripting.(XSS) HIGH" "seo-simple-pack 3.3.0 Information.Exposure MEDIUM" "stout-google-calendar No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "surbma-magyar-woocommerce 2022.0.3 Reflected.Cross-Site.Scripting MEDIUM" "surbma-magyar-woocommerce 30.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "signup-page No.known.fix Unauthenticated.Arbitrary.Options.Update CRITICAL" "sportspress-tv No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "show-website-content-in-wordpress-page-or-post 2024.04.09 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "skyword-plugin 2.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smtp-mail 1.3.21 Cross.Site.Request.Forgery MEDIUM" "smtp-mail No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "smtp-mail 1.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "smtp-mail 1.2.2 Authenticated.SQL.Injections MEDIUM" "supportcandy 3.3.1 Support.Ticket.Attachments.Download.via.IDOR MEDIUM" "supportcandy 3.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "supportcandy 3.1.7 Subscriber+.SQLi HIGH" "supportcandy 3.1.7 Admin+.SQLi MEDIUM" "supportcandy 3.1.5 Unauthenticated.SQLi HIGH" "supportcandy 2.2.7 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Reflected.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.5 Unauthenticated.Arbitrary.Ticket.Deletion HIGH" "supportcandy 2.2.7 CSRF.to.Cross-Site.Scripting MEDIUM" "supportcandy 2.2.7 Arbitrary.Ticket.Deletion.via.CSRF HIGH" "supportcandy 2.0.1 Arbitrary.File.Upload CRITICAL" "soumettre-fr 2.1.4 Missing.Authorization MEDIUM" "sitewide-notice-wp 2.3 Admin+.Stored.XSS LOW" "si-contact-form 4.0.38 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "snow-monkey-forms 5.0.7 Unauthenticated.Path.Traversal MEDIUM" "sabai-discuss 1.4.14 Reflected.Cross.Site.Scripting MEDIUM" "sassy-social-share 3.3.70 Reflected.Cross-Site.Scripting.via.heateor_mastodon_share.Parameter MEDIUM" "sassy-social-share 3.3.63 Sassy.social.share.<.3,3,63.Admin+.Stored.Cross-Site.scripting LOW" "sassy-social-share 3.3.61 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.59 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sassy-social-share 3.3.57 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.45 Contributor+.Stored.XSS MEDIUM" "sassy-social-share 3.3.40 Reflected.Cross-Site.Scripting MEDIUM" "sassy-social-share 3.3.24 Missing.Access.Controls.to.PHP.Object.Injection MEDIUM" "swifty-bar 1.2.11 Admin+.Stored.XSS LOW" "smart-protect No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-protect No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "smart-admin-menu-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-admin-menu-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "scottcart No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "streamcast 2.2.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "streamcast 2.1.9 Reflected.Cross-Site.Scripting MEDIUM" "streamcast 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "streamcast 2.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "simple-proxy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shopp-arrange No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stop-referrer-spam 1.3.1 CSRF MEDIUM" "shop-assistant-for-woocommerce-jarvis 2.9.2 Missing.Authorization MEDIUM" "soundy-audio-playlist No.known.fix XSS MEDIUM" "saoshyant-page-builder No.known.fix Missing.Authorization MEDIUM" "shortcodes-ultimate-pro 7.2.1 Contributor+.Stored.XSS MEDIUM" "shortcodes-ultimate-pro 7.1.5 Contributor+.Stored.Cross-Site.Scripting.XSS MEDIUM" "slider-factory 1.3.6 Subscriber+.Arbitrary.Post.Access MEDIUM" "slider-factory 1.3.2 Slider.Clone/Save/Delete.via.CSRF MEDIUM" "social-gallery-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-gallery-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "simplepress No.known.fix Cross-Site.Request.Forgery.to.Unauthorized.Post.Editing MEDIUM" "simplepress 6.10.11 Reflected.XSS HIGH" "simplepress 6.10.12 Reflected.Cross-Site.Scripting MEDIUM" "simplepress 6.8.1 Unauthenticated.Stored.XSS.via.Forum.Replies HIGH" "simplepress 6.8.1 Admin+.Arbitrary.File.Update LOW" "simplepress 6.8.1 Subscriber+.Arbitrary.File.Deletion HIGH" "simplepress 6.8.1 Subscriber+.Stored.XSS.via.Profile.Signatures MEDIUM" "simplepress 6.6.1 Broken.Access.Control.leading.to.RCE CRITICAL" "stop-comment-spam 0.5.4 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-youtube-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-youtube-gdpr No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "streamweasels-youtube-integration 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "streamweasels-youtube-integration 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-youtube-embed.Shortcode MEDIUM" "sa-post-author-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "smart-google-code-inserter 3.5 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "smart-google-code-inserter 3.5 Unauthenticated.SQL.Injection CRITICAL" "simple-quotation No.known.fix Quote.Creation/Edition.via.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "simple-quotation No.known.fix Subscriber+.SQL.injection HIGH" "super-social-content-locker-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seamless-donations 5.1.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "school-management-pro No.known.fix Authenticated.(School.Admin+).SQL.Injection CRITICAL" "school-management-pro 9.9.7 Unauthenticated.RCE.via.REST.api CRITICAL" "sellkit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "sellkit 1.8.3 Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "simple-charts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "serial-codes-generator-and-validator 2.4.15 Admin+.Stored.XSS LOW" "simply-exclude No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-backlink-monitor 1.6.0 Reflected.Cross-Site.Scripting MEDIUM" "social-media-widget 4.0.9 Admin+.Stored.XSS LOW" "stagtools 2.3.8 Reflected.XSS HIGH" "stagtools 2.3.7 Contributor+.Stored.XSS MEDIUM" "simple-load-more No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "setka-editor No.known.fix Cross-Site.Request.Forgery.via.handleRequest MEDIUM" "setka-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "setka-editor 2.1.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-stickers No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "seekxl-snapr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stylish-cost-calculator-premium 7.9.0 Unauthenticated.Stored.XSS HIGH" "style-admin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-media-shortcodes 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "section-slider No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "section-slider No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "section-slider No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "scrollto-bottom No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "smart-maintenance-mode 1.5.2 Admin+.Stored.XSS LOW" "smart-maintenance-mode 1.5.2 Admin+.Stored.XSS LOW" "smart-maintenance-mode No.known.fix Cross-Site.Request.Forgery MEDIUM" "supportboard 3.4.2 Multiple.Authenticated.SQLi HIGH" "supportboard 3.3.6 Arbitrary.File.Deletion.via.CSRF HIGH" "supportboard 3.3.5 Agent+.Stored.Cross-Site.Scripting MEDIUM" "supportboard 3.3.4 Multiple.Unauthenticated.SQL.Injections CRITICAL" "supportboard 1.2.9 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "supportboard 1.2.4 Stored.Cross-Site.Scripting MEDIUM" "sitekit 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "sitekit 1.5 Contributor+.Stored.XSS MEDIUM" "sitekit 1.4 Contributor+.Stored.XSS MEDIUM" "spreadr-for-woocomerce 1.0.5 Missing.Authorization.to.Arbitrary.Content.Deletion HIGH" "spreadr-for-woocomerce 1.0.5 Missing.Authorization MEDIUM" "simple-catalogue No.known.fix Reflected.XSS HIGH" "simple-membership-after-login-redirection 1.7 Open.Redirect MEDIUM" "sell-media No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sell-media 2.5.7.3 CSRF.Bypass MEDIUM" "sell-media 2.4.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "social-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "similar-posts No.known.fix Admin+.Stored.XSS LOW" "similar-posts 3.1.6 Admin+.Arbitrary.PHP.Code.Execution HIGH" "sv-media-library 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-media-library 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-link-pages No.known.fix Missing.Authorization.to.Arbitrary.Page.Creation.and.Cross-Site.Scripting HIGH" "simple-membership-wp-user-import 1.8 Admin+.SQLi MEDIUM" "social-icons-widget-by-wpzoom 4.2.18 Admin+.Stored.XSS LOW" "social-icons-widget-by-wpzoom 4.2.16 Missing.Authorization MEDIUM" "sitemap 4.4 Contributor+.Stored.XSS MEDIUM" "simple-mail-address-encoder 1.7 Reflected.Authenticated.XSS MEDIUM" "scalable-vector-graphics-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "schedulicity-online-appointment-booking No.known.fix Easy.Online.Scheduling.<=.2.21.-.Contributor+.Stored.XSS MEDIUM" "simple-sitemap 3.5.14 Cross-Site.Request.Forgery.via.admin_notices MEDIUM" "simple-sitemap 3.5.10 Reflected.Cross-Site.Scripting MEDIUM" "simple-sitemap 3.5.8 Contributor+.Stored.XSS MEDIUM" "simple-sitemap 3.5.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-news No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.news.Shortcode MEDIUM" "sopa-blackout No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "social-login-bws 0.2 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sumome 1.35 Cross-Site.Request.Forgery MEDIUM" "skaut-bazar 1.3.3 Reflected.Cross-Site.Scripting HIGH" "simple-custom-post-order 2.5.8 Missing.Authorization MEDIUM" "sliding-widgets No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "sis-handball No.known.fix Settings.Update.via.CSRF MEDIUM" "strong-testimonials 3.2.4 Missing.Authorization MEDIUM" "strong-testimonials 3.1.17 Missing.Authorization MEDIUM" "strong-testimonials 3.1.13 Authenticated(Contributor+).Improper.Authorization.to.Views.Modification MEDIUM" "strong-testimonials 3.1.12 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.1.11 Settings.Update.via.CSRF MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS MEDIUM" "strong-testimonials 3.0.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "strong-testimonials 2.51.3 Unauthorised.AJAX.Call MEDIUM" "strong-testimonials 2.40.1 Stored.Cross.Site.Scripting.(XSS) MEDIUM" "simple-matted-thumbnails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "subscriptions-memberships-for-paypal 1.1.7 Cross-Site.Request.Forgery.to.Arbitrary.Post.Deletion MEDIUM" "subscriptions-memberships-for-paypal 1.1.3 Reflected.Cross-Site.Scripting.via.page.Parameter HIGH" "sync-post-with-other-site 1.7 Missing.Authorization.to.Authenticated.(Subscriber+).Post.Creation.and.Update MEDIUM" "sync-post-with-other-site 1.5.2 Cross-Site.Request.Forgery MEDIUM" "simple-gallery-odihost No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-gallery-odihost No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "sonawp-simple-payment-block 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "stellissimo-text-box No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slider-hero 8.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "slider-hero 8.4.4 Admin+.Stored.Cross-Site.Scripting LOW" "slider-hero 8.2.7 Contributor+.SQL.Injection CRITICAL" "slider-hero 8.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "steel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn.Shortcode MEDIUM" "shortcode-ninja No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "send-prebuilt-emails No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "send-prebuilt-emails No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-locker-content No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "stylist No.known.fix Cross-Site.Request.Forgery MEDIUM" "send-users-email 1.5.2 Unauthenticated.Information.Exposure MEDIUM" "send-users-email 1.4.4 Sensitive.Information.Exposure.via.Error.Logs MEDIUM" "send-users-email 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "skt-addons-for-elementor 3.4 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "skt-addons-for-elementor 3.2 Contributor+.Stored.XSS MEDIUM" "skt-addons-for-elementor 2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate.and.Creative.Slider.Widgets HIGH" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Block MEDIUM" "skt-addons-for-elementor 1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Page.Title MEDIUM" "sermonaudio-widgets No.known.fix Authenticated.(Contributor+).SQL.Injection HIGH" "ssl-atlas-free-ssl-certificate-https-redirect 1.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "subscribe-to-category No.known.fix Unauthenticated.SQLi HIGH" "simple-301-redirects 2.0.8 Missing.Authorization.via.clicked MEDIUM" "simple-301-redirects 2.0.8 Cross-Site.Request.Forgery.via.'clicked' MEDIUM" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Arbitrary.Plugin.Activation HIGH" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Unauthenticated.Redirect.Import CRITICAL" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Update.and.Retrieve.Wildcard.Value MEDIUM" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Unauthenticated.Redirect.Export CRITICAL" "simple-301-redirects 2.0.4 2.0.0.–.2.0.3.-.Arbitrary.Plugin.Installation HIGH" "social-proof-testimonials-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.spslider-block.Shortcode MEDIUM" "social-proof-testimonials-slider 2.2.4 Admin+.Stored.XSS LOW" "simplesamlphp-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sports-rankings-lists No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "starbox 3.5.3 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.2 Admin+.Stored.XSS LOW" "starbox 3.5.0 Contributor+.Stored.XSS MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Job.Settings MEDIUM" "starbox 3.5.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.Profile.Display.Name.and.Social.Settings MEDIUM" "starbox 3.4.8 Subscriber+.Plugin.Preferences./.User.Settings.Access.via.IDOR MEDIUM" "swiss-toolkit-for-wp 1.0.8 Contributor+.Authentication.Bypass HIGH" "sheetpress No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sheetpress No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "stars-rating 3.5.1 Comments.Denial.of.Service MEDIUM" "swift-performance-lite 2.3.7.2 Unauthenticated.Local.PHP.File.Inclusion.via.'ajaxify' HIGH" "swift-performance-lite 2.3.6.21 Cross-Site.Request.Forgery MEDIUM" "swift-performance-lite 2.3.6.19 Subscriber+.Settings.Update MEDIUM" "swift-performance-lite 2.3.6.15 Unauthenticated.Configuration.Export MEDIUM" "secure-captcha No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-embed-code 2.5.1 Authenticated.(Contributor+).Server-Side.Request.Forgery MEDIUM" "simple-embed-code 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-embed-code 2.3.7 Authenticated(Contributor+).Denial.of.Service MEDIUM" "simple-blog-card 1.32 Subscriber+.Arbitrary.Post.Access MEDIUM" "simple-blog-card 1.31 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "stacks-mobile-app-builder No.known.fix Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "stacks-mobile-app-builder No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "stacks-mobile-app-builder No.known.fix Authentication.Bypass CRITICAL" "send-pdf-for-contact-form-7 1.0.2.4 Missing.Authorization MEDIUM" "send-pdf-for-contact-form-7 0.9.9.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "sticky-ad-bar No.known.fix Admin+.Stored.XSS LOW" "spotlightr 0.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smtp-sendinblue 1.2 Unauthenticated.Stored.Cross-Site.Scripting.via.Email.Logs HIGH" "safety-exit 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "stock-quotes-list 2.9.12 Contributor+.Stored.XSS MEDIUM" "strategery-migrations No.known.fix Unauthenticated.Arbitrary.File.Deletion HIGH" "seraphinite-discount-for-woocommerce 2.4.7 Reflected.Cross-Site.Scripting MEDIUM" "sidebar-adder No.known.fix Reflected.Cross-Site.Scripting HIGH" "simple-urls 121 Arbitrary.Actions.via.CSRF MEDIUM" "simple-urls 118 Reflected.XSS HIGH" "simple-urls 115 Multiple.Reflected.XSS HIGH" "simple-urls 115 Subscriber+.SQLi HIGH" "sf-booking 3.2 Unauthenticated.Local.File.Disclosure HIGH" "spideranalyse No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "slider-range-htapps 1.1.6 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shopello No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "share-button 1.20 Reflected.Cross-Site.Scripting MEDIUM" "shipdeo-woo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "superfast-mailgun-newsletter 1.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "social-links No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "social-links No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-locator 2.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slide-banners No.known.fix Missing.Authorization MEDIUM" "squirrly-seo-pack No.known.fix Advanced.Pack.<=.2.3.8.-.Authenticated(Administrator+).SQL.Injection MEDIUM" "shortcodes-finder 1.5.5 Reflected.Cross-Site.Scripting MEDIUM" "shortcodes-finder 1.5.4 Reflected.XSS HIGH" "simple-real-estate-pack-4 No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "sv100-companion No.known.fix Missing.Authorization.to.Unuathenticated.Arbitrary.Options.Update CRITICAL" "sv100-companion 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv100-companion 1.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simple-login-log 1.1.2 Authenticated.SQL.Injection CRITICAL" "string-locator 2.6.7 Unauthenticated.PHP.Object.Injection HIGH" "string-locator 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "string-locator 2.6.0 Authenticated.PHAR.Deserialization MEDIUM" "string-locator 2.5.0 Admin+.Arbitrary.File.Read LOW" "sticky-banner 1.3.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sticky-menu-or-anything-on-scroll 2.21 CSRF.&.XSS LOW" "smart-forms 2.6.92 Missing.Authorization.to.Notice.Dismissal MEDIUM" "smart-forms 2.6.96 Admin+.Stored.XSS LOW" "smart-forms 2.6.94 Edit.Entries.via.CSRF MEDIUM" "smart-forms 2.6.94 Subscriber+.Edit.Entries.via.Broken.Access.Control MEDIUM" "smart-forms 2.6.87 Subscriber+.Arbitrary.Entry.Deletion MEDIUM" "smart-forms 2.6.85 Subscriber+.Arbitrary.Options.Update HIGH" "smart-forms 2.6.71 Subscriber+.Form.Data.Download MEDIUM" "smart-forms 2.6.16 Cross-Site.Request.Forgery.(CSRF) HIGH" "stop-wp-emails-going-to-spam 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "smart-email-alerts No.known.fix Reflected.Cross-Site.Scripting HIGH" "searchiq 4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.7 Cross-Site.Request.Forgery MEDIUM" "searchiq 4.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "searchiq 4.6 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "searchiq 4.5 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "searchiq 3.9 Unauthenticated.Stored.XSS HIGH" "south-pole-the-offset-movement No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "south-pole-the-offset-movement 1.0.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sidebartabs No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-slider 1.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shortcode-cleaner-lite No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Export MEDIUM" "scheduled-notification-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sb-child-list No.known.fix Settings.Update.via.CSRF MEDIUM" "simple-photo-gallery No.known.fix Admin+.SQLi MEDIUM" "spreadshirt-rss-3d-cube-flash-gallery No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "sky-login-redirect 3.7.3 Reflected.Cross-Site.Scripting MEDIUM" "sky-login-redirect 3.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "super-seo-content-cloner 1.0.2 Missing.Authorization MEDIUM" "seo-wordpress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.8.7 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "simply-schedule-appointments 1.6.8.5 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.55 Admin+.Stored.XSS LOW" "simply-schedule-appointments 1.6.7.43 Admin+.Template.Injection.to.RCE MEDIUM" "simply-schedule-appointments 1.6.7.18 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.6.24 Reflected.Cross-Site.Scripting MEDIUM" "simply-schedule-appointments 1.6.7.9 Authenticated.(Contributor+).SQL.Injection.via.Shortcode HIGH" "simply-schedule-appointments 1.6.7.9 Authenticated.(Subscriber+).SQL.Injection HIGH" "simply-schedule-appointments 1.6.6.24 Cross-Site.Request.Forgery.to.Plugin.Data.Reset MEDIUM" "simply-schedule-appointments 1.6.6.1 Authenticated(Administrator+).SQL.Injection MEDIUM" "simply-schedule-appointments 1.5.7.7 Admin+.Stored.Cross-Site.Scripting LOW" "simply-schedule-appointments 1.5.7.7 Unauthenticated.Email.Address.Disclosure MEDIUM" "sendgrid-email-delivery-simplified No.known.fix Authenticated.Authorization.Bypass MEDIUM" "social2blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "simple-add-pages-or-posts 1.7 CSRF MEDIUM" "simple-user-listing 1.9.3 Reflected.XSS HIGH" "stop-user-enumeration 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "stop-user-enumeration 1.3.20 Subscriber+.Arbitrary.Option.Update CRITICAL" "stop-user-enumeration 1.3.9 REST.API.Bypass MEDIUM" "stop-user-enumeration 1.3.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "smooth-slider 2.8.7 Authenticated.SQL.Injection HIGH" "smooth-slider 2.7 Authenticated.SQL.Injection HIGH" "shortpixel-adaptive-images 3.8.4 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.4 Cross-Site.Request.Forgery MEDIUM" "shortpixel-adaptive-images 3.8.3 Missing.Authorization.in.activate_ai_handler.and.deactivate_ai_handler MEDIUM" "shortpixel-adaptive-images 3.7.2 Settings.Update.via.CSRF MEDIUM" "shortpixel-adaptive-images 3.6.3 Reflected.XSS HIGH" "shortpixel-adaptive-images 3.4.0 Subscriber+.Arbitrary.Settings.Update MEDIUM" "spoki 2.15.16 Contributor+.Stored.XSS MEDIUM" "smsa-shipping-for-woocommerce 1.0.5 Subscriber+.Arbitrary.File.Download HIGH" "shortcode-for-font-awesome 1.4.1 Contributor+.Stored.XSS MEDIUM" "seo-alert No.known.fix Admin+.Stored.XSS LOW" "spamreferrerblock No.known.fix Cross-Site.Request.Forgery MEDIUM" "spamreferrerblock No.known.fix Admin+.Stored.XSS LOW" "simple-business-manager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-image-popup-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "seo-content-randomizer 3.28.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "secure-downloads 1.2.3 Admin+.Arbitrary.File.Download MEDIUM" "s3-video No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "store-locator-widget 2025r2 Contributor+.Stored.XSS MEDIUM" "smartcrawl-seo 3.10.9 Unauthenticated.Full.Path.Disclosure MEDIUM" "smartcrawl-seo 3.10.3 Missing.Authorization MEDIUM" "smartcrawl-seo 3.8.3 Unauthenticated.Password.Protected.Post.Disclosure MEDIUM" "spice-starter-sites No.known.fix Missing.Authorization.to.Unauthenticated.Demo.Content.Import MEDIUM" "spice-starter-sites No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spice-starter-sites 1.1 Reflected.Cross-Site.Scripting MEDIUM" "social-share-with-floating-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-301-meta No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "simple-map-no-api No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "saoshyant-slider No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "shopelement 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-site-verify 1.0.8 Admin+.Stored.XSS LOW" "scroll-baner No.known.fix CSRF.to.RCE CRITICAL" "super-socializer 7.14.1 Unauthenticated.Limited.SQL.Injection.via.'SuperSocializerKey' MEDIUM" "super-socializer 7.14 Authentication.Bypass HIGH" "super-socializer 7.13.64 Editor+.Stored.XSS MEDIUM" "super-socializer 7.13.55 Missing.Authorization MEDIUM" "super-socializer 1.13.53 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.52 Reflected.XSS HIGH" "super-socializer 7.13.44 Contributor+.Stored.XSS MEDIUM" "super-socializer 7.13.30 Reflected.Cross-Site.Scripting MEDIUM" "super-socializer 7.11 Authentication.Bypass CRITICAL" "snipe-nginx-cache No.known.fix Missing.Authorization MEDIUM" "smoothness-slider-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "sketchfab-oembed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-local-avatars 2.8.0 Missing.Authorization.to.Authenticated.(Subscriber+).User.Cache.Clearing MEDIUM" "simple-local-avatars 2.7.11 Cross-Site.Request.Forgery.via.save_default_avatar_file_id() MEDIUM" "simple-file-downloader No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "siteguard 1.7.7 Login.Page.Disclosure MEDIUM" "stops-core-theme-and-plugin-updates 8.0.5 Insufficient.Restrictions.on.Option.Changes MEDIUM" "simple-student-result 1.7.5 Stored.Cross.Site.Scripting.via.CSRF MEDIUM" "simple-student-result 1.8.0 Unauthorised.REST.Calls MEDIUM" "simple-student-result 1.6.4 Auth.Bypass CRITICAL" "seo-checklist No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "seo-checklist No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "synved-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "simpul-events-by-esotech No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sb-random-posts-widget 1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sidebar-manager 1.1.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "sidebar-manager 1.1.5 Cross-Site.Request.Forgery MEDIUM" "simple-al-slider No.known.fix Reflected.XSS HIGH" "seo-automatic-seo-tools No.known.fix Reflected.XSS HIGH" "simple-vertical-timeline No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "simple-testimonials-showcase No.known.fix Cross-Site.Request.Forgery MEDIUM" "secure-file-manager No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager No.known.fix Admin+.RCE MEDIUM" "secure-file-manager 2.8.2 Authenticated.Remote.Code.Execution CRITICAL" "shiptimize-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sign-up-sheets 2.2.13 Reflected.XSS HIGH" "sign-up-sheets 2.2.13 Missing.Authorization MEDIUM" "sign-up-sheets 2.2.12 Cross-Site.Request.Forgery MEDIUM" "sign-up-sheets 2.2.9 Settings.Update/Reset.via.CSRF MEDIUM" "sign-up-sheets 1.0.14 Authenticated.CSV.Injection MEDIUM" "sign-up-sheets 1.0.14 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "seo-local-rank 2.2.4 Unauthenticated.Arbitrary.File.Access.via.Path.Traversal HIGH" "seed-fonts 2.4.0 Admin+.Stored.XSS LOW" "sideblog No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "sayfa-sayac No.known.fix Unauthenticated.SQL.Injection CRITICAL" "sayfa-sayac No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "search-console 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "stylish-price-list 7.1.12 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.1.8 Contributor+.Stored.XSS MEDIUM" "stylish-price-list 7.0.18 Missing.Authorization MEDIUM" "stylish-price-list 6.9.1 Subscriber+.Arbitrary.Image.Upload MEDIUM" "stylish-price-list 6.9.0 Unauthenticated.Arbitrary.Image.Upload MEDIUM" "smart-mockups No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "smartarget-message-bar No.known.fix Admin+.Stored.XSS LOW" "sv-provenexpert 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-provenexpert 1.8.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stray-quotes No.known.fix Reflected.XSS HIGH" "stray-quotes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stax-buddy-builder 1.8.0 Contributor+.Post.Disclosure MEDIUM" "shortcode-support-for-elementor-templates No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "save-import-image-from-url No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "simple-post No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "social-media-sharing No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "stylish-internal-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sitepact-klaviyo-contact-form-7 3.0.0 Unauthenticated.SQL.Injection HIGH" "simple-side-tab 2.2.0 Admin+.Stored.XSS LOW" "stageshow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stop-spam-comments No.known.fix Access.Token.Bypass LOW" "simple-yearly-archive 2.1.9 Admin+.Stored.XSS LOW" "sticky-social-link No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "soundy-background-music No.known.fix Cross-Site.Scripting.(XSS) MEDIUM" "share-buttons No.known.fix Admin+.Stored.XSS LOW" "share-buttons No.known.fix Unauthenticated.Image.Upload.&.Path.Traversal MEDIUM" "shared-counts 1.5.0 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "surferseo 1.6.0.523 Authenticated.(Administrator+).SQL.Injection MEDIUM" "surferseo 1.3.3.379 Missing.Authorization MEDIUM" "sight 1.1.3 Missing.Authorization.to.Sensitive.Information.Exposure.in.handler_post_title MEDIUM" "subaccounts-for-woocommerce 1.6.1 Reflected.Cross-Site.Scripting HIGH" "subaccounts-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "staff-directory-pro No.known.fix Reflected.Cross-Site.Scripting.via.add_query_arg.Function MEDIUM" "staff-directory-pro No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "staff-directory-pro 4.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "staff-directory-pro 4.0 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "shipping-manager-for-woocommerce 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "shipping-manager-for-woocommerce 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "stock-market-charts-from-finviz 1.0.2 Admin+.Stored.XSS LOW" "share-woocommerce-email No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "simple-popup No.known.fix Admin+.Stored.XSS LOW" "seo-help 6.1.4 Reflected.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "streak-crm-for-gmail-integration-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "simply-excerpts No.known.fix Admin+.Stored.XSS LOW" "scrollrevealjs-effects No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "special-box-for-content No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "shine-pdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "super-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "slick-contact-forms No.known.fix Contributor+.Stored.XSS MEDIUM" "snippy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sg-helper No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "simple-content-construction-kit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "swift-framework No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "swift-framework No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "starterblocks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "starterblocks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shopsite-plugin 1.5.11 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "streamweasels-kick-integration 1.1.2 Blocks.and.Shortcodes.for.Embedding.Kick.Streams.<.1.1.2.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sw-kick-embed.Shortcode MEDIUM" "shiny-buttons No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "shortcut-macros No.known.fix Subscriber+.Arbitrary.Settings.Update MEDIUM" "sr-partner No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "simple-video-management-system No.known.fix Admin+.Stored.XSS LOW" "simple-video-management-system No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "splashscreen No.known.fix Settings.Update.via.CSRF MEDIUM" "super-interactive-maps 2.2 Unauthenticated.SQL.Injections CRITICAL" "super-interactive-maps 2.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "spacer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Information.Disclosure LOW" "spacer 3.0.7 Admin+.Stored.XSS LOW" "svgmagic No.known.fix Stored.XSS.via.SVG.Upload MEDIUM" "shopp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "simple-download-monitor 3.9.26 Authenticated.(Administrator+).SQL.Injection MEDIUM" "simple-download-monitor 3.9.9 Multiple.CSRF MEDIUM" "simple-download-monitor 3.9.11 Contributor+.Stored.Cross-Site.Scripting.via.Shortcodes MEDIUM" "simple-download-monitor 3.9.6 Unauthorised.Log.Reset MEDIUM" "simple-download-monitor 3.9.6 Unauthenticated.Log.Access MEDIUM" "simple-download-monitor 3.9.5 Contributor+.Stored.Cross-Site.Scripting.via.File.Thumbnail MEDIUM" "simple-download-monitor 3.9.6 Arbitrary.Thumbnails.Removal MEDIUM" "simple-download-monitor 3.9.5 Reflected.Cross-Site.Scripting HIGH" "simple-download-monitor 3.9.5 Contributor+.Arbitrary.File.Download.via.Path.Traversal MEDIUM" "simple-download-monitor 3.8.9 SQL.Injection MEDIUM" "simple-download-monitor 3.8.9 Unauthenticated.Cross-Site.Scripting MEDIUM" "simple-download-monitor 3.5.4 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "shipworks-e-commerce-bridge 5.2.6 Cross-Site.Request.Forgery.to.Service.Password/Username.Update MEDIUM" "store-credit-for-woocommerce 1.0.49.47 Reflected.Cross-Site.Scripting MEDIUM" "sureforms 1.2.3 Missing.Authorization.to.Unauthenticated.Protected.Post.Disclosure MEDIUM" "stockists-manager No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "simple-page-transition No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "seed-social 2.0.4 Admin+.Stored.XSS LOW" "splash-connector 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "simple-lightbox-gallery No.known.fix Author+.Stored.XSS MEDIUM" "simple-lightbox-gallery 1.10.0 .Contributor+.PHP.Object.Injection MEDIUM" "sprout-clients No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "sprout-clients 3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "sprout-clients 3.2 Subscriber+.Arbitrary.Option.Update CRITICAL" "seo-automated-link-building 2.5.3 Missing.Authorization MEDIUM" "seo-automated-link-building 2.1.1 Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "smartsearchwp 2.4.6 Unauthenticated.OpenAI.Key.Disclosure MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.Log.Purge MEDIUM" "smartsearchwp 2.4.5 Unauthenticated.SQLi HIGH" "smartsearchwp 2.4.5 Unauthenticated.Stored.XSS HIGH" "safetymails-forms No.known.fix Cross-Site.Request.Forgery HIGH" "soundcloud-shortcode 4.0.2 Contributor+.Stored.XSS MEDIUM" "soundcloud-shortcode 4.0.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "sv-posts 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "sv-posts 1.8.03 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "scoutnet-kalender No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "s3bubble-amazon-s3-html-5-video-with-adverts No.known.fix Directory.Traversal.leading.to.Arbitrary.File.Access HIGH" "simple-facebook-plugin 1.5.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "simple-facebook-plugin 1.5.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "site-mailer 1.2.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "services-section 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "split-test-for-elementor 1.7.0 Cross-Site.Request.Forgery MEDIUM" "stockholm-core 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "stockholm-core 2.4.2 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sms-alert 3.7.9 Unauthenticated.SQL.Injection HIGH" "sms-alert 3.7.9 Reflected.Cross-Site.Scripting MEDIUM" "sms-alert 3.7.7 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "sms-alert 3.7.6 WooCommerce.<.3.7.6.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sa_subscribe.Shortcode MEDIUM" "sms-alert 3.7.0 Cross-Site.Request.Forgery MEDIUM" "sms-alert 3.4.7 SMS.Alert.Order.Notifications.–.WooCommerce.<.3,4,7.Authenticated.Cross.Site.Scripting LOW" "slick-popup 1.7.15 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "slick-popup 1.7.2 Privilege.Escalation HIGH" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "sitebuilder-dynamic-components No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "side-menu-lite 5.3.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "side-menu-lite 4.2.1 Menu.Deletion.via.CSRF MEDIUM" "side-menu-lite 4.0.2 Reflected.XSS MEDIUM" "side-menu-lite 2.2.6 Authenticated.SQL.Injection HIGH" "side-menu-lite 2.2.1 Authenticated.SQL.Injection LOW" "slideshow-jquery-image-gallery No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "slideshow-jquery-image-gallery No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "slideshow-jquery-image-gallery 2.2.22 Option.Value.Disclosure HIGH" "sticky-add-to-cart-for-woo No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shareaholic 9.7.12 Missing.Authorization.via.accept_terms_of_service MEDIUM" "shareaholic 9.7.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "shareaholic 9.7.6 Information.Disclosure MEDIUM" "simple-media-directory 1.4.4 Contributor+.Stored.XSS MEDIUM" "simple-media-directory 1.4.3 Unauthenticated.SQLi HIGH" "shibboleth 1.8 Cross-Site.Scripting.(XSS) MEDIUM" "search-with-typesense 2.0.9 Authenticated.(Admin+).Path.Traversal LOW" "starter-templates No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.Plugin.Installation MEDIUM" "starter-templates No.known.fix Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "sagepay-server-gateway-for-woocommerce 1.0.9 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "saragna-social-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shortpixel-image-optimiser 5.6.4 Authenticated.(Editor+).SQL.Injection MEDIUM" "shortpixel-image-optimiser 5.6.4 Missing.Authorization MEDIUM" "shortpixel-image-optimiser 5.4.2 Authenticated(Editor+).PHP.Object.Injection MEDIUM" "shortpixel-image-optimiser 4.22.10 Reflected.Cross-Site.Scripting MEDIUM" "simple-header-and-footer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "spam-byebye No.known.fix Cross-Site.Request.Forgery MEDIUM" "spam-byebye 2.2.2 Cross-Site.Scripting.(XSS) MEDIUM" "simple-job-manager No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "sc-simple-zazzle No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "symbiostock No.known.fix Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "sakolawp-lite No.known.fix Cross-Site.Request.Forgery.to.Exam.Setting.Manipulation MEDIUM" "sakolawp-lite No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "smart-app-banner 1.1.4 Admin+.Stored.XSS LOW" "smart-app-banner 1.1.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "service-provider-profile-cpt No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "temporary-login-without-password 1.7.1 Subscriber+.Plugin's.Settings.Update MEDIUM" "tabs-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "total-sales-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "tock-widget 1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "templines-helper-core 2.8 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "tin-canny-learndash-reporting 4.3.0.8 Reflected.Cross-Site.Scripting MEDIUM" "td-cloud-library 2.7 Unauthenticated.Arbitrary.User.Metadata.Update.to.Privilege.Escalation CRITICAL" "tf-numbers-number-counter-animaton 2.0.1 Subscriber+.Arbitrary.Option.Update HIGH" "threewp-broadcast 51.02 Reflected.Cross-Site.Scripting MEDIUM" "tax-report-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization MEDIUM" "tutor-lms-elementor-addons 2.1.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Installation MEDIUM" "tutor-lms-elementor-addons 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Course.Carousel.Widget MEDIUM" "tutor-lms-elementor-addons 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twb-woocommerce-reviews 1.7.6 Admin+.Stored.XSS LOW" "tagmaker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tito No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tradetracker-store 4.6.60 Admin+.SQL.Injection MEDIUM" "truepush-free-web-push-notifications No.known.fix Missing.Authorization MEDIUM" "thinktwit 1.7.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "trust-form 2.0.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "twentytwenty No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-builder-for-elementor 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "the-events-calendar 6.9.1 Contributor+.Stored.XSS MEDIUM" "the-events-calendar 6.8.2.1 Unauthenticated.Password.Protected.Event.Disclosure MEDIUM" "the-events-calendar 6.7.1 Trashed.Events.Restoration.via.CSRF MEDIUM" "the-events-calendar 6.6.4.1 Unauthenticated.SQL.Injection MEDIUM" "the-events-calendar 6.6.4 Admin+.Stored.XSS LOW" "the-events-calendar 6.5.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "the-events-calendar 6.5.1.5 Cross-Site.Request.Forgery.via.action_restore_events MEDIUM" "the-events-calendar 6.4.0.1 Contributor+.Arbitrary.Events.Access LOW" "the-events-calendar 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "the-events-calendar 6.4.0.1 Reflected.XSS HIGH" "the-events-calendar 6.2.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "the-events-calendar 6.2.8.1 Unauthenticated.Arbitrary.Password.Protected.Post.Read MEDIUM" "the-events-calendar 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 5.14.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "the-events-calendar 5.14.0 Reflected.Cross-Site.Scripting MEDIUM" "the-events-calendar 4.8.2 XSS MEDIUM" "taobaoke No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "theme-per-user No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "table-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via._id.Parameter MEDIUM" "thank-me-later No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "thecartpress No.known.fix Unauthenticated.Arbitrary.Admin.Account.Creation CRITICAL" "thecartpress 1.3.9.3 Multiple.Vulnerabilities HIGH" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "taggbox-widget 3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taggbox-widget 3.2 Unauthenticated.PHP.Object.Injection CRITICAL" "taggbox-widget No.known.fix Missing.Authorization MEDIUM" "taggbox-widget No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "taggbox-widget No.known.fix Cross-Site.Request.Forgery MEDIUM" "testimonial-slider 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider 1.3.2 Stored.XSS.via.CSRF MEDIUM" "testimonial-slider 1.2.5 Authenticated.SQL.Injection HIGH" "testimonial-slider 1.3.2 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "tml-2fa 1.2 .Lack.of.Rate.Limiting MEDIUM" "themify-store-locator 1.2.0 Cross-Site.Request.Forgery MEDIUM" "tidio-form No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "testimonial-rotator No.known.fix Authenticated.Stored.Cross-Site.Scripting HIGH" "testimonial-rotator 3.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "topbar-id-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "trackserver 5.0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "toocheke-companion 1.167 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "template-kit-export 1.0.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tweet-old-custom-post No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "template-events-calendar 2.3.2 Authenticated.(Contributor+).SQL.Injection.via.shortcode HIGH" "template-events-calendar 2.0 Subscriber+.Arbitrary.Plugin.Installation.&.Activation HIGH" "template-events-calendar 1.7.2 Reflected.Cross-Site.Scripting.(XSS) HIGH" "toggles-shortcode-and-widget No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "time-clock 1.2.3 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "td-subscription 1.5 Authenticated.(Admin+).SQL.Injection HIGH" "tapfiliate 3.0.13 Admin+.Stored.XSS LOW" "thrive-ab-page-testing 1.4.13.3 Unauthenticated.Option.Update MEDIUM" "the-events-calendar-pro 6.4.0.1 Contributor+.Missing.Authorization.to.Authenticated.Arbitrary.Events.Access MEDIUM" "team-showcase-supreme 7.5 Editor+.Local.File.Inclusion HIGH" "team-showcase-supreme 4.5 Editor+.Stored.Cross-Site.Scripting LOW" "tickera-event-ticketing-system 3.5.4.9 Unauthenticated.Customer.Data.Exposure MEDIUM" "tickera-event-ticketing-system 3.5.4.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "tickera-event-ticketing-system 3.5.2.9 Missing.Authorization.to.Authenticated.(Susbcriber+).Ticket.Deletion MEDIUM" "tickera-event-ticketing-system 3.5.2.7 Missing.Authorization MEDIUM" "tickera-event-ticketing-system 3.5.2.5 Ticket.leakage.through.IDOR MEDIUM" "tickera-event-ticketing-system 3.5.1.0 Plugin.Data.Deletion.via.CSRF LOW" "tickera-event-ticketing-system 3.4.9.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tickera-event-ticketing-system 3.4.8.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tickera-event-ticketing-system 3.4.6.9 Unauthenticated.Sensitive.Data.Exposure HIGH" "tablepress 2.4.3 Author+.Stored.XSS MEDIUM" "tablepress 2.4.3 XXE.Injection MEDIUM" "tablepress 2.3.2 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebind MEDIUM" "tablepress 2.2.5 Authenticated(Author+).Server.Side.Request.Forgery(SSRF).via._get_import_files MEDIUM" "tablepress 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "tablepress 1.8.1 Authenticated.XML.External.Entity.(XXE) MEDIUM" "tab-my-content No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "taketin-to-wp-membership No.known.fix Subscriber+.PHP.Object.Injection HIGH" "telugu-bible-verse-daily No.known.fix CSRF.to.Stored.XSS HIGH" "timesheet 0.1.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "task-scheduler 1.6.1 Folders.Disclosure.via.Outdated.jQueryFileTree.Library MEDIUM" "tarteaucitronjs 1.6.1 Cookies.legislation.&.GDPR.<.1.6.1.-.Admin.+.Stored.Cross-Site.Scripting LOW" "tarteaucitronjs 1.6 Cookies.legislation.&.GDPR.<.1.6.-.CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "themehunk-megamenu-plus 1.1.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "themehunk-megamenu-plus 1.1.0 .Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Updates MEDIUM" "twenty20 No.known.fix Contributor+.Stored.XSS MEDIUM" "totop-link No.known.fix Unauthenticated.PHP.Object.Injection MEDIUM" "textme-sms-integration 1.9.1 Subscriber+.Settings.Update MEDIUM" "textme-sms-integration 1.8.9 Authenticated.Stored.XSS LOW" "tm-islamic-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "total-gdpr-compliance-lite 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "thesis-openhook 4.3.1 Subscriber+.Remote.Code.Execution CRITICAL" "trendy-restaurant-menu No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider-and-showcase 2.3.8 Admin+.Stored.XSS LOW" "testimonial-slider-and-showcase 2.3.7 Author+.Settings.Update LOW" "tawkto-live-chat 0.6.0 Subscriber+.Visitor.Monitoring.&.Chat.Removal HIGH" "tubepress 1.6.5 XSS MEDIUM" "team-showcase 2.2 Contributor+.Stored.XSS MEDIUM" "tenweb-speed-optimizer 2.24.18 Unauthenticated.Arbitrary.Option.Deletion HIGH" "traveler-code 3.1.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "traveler-code 3.1.2 Unauthenticated.Arbitrary.SQL.Injection HIGH" "tube-video-curator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "terms-and-conditions-per-product 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "thrive-headline-optimizer 1.3.7.3 Unauthenticated.Option.Update MEDIUM" "totalpoll-lite 4.10.0 Missing.Authorization MEDIUM" "team-rosters No.known.fix Reflected.Cross-Site.Scripting.via.'tab' MEDIUM" "team-rosters No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "typing-text No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "typing-text 1.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "top-bar 3.0.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "top-bar 3.0.5 Admin+.Stored.XSS LOW" "top-bar 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "thinkific-uploader No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "tabs-shortcode No.known.fix Contributor+.XSS.via.Shortcode MEDIUM" "tatsu 3.3.12 Unauthenticated.RCE CRITICAL" "tinymce-extended-config No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tarteaucitron-wp 0.3.0 Author+.Stored.XSS MEDIUM" "tarteaucitron-wp 0.3.0 Stored.XSS.via.CSRF HIGH" "twigify No.known.fix Vulnerable.Twig.Package MEDIUM" "ti-woocommerce-wishlist 2.9.2 Unauthenticated.Plugin.Setup.Wizard.Access HIGH" "ti-woocommerce-wishlist 2.9.1 Unauthenticated.SQL.Injection.via.lang.parameters HIGH" "ti-woocommerce-wishlist 2.9.0 Unauthenticated.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.7.0 Reflected.Cross-Site.Scripting MEDIUM" "ti-woocommerce-wishlist 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist 1.21.12 Authenticated.WP.Options.Change HIGH" "themeshark-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tidio-gallery No.known.fix .Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ticketsource-events 3.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-showcase-ultimate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 5.1 Reflected.Cross-Site.Scripting.via.envato_code[] MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.button.Shortcode MEDIUM" "td-composer 4.9 Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "td-composer 4.9 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "td-composer 4.2 Admin+.Stored.XSS LOW" "td-composer 4.2 Unauthenticated.Stored.XSS HIGH" "td-composer 4.0 Reflected.Cross-site.Scripting HIGH" "td-composer 3.5 Unauthenticated.Account.Takeover CRITICAL" "trustmate-io-integration-for-woocommerce 1.8.12 Subscriber+.Arbitrary.Plugin's.Settings.Update HIGH" "trustmate-io-integration-for-woocommerce 1.7.1 Subscriber+.Arbitrary.Blog.Option.Update HIGH" "tinymce-advanced-qtranslate-fix-editor-problems No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "track-the-click 0.3.12 Author+.Time-Based.Blind.SQL.Injection HIGH" "the-moneytizer 10.0.1 Cross-Site.Request.Forgery.via.multiple.AJAX.actions HIGH" "the-moneytizer 10.0.1 Missing.Authorization.via.multiple.AJAX.actions HIGH" "the-moneytizer 9.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-calendar No.known.fix Authenticated.(admin+).SQL.Injection HIGH" "timthumb-vulnerability-scanner No.known.fix Scan.Initialisation.via.CSRF MEDIUM" "themefuse-maintenance-mode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "top-comments No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "travelpayouts 1.1.17 Open.Redirect MEDIUM" "travelpayouts 1.1.13 Settings.Update.via.CSRF MEDIUM" "travelpayouts 1.1.14 Reflected.XSS HIGH" "travelpayouts 1.0.17 CSRF.Bypass.due.to.Outdated.Redux.Framework MEDIUM" "tripetto 8.0.10 Cross-Site.Request.Forgery.to.Arbitrary.Results.Deletion MEDIUM" "tripetto 8.0.10 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tripetto 8.0.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tripetto 8.0.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tripetto No.known.fix Unauthentiated.Stored.Cross-Site.Scripting.via.Form.File.Upload HIGH" "tripetto 7.0.1 Reflected.Cross-Site.Scripting MEDIUM" "tripetto 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "tripetto 5.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ts-comfort-database No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tracking-code-manager 2.4.0 Contributor+.Stored.XSS MEDIUM" "tracking-code-manager 2.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tracking-code-manager 2.3.0 Admin+.Stored.Cross-Site.Scripting LOW" "tracking-code-manager 2.1.0 Tracking.Code.Manager.<.2,1,0.-Admin+.Stored.Cross-Site.Scripting MEDIUM" "transients-manager 2.0.7 Cross-Site.Request.Forgery MEDIUM" "totalcontest-lite 2.9.0 Reflected.XSS HIGH" "thrive-visual-editor 2.6.7.4 Unauthenticated.Option.Update MEDIUM" "tk-event-weather No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-event-weather No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tripplan No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ts-tree No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "thrive-ultimatum 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "ttv-easy-embed-player 2.1.1 Admin+.Stored.XSS LOW" "transcoder 1.3.6 Cross-Site.Request.Forgery MEDIUM" "time-sheets 1.29.3 Admin+.Stored.XSS LOW" "time-sheets 1.5.2 Multiple.XSS MEDIUM" "tags-cloud-manager No.known.fix Reflected.XSS HIGH" "the-permalinker 1.9.0 Contributor+.Stored.XSS MEDIUM" "text-advertisements No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templatespare 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Update MEDIUM" "tc-ecommerce No.known.fix Unauthenticated.SQLi HIGH" "tc-ecommerce No.known.fix Password.Change/Account.Takeover/Privilege.Escalation CRITICAL" "torod 1.8 Missing.Authorization.to.Unauthenticated.Plugin.Settings.Update MEDIUM" "top-10 3.2.5 Admin+.Stored.XSS LOW" "top-10 3.2.3 Contributor+.Stored.XSS MEDIUM" "top-10 2.9.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "twitter-real-time-search-scrolling No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "thrive-comments 1.4.15.3 Unauthenticated.Option.Update MEDIUM" "tour-booking-manager 1.8.6 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.8 Missing.Authorization MEDIUM" "tour-booking-manager 1.7.2 Missing.Authorization.via.ttbm_new_place_save MEDIUM" "tour-booking-manager 1.6.1 Cross-Site.Request.Forgery MEDIUM" "twitter-friends-widget No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "thrive-dashboard 2.3.9.3 Unauthenticated.Option.Update MEDIUM" "total-team-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "table-maker No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "tiny-compress-images 3.4.4 Cross-Site.Request.Forgery MEDIUM" "tweet-wheel 1.0.3.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "telecash-ricaricaweb No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "tabbed 1.3.2 Accordion,.FAQ.<.1.3.2.-.Unauthenticated.AJAX.Calls CRITICAL" "tcd-google-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "travelers-map 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tajer No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "team-builder-for-wpbakery-page-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-builder-for-wpbakery-page-builder No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "third-party-cookie-eraser No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "toolbar-extras No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "taxonomy-filter 2.2.10 Settings.Update.via.CSRF MEDIUM" "thrive-clever-widgets 1.57.1 Unauthenticated.Option.Update MEDIUM" "tabs-responsive 2.2.8 Editor+.Stored.Cross-Site.Scripting LOW" "theasys No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "taggator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tk-smugmug-slideshow-shortcode No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_lp_export_xml MEDIUM" "tutor-lms-migration-tool No.known.fix Missing.Authorization.in.tutor_import_from_xml MEDIUM" "travel-light No.known.fix CSRF.Bypass MEDIUM" "token-login No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "tcs3 No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "team-section 1.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "two-factor-login-telegram 3.1 Two-Factor.Authentication.Bypass MEDIUM" "two-factor-login-telegram 3.1 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "timer-countdown No.known.fix Reflected.XSS HIGH" "tec-subscriber-addons No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tec-subscriber-addons 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "translation-pro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "the-post-grid 7.5.0 Editor+.Stored.XSS.via.Grid.Creation LOW" "the-post-grid 7.7.12 Authenticated.(Contributor+).Information.Disclosure MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.save_block_css MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.REST.API MEDIUM" "the-post-grid 7.7.5 Missing.Authorization.via.AJAX MEDIUM" "the-post-grid 7.7.2 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.section.title.tag MEDIUM" "the-post-grid 7.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-post-grid 7.7.0 Missing.Authorization MEDIUM" "the-post-grid 7.2.8 Block.CSS.Update.via.CSRF MEDIUM" "the-post-grid 5.0.5 Settings.Update.via.CSRF MEDIUM" "twitter-anywhere-plus No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "top-25-social-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "theme-blvd-responsive-google-maps No.known.fix Contributor+.XSS MEDIUM" "table-genie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "table-genie No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ticket-tailor 1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tcbd-popover No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tax-rate-upload No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tracked-tweets No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "tracked-tweets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "text-hover 4.2 Admin+.Stored.Cross-Site.Scripting. LOW" "turbo-widgets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "turbo-widgets No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "turbo-widgets No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "themify-ptb 2.1.4 Subscriber+.Arbitrary.Post/Page.Creation MEDIUM" "themify-ptb 2.1.1 Reflected.Cross-Site.Scripting HIGH" "teachpress 9.0.8 Authenticated.(Contributor+).SQL.Injection MEDIUM" "teachpress 9.0.6 Cross-Site.Request.Forgery.via.delete_database() MEDIUM" "teachpress 9.0.5 Cross-Site.Request.Forgery MEDIUM" "teachpress 9.0.3 Reflected.Cross-Site.Scripting HIGH" "teachpress 8.1.9 Reflected.Cross-Site.Scripting HIGH" "testimonial-free 2.6.0 Contributor+.Stored.XSS MEDIUM" "testimonial-free 2.1.7 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "themedy-toolbox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themedy-toolbox 1.0.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "tiny-carousel-horizontal-slider No.known.fix Admin+.Stored.XSS LOW" "turbosmtp 4.7 Reflected.Cross-Site.Scripting MEDIUM" "turbosmtp 4.7 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "tidy-up No.known.fix Cross-Site.Request.Forgery MEDIUM" "truenorth-srcset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "toggle-the-title No.known.fix XSS MEDIUM" "theme-options-z No.known.fix Cross-Site.Request.Forgery MEDIUM" "timeline-and-history-slider 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "t-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "tutor-pro 2.7.3 Missing.Authorization.to.Authenticated.(Subscriber+).Insecure.Direct.Object.Reference HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.Privilege.Escalation HIGH" "tutor-pro 2.7.1 Missing.Authorization.to.SQL.Injection HIGH" "tutor-pro 2.7.1 Missing.Authorization HIGH" "title-field-validation No.known.fix Unauthorised.AJAX.Calls HIGH" "tagesteller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "triberr-wordpress-plugin 4.1.2 Admin+.Stored.XSS LOW" "thoughtful-comments 0.3.6 Missing.Authorization LOW" "tweeple No.known.fix Reflected.XSS HIGH" "tailored-tools No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-junkie-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcodes MEDIUM" "templatesnext-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "templatesnext-toolkit No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "templatesnext-toolkit 3.2.9 Contributor+.Stored.XSS MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "templatesnext-toolkit 3.2.8 Contributor+.Stored.XSS MEDIUM" "total-donations No.known.fix Update.Arbitrary.WordPress.Option.Values CRITICAL" "telsender 1.14.12 Subscriber+.Settings.Update MEDIUM" "table-of-contents-plus 2411.1 Admin+.Stored.XSS LOW" "table-of-contents-plus 2411 Cross-Site.Request.Forgery MEDIUM" "table-of-contents-plus 2309 Settings.Update.via.CSRF MEDIUM" "table-of-contents-plus 2309 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "table-of-contents-plus 2212 Contributor+.Stored.XSS MEDIUM" "tiny-bar 2.1 Reflected.Cross-Site.Scripting MEDIUM" "thirstyaffiliates 3.10.5 Subscriber+.unauthorized.image.upload.+.CSRF LOW" "thirstyaffiliates 3.10.5 Subscriber+.Arbitrary.Affiliate.Links.Creation LOW" "thirstyaffiliates 3.9.3 Authenticated.Stored.XSS MEDIUM" "tree-website-map 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "tree-website-map 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "tidyro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "todo-custom-field No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tsb-occasion-editor No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "titan-framework No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "titan-framework 1.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tlp-team 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "tlp-team 4.4.2 Editor+.Stored.XSS LOW" "tlp-team 4.1.2 Subscriber+.Arbitrary.File.Read.and.Deletion CRITICAL" "tripay-payment-gateway 3.2.8 Admin+.Stored.XSS LOW" "tag-groups 2.0.5 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 2.0.4 Missing.Authorization.to.Information.Exposure MEDIUM" "tag-groups 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tag-groups 1.43.10.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "telephone-number-linker No.known.fix Contributor+.Stored.XSS MEDIUM" "tinymce-and-tinymce-advanced-professsional-formats-and-styles No.known.fix Cross-Site.Request.Forgery.via.bb_taps_backend_page MEDIUM" "training No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tpg-get-posts No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-file-duplicator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "theme-file-duplicator No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "templates-patterns-collection 1.2.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "themify-shortcodes 2.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.themify_button.Shortcode MEDIUM" "themify-shortcodes 2.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themify-shortcodes 2.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "theme-my-ontraport-smartform No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "track-geolocation-of-users-using-contact-form-7 2.1 Admin+.Stored.XSS LOW" "teaser-maker-standard No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "theme-blvd-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "telefication No.known.fix Open.Relay.&.Server-Side.Request.Forgery MEDIUM" "tc-custom-javascript 1.2.2 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tagembed-widget 5.9 Missing.Authorization MEDIUM" "tagembed-widget 4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "terraclassifieds No.known.fix TerraClassifieds.<=.2,0,3.Unauthenticated.Arbitrary.File.Upload CRITICAL" "terraclassifieds No.known.fix Cross-Site.Request.Forgery HIGH" "tippy No.known.fix Contributor+.Stored.XSS MEDIUM" "themify-wc-product-filter 1.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "themify-wc-product-filter 1.5.0 WooCommerce.Product.Filter.<.1.5.0.-.Unauthenticated.SQL.Injection.via.conditions.Parameter CRITICAL" "themify-wc-product-filter 1.4.4 Reflected.XSS HIGH" "themify-wc-product-filter 1.4.4 Filter.Deletion.via.CSRF MEDIUM" "themify-wc-product-filter 1.4.4 Admin+.Stored.XSS LOW" "themify-wc-product-filter 1.3.8 WooCommerce.Product.Filter.<.1.3.8.-.Reflected.Cross-Site.Scripting MEDIUM" "toast-stick-anything No.known.fix Missing.Authorization HIGH" "toast-stick-anything No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "theme-switcha 3.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "templatesnext-onepager No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial 2.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "typofr No.known.fix Reflected.Cross-Site.Scripting HIGH" "testimonial-widgets 1.4.4 Authenticated.(Contributor+).SQL.Injection HIGH" "testimonial-widgets 1.4.3 Widget.Deletion.via.CSRF MEDIUM" "twentyfourth-wp-scraper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twentyfourth-wp-scraper No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "this-day-in-history No.known.fix Unauthenticated.Reflected.XSS HIGH" "th23-social No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "thrive-quiz-builder 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-bootstrap-collapse-aka-accordian-shortcode No.known.fix Stored.XSS.via.Shortcode HIGH" "timber-library 1.23.1 Authenticated.(Admin+).PHP.Object.Injection HIGH" "thrive-automator 1.17.1 Cross-Site.Request.Forgery MEDIUM" "tipsacarrier 1.5.0.5 Unauthenticated.SQLi HIGH" "tipsacarrier 1.5.0.5 Unauthenticated.Orders.Disclosure MEDIUM" "titan-labs-security-audit No.known.fix Admin+.Stored.Cross.Site.Scripting LOW" "teamleader-form-integration 2.1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "tecslider 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "tecslider 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tabs-maker No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-awesome No.known.fix Author+.Stored.Cross-Site.Scripting LOW" "translatepress-multilingual 2.3.3 Admin+.SQLi MEDIUM" "translatepress-multilingual 2.0.9 Authenticated.Stored.Cross-Site.Scripting LOW" "to-top 2.3 Unauthorised.Plugin's.Setting.Change MEDIUM" "themify-audio-dock 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "threepress 1.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tooltip-ck No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "tubepressnet No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "talkback-secure-linkback-protocol No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "total-security 3.4.1 XSS.&.Settings.Change MEDIUM" "tlp-portfolio 2.8.11 WordPress.Portfolio.<.2.8.11.-.Contributor+.Stored.XSS MEDIUM" "typea-ftc-disclosure No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "typea-ftc-disclosure No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "tori-ajax No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 4.0.8 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 4.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Missing.Authorization MEDIUM" "the-plus-addons-for-block-editor 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "tabs-for-visual-composer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theperfectweddingnl-widget 2.9 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "templately 3.1.6 Missing.Authorization MEDIUM" "templately 3.1.6 Missing.Authorization.via.AJAX.actions MEDIUM" "templately 3.1.3 Missing.Authorization MEDIUM" "templately 2.2.6 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "twchat No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "twchat 3.1.5 Admin+.Local.File.Inclusion LOW" "twchat 3.1.5 Multiple.CSRF MEDIUM" "timeline-designer No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "tiempocom No.known.fix Shortcode.Deletion.via.CSRF MEDIUM" "tiempocom No.known.fix Stored.XSS.via.CSRF HIGH" "tiempocom No.known.fix Reflected.XSS HIGH" "taeggie-feed 0.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonial-slider-shortcode 1.1.9 Contributor+.Stored.XSS MEDIUM" "ti-woocommerce-wishlist-premium 1.40.1 Unauthenticated.Blind.SQL.Injection HIGH" "ti-woocommerce-wishlist-premium 1.21.5 Authenticated.WP.Options.Change HIGH" "top-flash-embed No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "timeline-for-beaver-builder 1.1.4 Editor+.Stored.XSS LOW" "testimonials No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "the-sorter No.known.fix Authenticated.SQL.Injection MEDIUM" "thumbs-rating No.known.fix Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "teleadmin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "timeline-pro 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[placeholder] MEDIUM" "total-cost-input-for-woocommerce 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "timeline-event-history 3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "tiny-carousel-horizontal-slider-plus No.known.fix Admin+.Stored.XSS MEDIUM" "testimonials-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "testimonials-widget No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.testimonials.Shortcode MEDIUM" "testimonials-widget 4.0.0 Multiple.Authenticated.Stored.XSS MEDIUM" "track-logins No.known.fix Admin+.SQL.Injection MEDIUM" "tera-charts No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "tribute-testimonial-gridslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "truebooker-appointment-booking 1.0.3 Settings.Update.via.CSRF MEDIUM" "truebooker-appointment-booking 1.0.3 Multiple.Unauthenticated.SQLi HIGH" "themereps-helper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Settings.Update.via.Authorization.Bypass MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Admin+.SQL.Injection MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Subscriber+.Unauthorised.Calls MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Unauthenticated.Settings.Change MEDIUM" "transposh-translation-filter-for-wordpress No.known.fix Usernames.Disclosure MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Admin+.RCE MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 CSRF.to.Stored.XSS HIGH" "transposh-translation-filter-for-wordpress 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "transposh-translation-filter-for-wordpress 1.0.8 Stored.Cross-Site.Scripting MEDIUM" "tabs-with-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tabs-with-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "timeslot 1.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.7 User.Registration.Setting.Bypass.to.Unauthorized.User.Registration MEDIUM" "tutor 2.7.7 Unauthenticated.SQL.Injection.via.rating_filter HIGH" "tutor 2.7.5 Cross-Site.Request.Forgery.via.'addon_enable_disable' MEDIUM" "tutor 2.7.3 Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.4 Authenticated.(Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.4 Missing.Authorization MEDIUM" "tutor 2.7.3 Cross-Site.Request.Forgery MEDIUM" "tutor 2.7.3 Authenticated.(Tutor.Instructor+).Stored.Cross-Site.Scripting MEDIUM" "tutor 2.7.2 Authenticated.(Admin+).Path.Traversal LOW" "tutor 2.7.2 Tutor.LMS.–.eLearning.and.online.course.solution.<.2,7,2.-Authenticated.(Administrator+).SQL.Injection HIGH" "tutor 2.7.2 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Quiz.Attempt.Deletion MEDIUM" "tutor 2.7.1 Authenticated.(Instructor+).SQL.Injection HIGH" "tutor 2.7.1 Authenticated.(Instructor+).Insecure.Direct.Object.Reference.to.Arbitrary.Course.Deletion MEDIUM" "tutor 2.7.1 Missing.Authorization CRITICAL" "tutor 2.7.0 Missing.Authorization.to.Unauthenticated.Limited.Options.Update MEDIUM" "tutor 2.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'tutor_instructor_list'.Shortcode MEDIUM" "tutor 2.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion MEDIUM" "tutor 2.6.2 Cross-Site.Request.Forgery.to.Plugin.Deactivation.and.Data.Erase MEDIUM" "tutor 2.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "tutor 2.6.1 Missing.Authorization MEDIUM" "tutor 2.6.1 Student+.HTML.Injection.via.Q&A MEDIUM" "tutor 2.3.0 Admin+.Stored.XSS LOW" "tutor 2.3.0 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 2.2.1 Unauthenticated.Access.to.Tutor.LMS.Lesson.Resources.via.REST.API MEDIUM" "tutor 2.2.1 Student+.SQL.Injection HIGH" "tutor 2.2.0 Instructor+.SQL.Injection MEDIUM" "tutor 2.2.0 Unauthenticate.SQL.Injection HIGH" "tutor 2.0.10 Reflected.Cross-Site.Scripting HIGH" "tutor 2.0.10 Admin+.Stored.Cross-Site.Scripting LOW" "tutor 2.0.9 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.13 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.12 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.12 Subscriber+.Stored.Cross-Site.Scripting HIGH" "tutor 1.9.11 Reflected.Cross-Site.Scripting MEDIUM" "tutor 1.9.9 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "tutor 1.9.6 Reflected.Cross-Site.Scripting HIGH" "tutor 1.9.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tutor 1.8.8 Authenticated.Local.File.Inclusion MEDIUM" "tutor 1.7.7 Unprotected.AJAX.including.Privilege.Escalation HIGH" "tutor 1.8.3 SQL.Injection.via.tutor_answering_quiz_question/get_answer_by_id MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_mark_answer_as_correct MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_question_form MEDIUM" "tutor 1.7.7 SQL.Injection.via.tutor_place_rating MEDIUM" "tutor 1.8.3 SQL.Injection.via.tutor_quiz_builder_get_answers_by_question MEDIUM" "tutor 1.5.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "tiger-form 2.1.0 Reflected.XSS HIGH" "treepress 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "treepress 3.0.0 Admin+.Stored.Cross-Site.Scripting LOW" "treepress 2.0.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "timeline-widget-addon-for-elementor 1.5.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "twitter-follow 0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.username.Parameter MEDIUM" "tinymce-custom-styles 1.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "tinymce-custom-styles 1.1.3 Admin+.Stored.XSS LOW" "themify-portfolio-post 1.2.5 Editor+.Stored.XSS LOW" "themify-portfolio-post 1.2.2 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.2.1 Contributor+.Stored.XSS MEDIUM" "themify-portfolio-post 1.1.7 Reflected.Cross-Site.Scripting MEDIUM" "themify-portfolio-post 1.1.6 Authenticated.Stored.Cross-Site.Scripting HIGH" "theme-my-login 7.1.8 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "theme-my-login 7.1.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "thesography No.known.fix Admin+.Stored.XSS LOW" "tabs-shortcode-and-widget No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "twitter-plugin 2.55 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "toolbar-to-share No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "targetfirst-wordpress-plugin 1.0 Unauthenticated.Stored.XSS.via.Licence.Key HIGH" "themify-builder 7.6.6 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "themify-builder 7.6.6 Contributor+.Stored.XSS MEDIUM" "themify-builder 7.6.3 Reflected.Cross-Site.Scripting MEDIUM" "themify-builder 7.6.2 Missing.Authorization.to.Authenticated.(Contributor+).Post.Duplication MEDIUM" "themify-builder 7.5.8 Open.Redirect MEDIUM" "themify-builder 7.0.6 Cross-Site.Request.Forgery MEDIUM" "themify-builder 5.3.2 Reflected.Cross-Site.Scripting HIGH" "taskbuilder 3.0.7 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "taskbuilder 3.0.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wppm_tasks.Shortcode MEDIUM" "taskbuilder 3.0.5 Admin+.SQL.Injection MEDIUM" "taskbuilder 3.0.9 Admin+.SQL.Injection MEDIUM" "taskbuilder 1.0.8 Subscriber+.Stored.XSS.via.SVG.file.upload MEDIUM" "terms-descriptions 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "terms-descriptions 2.4.8 Admin+.Stored.XSS LOW" "terms-descriptions 3.4.5 Reflected.XSS HIGH" "translation-exchange No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "typer-core No.known.fix Authenticated.(Contributor+).Post.Disclosure MEDIUM" "tr-easy-google-analytics No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "twitter-cards-meta 2.5.0 CSRF.and.XSS HIGH" "throws-spam-away 3.3.1 Comment.Deletion.via.CSRF MEDIUM" "testimonial-add 3.5.8.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "timetics 1.0.28 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.28.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Deletion MEDIUM" "timetics 1.0.26 AI-powered.Appointment.Booking.Calendar.and.Online.Scheduling.Plugin.<.1.0.26.-.Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.User.Password/Email.Reset/Account.Takeover CRITICAL" "timetics 1.0.24 Authorization.Bypass MEDIUM" "timetics 1.0.22 AI-powered.Appointment.Booking.with.Visual.Seat.Plan.and.ultimate.Calendar.Scheduling.Plugin.<.1.0.22.-.Missing.Authorization.to.Limited.Privilege.Escalation HIGH" "tweetscroll-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tedwp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tedwp 0.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tlp-food-menu 5.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "testimonials-carousel-elementor 10.2.3 Contributor+.Stored.XSS MEDIUM" "testimonials-carousel-elementor 10.2.1 Missing.Authorization.to.Limited.Setting.Update MEDIUM" "testimonials-carousel-elementor 10.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ts-webfonts-for-conoha 2.0.4 Admin+.Stored.XSS LOW" "traffic-manager No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "traffic-manager No.known.fix Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "tumult-hype-animations 1.9.16 Authenticated.(Author+).Arbitrary.File.Upload.via.hypeanimations_panel.Function CRITICAL" "tumult-hype-animations 1.9.15 Missing.Authorization MEDIUM" "tumult-hype-animations 1.9.12 Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "tumult-hype-animations 1.9.13 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "temp-mail 1.0.1 Reflected.Cross-Site.Scripting MEDIUM" "texteller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "two-factor-authentication 1.3.13 Disable.Two.Factor.Authentication.CSRF HIGH" "two-factor-authentication 1.1.10 XSS MEDIUM" "timely-booking-button No.known.fix Admin+.Stored.XSS LOW" "themify-icons 2.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tangible-loops-and-logic 4.1.5 Reflected.Cross-Site.Scripting MEDIUM" "the-buffer-button No.known.fix Authenticated.Stored.Cross.Site.Scripting.(XSS) MEDIUM" "testimonial-builder 1.6.2 Editor+.Stored.Cross-Site.Scripting LOW" "testimonial-builder 1.6.0 Admin+.Stored.Cross-Site.Scripting LOW" "table-of-contents No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "torro-forms No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "thrive-apprentice 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "tags-to-meta-keywords 1.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-site.Scripting MEDIUM" "term-and-category-based-posts-widget 4.9.13 Admin+.Stored.XSS LOW" "ttt-crop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-very-simple-vimeo-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.2.2 Contributor+.Information.Exposure LOW" "themesflat-addons-for-elementor 2.2.2 Contributor+.Stored.XSS MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Widget.Tags MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.URLs MEDIUM" "themesflat-addons-for-elementor 2.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.in.Multiple.Widgets MEDIUM" "themesflat-addons-for-elementor 2.1.3 Contributor+.Stored.XSS.via.Widget.Titles MEDIUM" "tuxedo-big-file-uploads 2.1.3 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "tuxedo-big-file-uploads 2.1.2 Cross-Site.Request.Forgery.via.actions MEDIUM" "tcbd-auto-refresher No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-holiday-calendar 1.11.3 Cross-Site.Scripting.(XSS) MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 6.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 6.0.4 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.12 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.content_template MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Missing.Authorization MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget.Settings MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Video.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.TP.Page.Scroll.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.6.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.via.Hover.Card.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.3 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.5 Contributor+.Stored.XSS.in.Widgets MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Age.Gate MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-plus-addons-for-elementor-page-builder 5.5.0 Contributor+.Stored.Cross-Site.Scripting.via.Countdown.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.2 Contributor+.LFI MEDIUM" "the-plus-addons-for-elementor-page-builder 5.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.Header.Meta.Content.Widget MEDIUM" "the-plus-addons-for-elementor-page-builder 5.3.4 Contributor+.Stored.XSS MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Privilege.Escalation HIGH" "the-plus-addons-for-elementor-page-builder 2.0.7 Contributor+.Arbitrary.File.Access MEDIUM" "the-plus-addons-for-elementor-page-builder 2.0.6 Contributor+.Stored.XSS MEDIUM" "tier-pricing-table 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "tier-pricing-table 2.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tagregator No.known.fix Stored.XSS MEDIUM" "the-loops No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "template-kit-import 1.0.15 Author+.Stored.XSS MEDIUM" "tcbd-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "transbank-webpay-plus-rest 1.6.7 Admin+.SQLi MEDIUM" "tourfic 2.15.4 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "tourfic 2.15.4 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tourfic 2.11.21 Cross-Site.Request.Forgery.in.Multiple.Functions MEDIUM" "tourfic 2.11.8 Reflected.Cross-Site.Scripting MEDIUM" "tourfic 2.11.16 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "tourfic 2.11.19 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "tourfic 2.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "theme-demo-import 1.1.1 Admin+.Arbitrary.File.Upload MEDIUM" "tweet-old-post 9.0.11 PHP.Object.Injection LOW" "typebot 3.6.1 Contributor+.Stored.XSS MEDIUM" "typebot 1.4.3 Admin+.Stored.Cross.Site.Scripting LOW" "tx-onepager No.known.fix Admin+.SQLi MEDIUM" "tm-woocommerce-compare-wishlist No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "task-manager-pro 3.6.34 Follower+.SQLi HIGH" "task-manager-pro 3.6.34 Multiple.Cross-Site.Scripting MEDIUM" "turn-off-comments-for-all-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tournamatch 4.6.1 Subscriber+.Stored.XSS HIGH" "tournamatch 4.6.1 Admin+.Stored.XSS.via.Ladders LOW" "thrive-ovation 2.4.5 Unauthenticated.Option.Update MEDIUM" "tour-operator 2.0.0 Author+.Stored.XSS.via.SVG.File.Upload MEDIUM" "tabulate No.known.fix Reflected.XSS HIGH" "tamara-checkout 1.9.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tradedoubler-affiliate-tracker 2.0.22 Unauthenticated.LFI HIGH" "tainacan 0.21.13 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.11 Reflected.Cross-Site.Scripting MEDIUM" "tainacan 0.21.9 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "tainacan 0.21.8 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "tainacan 0.21.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "tainacan 0.21.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tainacan 0.20.8 Missing.Authorization MEDIUM" "tainacan 0.20.7 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tainacan 0.20.5 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.34 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "tablesome 1.0.26 Cross-Site.Request.Forgery MEDIUM" "tablesome 1.0.28 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.15 Reflected.Cross-Site.Scripting MEDIUM" "tablesome 1.0.9 Reflected.XSS MEDIUM" "tablesome 0.6.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "thrive-leads 2.3.9.4 Unauthenticated.Option.Update MEDIUM" "themify-event-post 1.2.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "tida-url-screenshot 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "thim-elementor-kit 1.2.9 Missing.Authorization MEDIUM" "thim-elementor-kit 1.2.9.1 Contributor+.Stored.XSS MEDIUM" "thim-elementor-kit 1.1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "thim-elementor-kit 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tochat-be 1.3.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "twitter-posts No.known.fix Settings.Update.via.CSRF MEDIUM" "transfinanz No.known.fix Reflected.XSS HIGH" "tp-education 4.5 Contributor+.Stored.XSS MEDIUM" "theatre 0.18.7 Reflected.Cross-Site.Scripting MEDIUM" "theatre 0.18.4 Admin+.Stored.XSS LOW" "tune-library 1.5.5 SQL.Injection HIGH" "tilda-publishing 0.3.24 Subscriber+.Unauthorised.Action MEDIUM" "twitter-shortcode No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "traveler-layout-essential-for-elementor 1.4 Unauthenticated.Server-Side.Request.Forgery HIGH" "themeisle-companion 2.10.45 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "themeisle-companion 2.10.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.37 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "themeisle-companion 2.10.35 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Services.and.Post.Type.Grid.Widgets MEDIUM" "themeisle-companion 2.10.33 Authenticated.(Contributor+).Stored.Cross-Site.Scripiting.via.Registration.Form.Widget MEDIUM" "themeisle-companion 2.10.32 Contributor+.Stored.XSS.via.Post.Type.Grid.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Pricing.Table.Widget MEDIUM" "themeisle-companion 2.10.31 Contributor+.Stored.XSS.via.Form.Widget MEDIUM" "themeisle-companion 2.10.30 Connected.API.Keys.Update.via.CSRF MEDIUM" "themeisle-companion 2.10.29 Unauthenticated.Connected.API.Keys.Update MEDIUM" "themeisle-companion 2.10.28 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.27 Contributor+.Stored.XSS MEDIUM" "themeisle-companion 2.10.24 Author+.Server-Side.Request.Forgery MEDIUM" "themeisle-companion 2.10.3 Authenticated.Stored.Cross.Site.Scripting MEDIUM" "themeisle-companion 2.10.3 Authenticated.Privilege.Escalation CRITICAL" "twittee-text-tweet No.known.fix Reflected.XSS HIGH" "team-118group-agent No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "team-display No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "themes4wp-youtube-external-subtitles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.12 Missing.Authorization.to.Font.Deletion MEDIUM" "tk-google-fonts 2.2.11 Reflected.Cross-Site.Scripting MEDIUM" "tk-google-fonts 2.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tube-video-ads-lite No.known.fix Reflected.XSS HIGH" "target-notifications No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "telegram-bot No.known.fix Cross-Site.Request.Forgery MEDIUM" "telegram-bot 3.6.3 Admin+.Stored.XSS LOW" "the-pack-addon 2.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.1.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.9 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "the-pack-addon 2.0.8.7 Authenticated.(contributor+).Local.File.Inclusion HIGH" "the-pack-addon 2.0.8.3 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "the-pack-addon 2.0.8.4 Reflected.Cross-Site.Scripting MEDIUM" "timeline-block-block 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tt-custom-post-type-creator No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "trustist-reviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "trackship-for-woocommerce 1.7.6 Missing.Authorization MEDIUM" "trash-duplicate-and-301-redirect No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion HIGH" "twitterpost No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "tinymce-annotate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "tinymce-annotate No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "tourmaster 5.3.8 Tour.Booking,.Travel,.Hotel.<.5.3.8.-.Authenticated.(Subscriber+).SQL.Injection.via.review_id.Parameter MEDIUM" "tourmaster 5.3.5 Reflected.XSS HIGH" "tourmaster 5.3.4 Unauthenticated.Stored.XSS.via.Room.Booking HIGH" "twitter-news-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "theme-tweaker-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "taxonomy-discounts-woocommerce 5.2 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "th-variation-swatches 1.3.3 1.3.2.-.Cross-Site.Request.Forgery.to.Plugin.Settings.Reset MEDIUM" "transition-slider-lite No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "timed-content 2.73 Contributor+.Stored.XSS MEDIUM" "textboxes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "trustmary 1.0.10 Contributor+.Stored.XSS MEDIUM" "tigris-flexplatform No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tiny-contact-form No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "team-members 5.3.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team-members 5.3.2 Author+.Stored.XSS MEDIUM" "team-members 5.2.1 Editor+.Stored.XSS LOW" "team-members 5.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "team-members 5.0.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "themify-ptb-search 1.4.0 Post.Type.Builder.Search.Addon.<.1.4.0.-.Reflected.Cross-Site.Scripting MEDIUM" "termin-kalender 1.00.04 Missing.Authorization.to.Authenticated.(Subscriber+) MEDIUM" "transportersio 2.1.2 Stored.XSS.via.CSRF HIGH" "theme-editor 2.9 Authenticated.(Admin+).PHAR.Deserialization HIGH" "theme-editor 2.8 Admin+.Arbitrary.File.Upload HIGH" "theme-editor 2.6 Authenticated.Arbitrary.File.Download MEDIUM" "theme-editor 2.2 Multiple.Vulnerabilities CRITICAL" "tranzly No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tranzly 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "trademe-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ts-webfonts-for-sakura 3.1.1 Admin+.Stored.Cross-Site.Scripting LOW" "ts-webfonts-for-sakura 3.1.3 Font.Settings.Change.via.CSRF MEDIUM" "ts-webfonts-for-sakura 3.1.3 Font.Type.Settings.Change.via.CSRF MEDIUM" "track-page-scroll No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "taboola 2.0.2 CSRF MEDIUM" "team 1.22.26 Reflected.Cross-Site.Scripting HIGH" "team 1.22.24 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "team 1.22.16 PHP.Object.Injection HIGH" "team 1.22.16 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "tinycode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "time-clock-pro 1.1.5 Unauthenticated.(Limited).Remote.Code.Execution HIGH" "upfiv-complete-all-in-one-seo-wizard No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "upfiv-complete-all-in-one-seo-wizard No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-sms-notifications 1.9.9.6 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-sms-notifications 1.8.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-sms-notifications 1.4.2 CSV.Injection MEDIUM" "user-meta-shortcodes No.known.fix Contributor+.Unauthorized.Arbitrary.User.Metadata.Access HIGH" "ubigeo-peru 3.6.4 Unauthenticated.SQLi HIGH" "ultimate-maps-by-supsystic 1.2.17 Cross-Site.Request.Forgery MEDIUM" "ultimate-maps-by-supsystic 1.2.16 .Admin+.Stored.XSS LOW" "ultimate-maps-by-supsystic 1.2.5 Reflected.Cross-Site.scripting.(XSS) HIGH" "ultimate-maps-by-supsystic 1.1.17 Authenticated.SQL.Injections CRITICAL" "user-files No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "uleak-security-dashboard No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "user-activity No.known.fix IP.Spoofing MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-contact-form-7 3.2.11 Missing.Authorization MEDIUM" "ultimate-addons-for-contact-form-7 3.2.1 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Reflected.XSS HIGH" "ultimate-addons-for-contact-form-7 3.1.29 Admin+.Stored.XSS LOW" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQL.Injection HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Subscriber+.SQLi HIGH" "ultimate-addons-for-contact-form-7 3.1.24 Unauthenticated.SQLi HIGH" "ultra-elementor-addons No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-social-media-plus 3.6.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "ultimate-social-media-plus 3.5.8 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-plus 3.5.8 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-plus 3.2.8 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-social-media-plus 3.0.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "uncode-core 2.9.1.7 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution.in.uncode_get_medias MEDIUM" "uncode-core 2.8.7 Reflected.Cross-Site.Scripting MEDIUM" "uncode-core 2.8.9 Privilege.Escalation HIGH" "uncode-core 2.8.9 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "ultimate-events No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ut-elementor-addons-lite No.known.fix Authenticated.(Contributor+).Restricted.Post.Disclosure MEDIUM" "ultimate-carousel-for-visual-composer No.known.fix Contributor+.Stored.XSS MEDIUM" "utm-tracker No.known.fix Admin+.Stored.XSS LOW" "ultimate-downloadable-products-for-woocommerce 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "uix-slideshow 1.6.6 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "ultimate-responsive-image-slider 3.5.12 Ultimate.Responsive.Image.Slider.<.3.5.12.-.Subscriber+.Arbitrary.Post.Access MEDIUM" "uncanny-automator-pro 5.3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-automator-pro 5.3.0.1 Missing.Authorization.to.Unauthenticated.License.Setting.Reset MEDIUM" "uncanny-automator-pro 5.3.0.1 Cross-Site.Request.Forgery.to.License.Setting.Reset MEDIUM" "universam-demo 8.59 Reflected.Cross-Site.Scripting MEDIUM" "ukrainian-currency No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-shortcodes-plus No.known.fix Insecure.Direct.Object.Reference.to.Authenticated.(Contributor+).Sensitive.Information.Disclosure.via.user_meta.Shortcode MEDIUM" "uni-woo-custom-product-options 4.9.27 Reflected.Cross-Site.Scripting MEDIUM" "uni-woo-custom-product-options 4.9.14 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "url-params 2.5 Contributor+.Stored.XSS MEDIUM" "uploadcare 3.1.0 Cross-Site.Request.Forgery MEDIUM" "user-registration 4.1.0 Reflected.Cross-Site.Scripting MEDIUM" "user-registration 3.2.1 Missing.Authorization.to.Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-registration 3.2.0 Missing.Authorization.to.Unauthenticated.Media.Deletion MEDIUM" "user-registration 3.1.5 Unauthenticated.Stored.Self-Based.Cross-Site.Scripting MEDIUM" "user-registration 3.0.4.2 Admin+.Stored.XSS LOW" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload.Leading.to.RCE CRITICAL" "user-registration 3.0.2.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 3.0.2 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.3 Subscriber+.PHP.Object.Injection HIGH" "user-registration 2.3.1 Admin+.Stored.XSS LOW" "user-registration 2.2.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "user-registration 2.0.2 Low.Privilege.Stored.Cross-Site.Scripting MEDIUM" "ultimate-posts-widget 2.3.1 Admin+.Stored.XSS LOW" "ultimate-posts-widget 2.2.5 Subscriber+.Plugin.Installation MEDIUM" "ultimate-posts-widget 2.2.5 Plugin.Installation.via.CSRF MEDIUM" "ultimate-flipbox-addon-for-elementor 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-custom-scrollbar 1.2 Reflected.Cross-Site.Scripting MEDIUM" "usersnap 4.17 Admin+.Stored.XSS LOW" "upload-file-type-settings-plugin No.known.fix Admin+.Stored.XSS LOW" "userpro No.known.fix Missing.Authorization MEDIUM" "userpro No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "userpro No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "userpro No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "userpro 5.1.9 Unauthenticated.Account.Takeover.to.Privilege.Escalation CRITICAL" "userpro 5.1.7 Disabled.Membership.Registration.Bypass MEDIUM" "userpro 5.1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userpro 5.1.2 Insecure.Password.Reset.Mechanism CRITICAL" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Sensitive.Information.Exposure MEDIUM" "userpro 5.1.2 Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "userpro 5.1.2 Missing.Authorization.via.multiple.functions HIGH" "userpro 5.1.5 Missing.Authorization.to.Arbitrary.Shortcode.Execution.via.userpro_shortcode_template MEDIUM" "userpro 5.1.2 Authentication.Bypass.to.Administrator CRITICAL" "userpro 5.1.5 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "userpro 5.1.2 Sensitive.Information.Disclosure.via.Shortcode MEDIUM" "userpro 5.1.1 Cross-Site.Request.Forgery.to.PHP.Object.Injection HIGH" "userpro 5.1.2 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "userpro 5.1.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting.via.userpro_save_userdata MEDIUM" "userpro 4.9.35.1 Unauthenticated.Reflected.XSS MEDIUM" "userpro 4.9.28 User.Registration.With.Administrator.Role MEDIUM" "userpro 4.9.24 Unauthenticated.Cross-Site.Scripting.(XSS) CRITICAL" "ua-marketplace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ua-marketplace 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-facebook-comments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "utech-spinning-earth No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "uji-popup No.known.fix Contributor+.Stored.XSS MEDIUM" "user-access-manager 2.2.18 IP.Spoofing LOW" "user-access-manager 2.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "ubermenu 3.8.4 Cross-Site.Request.Forgery.to.Settings.Reset HIGH" "ubermenu 3.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "useful-banner-manager No.known.fix Modify.banners.via.CSRF MEDIUM" "ukuupeople-the-simple-crm No.known.fix Unauthorised.Favourite.Addition/Deletion MEDIUM" "ultimeter 2.8.3 Reflected.Cross-Site.Scripting MEDIUM" "ultimeter 2.7.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimeter 1.9.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "ultimate-form-builder-lite 1.5.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultimate-form-builder-lite 1.3.8 Multiple.Vulnerabilities CRITICAL" "uniconsent-cmp 1.4.4 Admin+.Stored.XSS LOW" "use-memcached No.known.fix Settings.Update.via.CSRF MEDIUM" "ultimate-author-box-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultimatewoo No.known.fix PHP.Object.Injection MEDIUM" "user-avatar-reloaded 1.2.2 Reloaded.<.1.2.2.-.Contributor+.Stored.XSS MEDIUM" "urdu-formatter-shamil No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post-kit 3.11.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Social.Count.(Static).Widget MEDIUM" "ultimate-post-kit 3.6.4 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-post-kit 2.9.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-roles No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ui-slider-filter-by-price No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ui-slider-filter-by-price No.known.fix Cross-Site.Request.Forgery MEDIUM" "underconstruction 1.22 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "underconstruction 1.20 Construction.Mode.Deactivation.via.CSRF MEDIUM" "underconstruction 1.21 Admin+.Stored.Cross-Site.Scripting LOW" "underconstruction 1.19 Reflected.Cross-Site.Scripting HIGH" "urvanov-syntax-highlighter 2.8.34 Highlighting.Blocks.Mgt.via.CSRF MEDIUM" "uninstall No.known.fix WordPress.Deletion.via.CSRF HIGH" "uix-page-builder 1.7.5 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-dashboard 3.7.12 Admin+.Stored.XSS LOW" "ultimate-dashboard 3.7.11 Login.Page.Disclosure.on.Multi-site MEDIUM" "ultimate-dashboard 3.7.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.plugin.settings MEDIUM" "ultimate-dashboard 3.7.6 Admin+.Stored.XSS LOW" "user-magic No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-classified-listings 1.5 Ultimate.Classified.Listings.<.1,5.Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.Title.Parameter MEDIUM" "ultimate-classified-listings No.known.fix Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "ultimate-classified-listings No.known.fix Subscriber+.Stored.XSS HIGH" "ultimate-classified-listings No.known.fix Contributor+.Local.File.Inclusion HIGH" "ultimate-classified-listings 1.4 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Reflected.XSS HIGH" "ultimate-classified-listings 1.3 Unauthenticated.LFI HIGH" "universal-email-preference-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "under-construction-page 3.97 Multiple.CSRF MEDIUM" "under-construction-page 3.86 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "userplus No.known.fix Privilege.Escalation CRITICAL" "userplus No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "userplus No.known.fix Editor+.Registration.Form.Update.to.Privilege.Escalation HIGH" "userplus No.known.fix Missing.Authorization.via.Multiple.Functions MEDIUM" "userplus No.known.fix Stored.XSS.via.CSRF HIGH" "ucat-next-story No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-activity-tracking-and-log 4.1.4 IP.Spoofing MEDIUM" "user-activity-tracking-and-log 4.0.9 License.Update/Deactivation.via.CSRF MEDIUM" "user-submitted-posts 20240516 Admin+.Stored.XSS LOW" "user-submitted-posts 20230914 Unauthenticated.Arbitrary.File.Upload CRITICAL" "user-submitted-posts 20230902 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "user-submitted-posts 20230901 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "user-submitted-posts 20230811 Unauthenticated.Stored.XSS HIGH" "user-submitted-posts 20190501 Arbitrary.File.Upload MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.4.7 Authenticated.(Contributor+).Sensitive.Information.Exposure MEDIUM" "ultimate-bootstrap-elements-for-elementor 1.4.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.4.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "ultimate-bootstrap-elements-for-elementor 1.3.7 Contributor+.Stored.XSS MEDIUM" "user-drop-down-roles-in-registration No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "users-ultra No.known.fix Unauthenticated.SQL.Injection HIGH" "users-ultra 1.5.64 Authenticated.Blind.SQL.Injection HIGH" "users-ultra 1.5.63 Authenticated.Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "users-ultra 1.5.59 Unrestricted.File.Upload HIGH" "user-referral-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-list No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "uipress-lite 3.5.05 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "uipress-lite 3.4.07 Authenticated.(Administrator+).SQL.Injection CRITICAL" "user-toolkit 1.2.4 Authenticated.(Subscriber+).Authentication.Bypass HIGH" "user-export-with-their-meta-data No.known.fix Subscriber+.CSV.Injection LOW" "user-export-with-their-meta-data 0.6.5 Admin+.SQLi MEDIUM" "ucontext-for-amazon No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "universal-analytics-injector No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "userlike 2.3 Admin+.Stored.Cross-Site.Scripting LOW" "ultimate-accordion No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-elementor 1.36.32 Authenticated.(Contributor+).Privilege.Escalation HIGH" "ultimate-elementor 1.30.0 Contributor+.Stored.XSS MEDIUM" "ultimate-elementor 1.24.2 Registration.Bypass HIGH" "ultimate-elementor 1.20.1 Authentication.Bypass CRITICAL" "ultimate-popup-creator No.known.fix Unauthenticated.SQL.Injection HIGH" "ultimate-popup-creator No.known.fix Missing.Authorization.to.Unauthenticated.DB.Table.Truncation MEDIUM" "unlock-addons-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "unilevel-mlm-plan No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "user-avatar 1.4.12 Reflected.XSS HIGH" "uncomplicated-seo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ux-flat 4.5 Contributor+.Stored.XSS MEDIUM" "unlimited-elements-for-elementor 1.5.141 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Transparent.Split.Hero.Widget MEDIUM" "unlimited-elements-for-elementor 1.5.136 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "unlimited-elements-for-elementor 1.5.127 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.122 Authenticated.(Editor+).Remote.Code.Execution HIGH" "unlimited-elements-for-elementor 1.5.122 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.113 IP.Address.Spoofing.to.Antispam.Bypass MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'email' MEDIUM" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Time-Based.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.113 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'username' MEDIUM" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Blind.SQL.Injection.via.data[addonID].Parameter HIGH" "unlimited-elements-for-elementor 1.5.110 Authenticated.(Contributor+).Information.Exposure MEDIUM" "unlimited-elements-for-elementor 1.5.108 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Text.Field MEDIUM" "unlimited-elements-for-elementor 1.5.91 Contributor+.Remote.Code.Execution.via.template.import HIGH" "unlimited-elements-for-elementor 1.5.108 Contributor+.SQLi MEDIUM" "unlimited-elements-for-elementor 1.5.105 Contributor+.SQL.Injection HIGH" "unlimited-elements-for-elementor 1.5.103 Admin+.Command.Injection MEDIUM" "unlimited-elements-for-elementor 1.5.103 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.97 Contributor+.Stored.XSS MEDIUM" "unlimited-elements-for-elementor 1.5.94 Reflected.Cross-Site.Scripting HIGH" "unlimited-elements-for-elementor 1.5.75 Reflected.Cross-Site.Scripting MEDIUM" "unlimited-elements-for-elementor 1.5.67 Contributor+.Arbitrary.File.Upload HIGH" "unlimited-elements-for-elementor 1.5.49 Admin+.Stored.XSS LOW" "unlimited-elements-for-elementor 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "uber-grid No.known.fix Missing.Authorization.to.Unauthenticated.Portfolio.Update MEDIUM" "uber-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "uber-grid No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "uber-grid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.9.1 Admin+.Stored.XSS LOW" "url-shortify 1.7.6 Unauthenticated.Stored.XSS.via.referer.header CRITICAL" "url-shortify 1.7.3 Reflected.Cross-Site.Scripting MEDIUM" "url-shortify 1.7.0 Admin+.Cross.Site.Scripting LOW" "url-shortify 1.5.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "url-shortify 1.5.1 Arbitrary.Link/Group.Deletion.via.CSRF MEDIUM" "update-notifications No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ultimate-category-excluder 1.2 Cross-Site.Request.Forgery MEDIUM" "user-rights-access-manager No.known.fix Missing.Authorization MEDIUM" "user-rights-access-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-rights-access-manager 1.0.8 Access.Restriction.Bypass MEDIUM" "user-rights-access-manager 1.0.4 Improper.Access.Controls MEDIUM" "ultimate-widgets-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-widgets-light No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-widgets-light No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "udraw 3.3.3 Unauthenticated.Arbitrary.File.Access HIGH" "upunzipper No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "user-activity-log-pro No.known.fix Missing.Authorization MEDIUM" "user-activity-log-pro No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "user-activity-log-pro 2.3.4 Unauthenticated.Stored.Cross-Site.Scripting.via.User.Agent HIGH" "user-activity-log-pro 2.3.4 IP.Spoofing MEDIUM" "unlimited-addon-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "umich-oidc-login No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "user-profile 2.0.21 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "uw-freelancer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-noindex-nofollow-tool No.known.fix Settings.Update.via.CSRF MEDIUM" "userpro-mediamanager No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Options.Update CRITICAL" "userpro-mediamanager No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "user-meta-manager No.known.fix Reflected.XSS HIGH" "user-meta-manager No.known.fix CSRF MEDIUM" "ultimate-blocks 3.2.4 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.2 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.2.0 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Blocks MEDIUM" "ultimate-blocks 3.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.tag.attribute MEDIUM" "ultimate-blocks 3.1.9 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.1.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.metabox MEDIUM" "ultimate-blocks 3.1.7 Contributor+.Stored.XSS MEDIUM" "ultimate-blocks 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-blocks 2.4.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-coming-soon 1.1.0 Cross-Site.Request.Forgery MEDIUM" "ultimate-coming-soon 1.1.0 Subscriber+.Template.Name.Update MEDIUM" "ultimate-coming-soon 1.1.0 Unauthenticated.Template.Activation MEDIUM" "upcasted-s3-offload 3.0.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.3 Reflected.Cross-Site.Scripting MEDIUM" "upcasted-s3-offload 3.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "user-role-editor 4.64.4 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "uix-shortcodes 2.0.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "uix-shortcodes 2.0.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "ultimate-instagram-feed No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "update-urls 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-gutenberg 2.16.3 Contributor+.Stored.XSS.via.Team.Widget MEDIUM" "ultimate-addons-for-gutenberg 2.15.1 Authenticated.(Contributor+).Stored.Cross-site.Scripting MEDIUM" "ultimate-addons-for-gutenberg 2.13.8 Missing.Authorization.via.generate_ai_content MEDIUM" "ultimate-addons-for-gutenberg 2.13.1 Author+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Testimonial.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.9 Contributor+.Stored.XSS.via.Image.Gallery.Block MEDIUM" "ultimate-addons-for-gutenberg 2.12.7 Contributor+.Path.Traversal MEDIUM" "ultimate-addons-for-gutenberg 2.10.4 Authenticated(Contributor+).Cross-Site.Scripting.via.Custom.CSS MEDIUM" "ultimate-addons-for-gutenberg 2.7.10 Contributor+.Stored.XSS MEDIUM" "ultimate-addons-for-gutenberg 1.15.0 Contributor+.Stored.Cross-Side.Scripting MEDIUM" "ultimate-addons-for-gutenberg 1.25.6 Reflected.Cross-Site.Scripting MEDIUM" "userpro-messaging No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "userpro-messaging No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-activity-log 2.0 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.6.7 IP.Spoofing MEDIUM" "user-activity-log 1.6.6 Subscriber+.Log.Export MEDIUM" "user-activity-log 1.6.5 Unauthenticated.SQLi HIGH" "user-activity-log 1.6.3 Admin+.SQLi MEDIUM" "user-activity-log 1.6.3 Admin+.SQL.Injection MEDIUM" "user-activity-log 1.4.7 Reflected.Cross-Site.Scripting HIGH" "user-activity-log 1.4.7 Reflected.Cross.Site.Scripting.via.Query.String MEDIUM" "unite-gallery-lite No.known.fix Authenticated.(Contributor+).SQL.Injection CRITICAL" "unite-gallery-lite 1.7.62 Admin+.Stored.XSS LOW" "unite-gallery-lite 1.7.60 Admin+.Local.File.Inclusion MEDIUM" "unite-gallery-lite 1.5 CSRF.&.Authenticated.SQL.Injection HIGH" "uncanny-automator 6.3 Authenticated.(Admin+).Server-Side.Request.Forgery.via.Webhook MEDIUM" "uncanny-automator 5.1.0.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "userswp 1.2.16 Missing.Authorization MEDIUM" "userswp 1.2.12 Users.Information.Disclosure MEDIUM" "userswp 1.2.11 Unauthenticated.SQL.Injection.via.'uwp_sort_by' CRITICAL" "userswp 1.2.6 Cross-Site.Request.Forgery MEDIUM" "userswp 1.2.7 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "userswp 1.2.3.23 Profile.Picture.Deletion.via.CSRF MEDIUM" "userswp 1.2.3.1 Subscriber+.User.Avatar.Override MEDIUM" "userswp 1.2.2.29 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-noindex-nofollow-tool-ii 1.3.6 Admin+.Stored.XSS LOW" "ultimate-noindex-nofollow-tool-ii 1.3.4 Settings.Update.via.CSRF MEDIUM" "user-private-files 2.1.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "user-private-files 2.1.1 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).Private.File.Access MEDIUM" "user-private-files 2.0.5 Subscriber+.Sensitive.Data.and.Files.Exposure.via.IDOR MEDIUM" "user-private-files 2.0.4 Admin+.Stored.XSS MEDIUM" "user-private-files 1.1.3 Subscriber+.Arbitrary.File.Upload CRITICAL" "unique-ux No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "uploading-svgwebp-and-ico-files No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "ultimate-social-media-icons 2.9.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-social-media-icons 2.9.1 Admin+.Stored.XSS LOW" "ultimate-social-media-icons 2.8.9 Admin+.Stored.XSS.via.settings LOW" "ultimate-social-media-icons 2.8.6 Subscriber+.Sensitive.Information.Exposure MEDIUM" "ultimate-social-media-icons 2.8.6 Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.4 Reflected.XSS HIGH" "ultimate-social-media-icons 2.8.2 Plugin.Installation.via.CSRF MEDIUM" "ultimate-social-media-icons 2.8.2 Subscriber+.Plugin.Installation MEDIUM" "ultimate-social-media-icons 2.8.2 Admin+.Stored.XSS LOW" "user-domain-whitelist 1.5 .user-domain-whitelist.php.Domain.Whitelisting.Manipulation.CSRF HIGH" "user-spam-remover 1.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "updraft No.known.fix Reflected.XSS HIGH" "university-quizzes-online No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "user-activation-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.3.1 Missing.Authorization MEDIUM" "ultimate-store-kit 2.0.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Unauthenticated.PHP.Object.Injection CRITICAL" "ultimate-store-kit 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-store-kit 2.0.4 Unauthenticated.PHP.Object.Injection MEDIUM" "ultimate-store-kit 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "up-down-image-slideshow-gallery 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "unusedcss 2.4.5 Missing.Authorization MEDIUM" "unusedcss 2.4.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Setting.Reset MEDIUM" "unusedcss 2.4.3 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification.and.SQL.Injection HIGH" "unusedcss 2.2.12 Unauthenticated.Server-Side.Request.Forgery HIGH" "unusedcss 1.7.2 Multiple.Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.7.2 Unauthorised.AJAX.Calls MEDIUM" "unusedcss 1.6.36 Subscriber+.SQLi HIGH" "user-messages No.known.fix Reflected.XSS HIGH" "under-construction-maintenance-mode 1.1.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "under-construction-maintenance-mode 1.1.2 Server.Side.Request.Forgery.(SSRF) MEDIUM" "upload-media-by-url 1.0.8 Stored.XSS.via.CSRF MEDIUM" "userfeedback-lite 1.0.16 Unauthenticated.Stored.Cross-Site.Scripting.via.Name.Parameter HIGH" "userfeedback-lite 1.0.14 Unauthenticated.Stored.XSS MEDIUM" "userfeedback-lite 1.0.10 Unauthenticated.Stored.XSS HIGH" "userfeedback-lite 1.0.8 Unauthenticated.Stored.XSS HIGH" "ultimate-tinymce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "userbase-access-control No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "user-menus 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "user-menus 1.2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "utubevideo-gallery 2.0.8 Contributor+.Stored.XSS MEDIUM" "ungallery No.known.fix Stored.XSS.via.CSRF HIGH" "upload-fields-for-wpforms No.known.fix Missing.Authorization MEDIUM" "users-control No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "user-password-reset No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "uk-cookie-consent 3.2.1 Missing.Authorization.via.handle_consent_toggle() MEDIUM" "uk-cookie-consent 2.3.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-post 4.1.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.17 Missing.Authorization.to.Arbitrary.Plugin.Installation/Activation HIGH" "ultimate-post 4.1.16 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 4.1.3 Missing.Authorization.to.Arbitrary.Options.Update HIGH" "ultimate-post 4.1.0 Authenticated.(Contributor+).Stored.Cross=Site.Scripting MEDIUM" "ultimate-post 4.1.0 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Contributor+.Stored.XSS MEDIUM" "ultimate-post 4.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 3.2.4 Incorrect.Authorization MEDIUM" "ultimate-post 3.0.6 Gutenberg.Post.Grid.Blocks.<.3.0.6.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.9.10 Gutenberg.Blocks.for.Post.Grid.<.2.9.10.-.Reflected.Cross-Site.Scripting HIGH" "ultimate-post 2.4.10 Private.Content.Disclosure MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-post 2.4.10 Missing.Access.Controls MEDIUM" "unlimited-blocks No.known.fix Contributor+.Stored.XSS MEDIUM" "user-ip-and-location 2.2.1 Contributor+.Stored.XSS MEDIUM" "uji-countdown 2.3.1 Admin+.Stored.XSS LOW" "uji-countdown 2.0.7 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-wp-query-search-filter No.known.fix Contributor+.XSS MEDIUM" "updater 1.35 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "user-login-history 1.6 Cross-Site.Scripting.(XSS) MEDIUM" "unitimetable No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ultimate-infinite-scroll 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "user-location-and-ip No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-gutenberg No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ultimate-gutenberg No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "universal-analytics 1.3.1 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "unlimited-theme-addons 1.2.3 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "unlimited-theme-addons 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-taxonomy-manager No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "ultimate-taxonomy-manager No.known.fix Reflected.XSS HIGH" "update-alt-attribute No.known.fix Reflected.XSS HIGH" "update-alt-attribute No.known.fix Cross-Site.Request.Forgery MEDIUM" "ultimate-addons-for-elementor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-elementor 1.9 Missing.Authorization MEDIUM" "ultimate-product-catalogue 5.2.16 Cross-Site.Request.Forgery.via.reset_settings() MEDIUM" "ultimate-product-catalogue 5.2.6 Admin+.Stored.XSS LOW" "ultimate-product-catalogue 5.0.26 Subscriber+.Arbitrary.Product.Creation.&.Settings.Update MEDIUM" "upload-scanner No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "uncanny-learndash-toolkit 3.6.4.2 Cross-Site.Request.Forgery.(CSRF) HIGH" "ultimate-weather-plugin No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "user-meta No.known.fix Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure MEDIUM" "user-meta 3.1 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "user-meta 2.4.4 Subscriber+.Local.File.Enumeration.via.Path.Traversal LOW" "user-meta 2.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "ultimate-under-construction 1.9.4 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "user-verification 1.0.94 Authentication.Bypass CRITICAL" "use-your-drive 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "ut-shortcodes 5.0.5 Reflected.Cross-Site.Scripting MEDIUM" "user-role 1.6.7 Privilege.Escalation.via.CSRF HIGH" "user-role 1.5.6 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "uptime-robot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Missing.Authorization.to.Arbitrary.Page/Post.Duplication MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "uncanny-toolkit-pro 4.1.4.1 Cross-Site.Request.Forgery MEDIUM" "ultimate-subscribe No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "updraftplus 1.25.1 Backup/Restore.<.1.25.1.-.Reflected.XSS HIGH" "updraftplus 1.24.12 Unauthenticated.PHP.Object.Injection HIGH" "updraftplus 1.23.11 Google.Drive.Storage.Update.via.CSRF MEDIUM" "updraftplus 1.23.4 CSRF MEDIUM" "updraftplus 1.22.9 Reflected.Cross-Site.Scripting MEDIUM" "updraftplus 1.22.3 Subscriber+.Backup.Download HIGH" "updraftplus 1.16.69 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.66 Reflected.Cross-Site.Scripting HIGH" "updraftplus 1.16.59 Admin+.Local.File.Inclusion MEDIUM" "updraftplus 1.6.59 Admin+.Stored.Cross-Site.Scripting LOW" "updraftplus 1.13.5 XSS MEDIUM" "updraftplus 1.9.64 XSS MEDIUM" "useragent-spy No.known.fix Admin+.Stored.XSS LOW" "ultraembed-advanced-iframe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "universal-star-rating No.known.fix CSRF MEDIUM" "user-management No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "user-management 1.2 Subscriber+.Arbitrary.File.Upload HIGH" "uptodown-apk-download-widget 0.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ucontext No.known.fix Stored.Cross-Site.Scripting.via.CSRF HIGH" "ultimate-carousel-for-divi 4.5.1 Reflected.Cross-Site.Scripting MEDIUM" "ultimate-carousel-for-divi 4.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-member 2.10.1 Unauthenticated.SQLi HIGH" "ultimate-member 2.10.0 Authenticated.SQL.Injection MEDIUM" "ultimate-member 2.9.2 Information.Exposure MEDIUM" "ultimate-member 2.9.2 Unauthenticated.SQL.Injection HIGH" "ultimate-member 2.9.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Profile.Picture.Update MEDIUM" "ultimate-member 2.8.7 Cross-Site.Request.Forgery.to.Membership.Status.Change MEDIUM" "ultimate-member 2.8.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.8.4 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ultimate-member 2.8.3 2.8.2.-.Unauthenticated.SQL.Injection MEDIUM" "ultimate-member 2.6.7 Unauthenticated.Privilege.Escalation CRITICAL" "ultimate-member 2.6.1 Form.Duplication.via.CSRF MEDIUM" "ultimate-member 2.5.1 Contributor+.LFI.via.Traversal MEDIUM" "ultimate-member 2.5.1 Admin+.LFI.via.Traversal LOW" "ultimate-member 2.5.1 Admin+.RCE MEDIUM" "ultimate-member 2.5.1 Subscriber+.RCE HIGH" "ultimate-member 2.4.0 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "ultimate-member 2.3.2 Open.Redirect MEDIUM" "ultimate-member 2.1.20 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.1.12 Authenticated.Privilege.Escalation.via.Profile.Update CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Roles CRITICAL" "ultimate-member 2.1.12 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "ultimate-member 2.1.7 Unauthenticated.Open.Redirect MEDIUM" "ultimate-member 2.1.3 Insecure.Direct.Object.Reference.(IDOR) MEDIUM" "ultimate-member 2.0.54 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 2.0.52 CSRF.and.Stored.XSS.issues MEDIUM" "ultimate-member 2.0.46 Multiple.Vulnerabilities HIGH" "ultimate-member 2.0.40 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.33 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "ultimate-member 2.0.28 Multiple.XSS MEDIUM" "ultimate-member 2.0.22 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.22 Unauthenticated.Arbitrary.File.Upload HIGH" "ultimate-member 2.0.18 Authenticated.Cross-Site.Scripting.(XSS) HIGH" "ultimate-member 2.0.4 Multiple.Issues HIGH" "ultimate-member 2.0.7 Multiple.Cross-Site.Request.Forgery.Issues HIGH" "ultimate-member 2.0.4 Multiple.XSS MEDIUM" "ultimate-member 1.3.76 Unauthenticated.Change.Passwords HIGH" "ultimate-member 1.3.65 Local.File.Inclusion MEDIUM" "ultimate-member 1.3.40 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.29 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.3.18 Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.2.995 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-member 1.0.84 Multiple.Vulnerabilities HIGH" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Setting.Exposure MEDIUM" "ultimate-youtube-video-player No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Playlist/Video.Deletion MEDIUM" "userback 1.0.14 Arbitrary.Settings.Update.via.CSRF MEDIUM" "usc-e-shop 2.11.10 Unauthenticated.Stored.Cross-Site.Scripting.via.name.Parameter HIGH" "usc-e-shop 2.11.2 Authenticated.(Admin+).SQL.Injection MEDIUM" "usc-e-shop 2.10.0 Missing.Authorization MEDIUM" "usc-e-shop 2.9.4 Authenticated(Editor+).SQL.Injection HIGH" "usc-e-shop 2.9.7 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "usc-e-shop 2.9.6 Admin+.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Cross-Site.Request.Forgery HIGH" "usc-e-shop 2.9.5 Unauthenticated.PHP.Object.Injection HIGH" "usc-e-shop 2.9.5 Subscriber+.Arbitrary.File.Upload HIGH" "usc-e-shop 2.9.5 Reflected.XSS HIGH" "usc-e-shop 2.8.22 Editor+.Arbitrary.File.Upload LOW" "usc-e-shop 2.8.22 Author+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Author+.Path.Traversal MEDIUM" "usc-e-shop 2.8.22 Editor+.SQL.Injection MEDIUM" "usc-e-shop 2.8.22 Multiple.XSS MEDIUM" "usc-e-shop 2.8.11 Reflected.XSS HIGH" "usc-e-shop 2.8.9 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "usc-e-shop 2.8.6 Subscriber+.PHAR.Deserialisation HIGH" "usc-e-shop 2.8.5 Subscriber+.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.5 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.8.4 Subscriber+.Arbitrary.Shipping.Method.Creation/Update/Deletion MEDIUM" "usc-e-shop 2.8.4 Multiple.Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "usc-e-shop 2.7.8 Unauthenticated.Arbitrary.File.Access HIGH" "usc-e-shop 2.2.8 Unauthenticated.Information.Disclosure HIGH" "usc-e-shop 2.2.8 Authenticated.System.Information.Disclosure MEDIUM" "usc-e-shop 2.2.4 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 2.1.1 Authenticated.SQL.Injection MEDIUM" "usc-e-shop 1.9.36 Authenticated.PHP.Object.Injection HIGH" "usc-e-shop 1.8.3 Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.8.3 PHP.Object.Injection MEDIUM" "usc-e-shop 1.8.3 Session.Management MEDIUM" "usc-e-shop 1.5.3 SQL.Injection MEDIUM" "usc-e-shop 1.4.18 Multiple.Vulnerabilities LOW" "usc-e-shop 1.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "usc-e-shop 1.5 SQL.Injection CRITICAL" "usc-e-shop 1.5 purchase_limit.Parameter.DOM-based.XSS MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Icons.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Separator.Widget MEDIUM" "ultimate-addons-for-beaver-builder-lite 1.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Info.Table.Widget MEDIUM" "unlimited-popups No.known.fix Author+.SQL.Injection HIGH" "uncanny-learndash-groups 6.1.1 Missing.Authorization.to.Authenticated.(Group.Leader+).User.Group.Add LOW" "uncanny-learndash-groups 6.1.1 Authenticated.(Group.Leader+).Privilege.Escalation HIGH" "update-theme-and-plugins-from-zip-file No.known.fix CSRF MEDIUM" "ultimate-reviews 3.2.9 Unauthenticated.stored.Cross-Site.Scripting.via.reviews MEDIUM" "ultimate-reviews 3.0.16 Admin+.Stored.Cross-Site.Scripting LOW" "ultimate-reviews 2.1.33 Unauthenticated.PHP.Object.Injection MEDIUM" "use-any-font 6.3.09 Cross-Site.Request.Forgery MEDIUM" "use-any-font 6.2.1 API.Key.Deactivation.via.CSRF MEDIUM" "use-any-font 6.2.1 Unauthenticated.Arbitrary.CSS.Appending HIGH" "username-updater 1.0.5 Arbitrary.Username.Update.via.CSRF MEDIUM" "utech-world-time-for-wp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unlimited-page-sidebars 0.2.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ultra-companion 1.2.0 Contributor+.Stored.XSS MEDIUM" "url-media-uploader 1.0.1 Authenticated.(Author+).Server-Side.Request.Forgery.via.DNS.Rebinding MEDIUM" "ultimate-appointment-scheduling 1.1.10 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "ultimate-image-hover-effects No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultimate-faqs 2.1.2 Subscriber+.Arbitrary.FAQ.Creation MEDIUM" "ultimate-faqs 1.8.30 Unauthenticated.Reflected.XSS MEDIUM" "ultimate-faqs 1.8.25 Unauthenticated.Options.Import/Export HIGH" "ultimate-faqs 1.8.22 Cross-Site.Scripting.(XSS) MEDIUM" "userheat 1.1.11 Settings.Update.via.CSRF MEDIUM" "ulp-duplicate-post-sql-timebased 3.9.1 Authenticated.(Administrator+).SQL.Injection.via.post_id.Parameter MEDIUM" "ulisting No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Meta.Update.and.PHP.Object.Injection HIGH" "ulisting No.known.fix Subscriber+.Privilege.Escalation HIGH" "ulisting 2.1.7 Unauthenticated.SQL.Injection HIGH" "ulisting 2.1.7 Authenticated.(Contributor+).SQL.Injection MEDIUM" "ulisting 2.1.6 Unauthenticated.Information.Exposure MEDIUM" "ulisting 2.0.9 Arbitrary.Blog.Option.Update.via.CSRF HIGH" "ulisting 2.0.6 Unauthenticated.Privilege.Escalation MEDIUM" "ulisting 2.0.6 Authenticated.IDOR MEDIUM" "ulisting 2.0.6 Multiple.CSRF MEDIUM" "ulisting 2.0.6 Settings.Update.via.CSRF MEDIUM" "ulisting 2.0.6 Reflected.Cross-Site.Scripting MEDIUM" "ulisting 2.0.6 Modify.User.Roles.via.CSRF MEDIUM" "ulisting 2.0.4 Unauthenticated.SQL.Injection HIGH" "ulisting 1.7 Unauthenticated.Arbitrary.Roles.and.Capabilities.Creation/Deletion MEDIUM" "ulisting 1.7 Unauthenticated.Arbitrary.Post/Page.Deletion HIGH" "ulisting 1.7 Missing.Access.Controls CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Change HIGH" "ulisting 1.7 Unauthenticated.Information.Disclosure HIGH" "ulisting 1.7 Unauthenticated.SQL.Injections CRITICAL" "ulisting 1.7 Unauthenticated.Arbitrary.Account.Creation CRITICAL" "ulisting 1.7 Unauthenticated.WordPress.Options.Change CRITICAL" "users-customers-import-export-for-wp-woocommerce 2.5.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "users-customers-import-export-for-wp-woocommerce 2.5.3 Authenticated.(Shop.Manager+).Path.Traversal LOW" "users-customers-import-export-for-wp-woocommerce 2.4.9 Shop.Manager+.Arbitrary.File.Upload HIGH" "users-customers-import-export-for-wp-woocommerce 2.4.2 Shop.Manager+.Privilege.Escalation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.9 Authenticated.Arbitrary.User.Creation HIGH" "users-customers-import-export-for-wp-woocommerce 1.3.2 CSV.Injection HIGH" "unlimited-addons-for-wpbakery-page-builder No.known.fix Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "ultimate-tables No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "utilities-for-mtg No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "upqode-google-maps No.known.fix Contributor+.Stored.XSS MEDIUM" "ultimate-410 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultraaddons-elementor-lite 1.1.9 Insecure.Direct.Object.Reference.to.Sensitive.Information.Exposure.via.UA_Template.Shortcode MEDIUM" "ultraaddons-elementor-lite No.known.fix Author+.Stored.XSS MEDIUM" "ultraaddons-elementor-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "ultraaddons-elementor-lite 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "updownupdown-postcomment-voting No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "ultimate-auction 4.3.0 Contributor+.Arbitrary.Post.Deletion MEDIUM" "ultimate-auction 4.2.8 Missing.Authorization.to.Unauthenticated.Email.Creation MEDIUM" "ultimate-auction 4.2.6 Cross-Site.Request.Forgery MEDIUM" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "ultimate-shortcodes-creator No.known.fix Reflected.Cross-Site.Scripting.via._wpnonce MEDIUM" "ultimate-shortcodes-creator 2.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "unyson 2.7.31 Cross-Site.Request.Forgery MEDIUM" "unyson No.known.fix Missing.Authorization MEDIUM" "unyson 2.7.27 Reflected.Cross-Site.Scripting MEDIUM" "utilitify 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "utilitify 1.0.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultimate-bulk-seo-noindex-nofollow No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "v-form 3.0.7 Missing.Authorization MEDIUM" "v-form 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "v-form 2.1.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "video-reviews 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "video-reviews 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "viperbar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-player-for-wpbakery No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viet-affiliate-link No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vertical-carousel-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualmodo-elements No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.get_form_fields MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.save_view MEDIUM" "views-for-wpforms-lite 3.2.3 Cross-Site.Request.Forgery.via.create_view MEDIUM" "views-for-wpforms-lite 3.2.3 Missing.Authorization.via.create_view MEDIUM" "video-thumbnails No.known.fix Admin+.Stored.XSS LOW" "vr-frases No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vr-frases No.known.fix Authenticated.(Admin+).SQL.Injection MEDIUM" "vr-frases No.known.fix Reflected.XSS HIGH" "videojs-html5-player 1.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.videojs_video.Shortcode MEDIUM" "videojs-html5-player 1.1.9 Contributor+.Stored.XSS MEDIUM" "vertical-news-scroller 1.17 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "very-simple-google-maps 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "very-simple-google-maps 2.9 Contributor+.Stored.XSS MEDIUM" "vbsso-lite No.known.fix Missing.Authorization.to.Privilege.Escalation CRITICAL" "virtual-bot No.known.fix Unauthenticated.SQL.Injection HIGH" "virtual-bot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "variation-swatches-for-woocommerce 2.1.2 Subscriber+.Stored.Cross-Site.Scripting HIGH" "vstemplate-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vc-tabs No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vc-tabs 3.7.2 Admin+.Stored.Cross-Site.Scripting LOW" "vc-tabs 3.6.0 Unauthenticated.Arbitrary.Option.Update CRITICAL" "vc-tabs 3.7.0 Authenticated.Arbitrary.Options.Update MEDIUM" "vk-blocks-pro 1.54.0 Multiple.Stored.XSS MEDIUM" "video-wc-gallery 1.32 Missing.Authorization.to.Unauthenticated.Limited.File.Deletion MEDIUM" "video-grid 1.22 Reflected.XSS HIGH" "viet-nam-affiliate No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "vdz-google-analytics 1.4.9 Authenticated.Stored.XSS LOW" "vdz-google-analytics 1.6.0 Authenticated.Stored.XSS LOW" "videojs-html5-video-player-for-wordpress No.known.fix HTML5.Video.Player.for.WordPress.<=.4.5.0.-.Contributor+.Stored.XSS.via.Shortcode MEDIUM" "vayu-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vayu-blocks 1.2.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Installation/Activation CRITICAL" "video-background 2.7.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "vertical-diamond-flipbook-flash No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visual-recent-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Open.Redirect MEDIUM" "video-conferencing-with-zoom-api 4.4.6 Sensitive.Information.Exposure MEDIUM" "video-conferencing-with-zoom-api 4.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "video-conferencing-with-zoom-api 4.3.0 Sensitive.Data.Disclosure LOW" "video-conferencing-with-zoom-api 4.0.10 Contributor+.Stored.XSS MEDIUM" "video-conferencing-with-zoom-api 3.9.3 Reflected.Cross-Site.Scripting MEDIUM" "video-conferencing-with-zoom-api 3.8.17 E-mail.Address.Disclosure MEDIUM" "video-conferencing-with-zoom-api 3.8.16 Reflected.Cross-Site.Scripting HIGH" "verge3d 4.8.1 Reflected.Cross-Site.Scripting MEDIUM" "verge3d 4.5.3 Subscriber+.Arbitrary.File.Upload HIGH" "vignete-ads No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vkontakte-wall-post No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "video-widget No.known.fix Admin+.Stored.XSS.via.Widget LOW" "vospari-forms 1.4 Cross-Site.Scripting.(XSS) MEDIUM" "video-embed-optimizer No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vk-all-in-one-expansion-unit 9.99.2.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.96.0.0 Unauthenticated.Password.Protected.Content.Access MEDIUM" "vk-all-in-one-expansion-unit 9.97.0.0 Contributor+.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.88.2 Multiple.Stored.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.87.1.0 Reflected.XSS MEDIUM" "vk-all-in-one-expansion-unit 9.86.0.0 Contributor+.Stored.XSS MEDIUM" "vk-poster-group No.known.fix Reflected.Cross-Site.Scripting.via.vkp_repost MEDIUM" "voting-record No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "voting-record No.known.fix Subscriber+.Stored.XSS HIGH" "visual-form-builder 3.0.8 Entries.Deletion/Restoration.via.CSRF MEDIUM" "visual-form-builder 3.0.7 Admin+.Stored.Cross-Site.Scripting LOW" "visual-form-builder 3.0.6 CSV.Injection LOW" "visual-form-builder 3.0.6 Unauthenticated.Information.Disclosure MEDIUM" "visual-form-builder 3.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "vampire-character No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "video-list-manager No.known.fix Admin+.SQL.Injection MEDIUM" "videojs-hls-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visual-link-preview 2.2.3 Unauthorised.AJAX.Calls MEDIUM" "vertical-marquee-plugin 7.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "vertical-marquee-plugin No.known.fix Admin+.Stored.XSS LOW" "viewmedica No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viewmedica No.known.fix Cross-Site.Request.Forgery.to.SQL.Injection MEDIUM" "viewmedica No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "vrpconnector No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "visitors-traffic-real-time-statistics 7.3 Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "visitors-traffic-real-time-statistics 3.9 Subscriber+.SQL.Injection HIGH" "visitors-traffic-real-time-statistics 2.13 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "visitors-traffic-real-time-statistics 2.12 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "visitors-traffic-real-time-statistics 1.13 CSRF.to.Stored.XSS/SQLi HIGH" "vm-backups No.known.fix CSRF.to.Database.Backup.Download MEDIUM" "vm-backups No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "visual-portfolio 3.3.10 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "visual-portfolio 3.3.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.title_tag.Parameter MEDIUM" "visual-portfolio 2.18.0 Unauthenticated.CSS.Injection MEDIUM" "visual-portfolio 2.19.0 Contributor+.CSS.Injection MEDIUM" "verse-o-matic No.known.fix CSRF.to.Stored.XSS HIGH" "vdz-call-back 1.1.4.6 Authenticated.Stored.XSS MEDIUM" "visual-footer-credit-remover 1.3 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "venture-event-manager 3.2.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "virtual-hdm-for-taxservice-am No.known.fix Unauthenticated.SQL.Injection HIGH" "vk-blocks 1.95.0.3 Missing.Authorization.to.Sensitive.Information.Exposure MEDIUM" "vk-blocks 1.64.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block MEDIUM" "vk-blocks 1.57.1.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.58.0.0 Contributor+.Settings.Update.via.REST.API MEDIUM" "vk-blocks 1.54.0 Multiple.Stored.XSS MEDIUM" "vertical-scroll-recent-post No.known.fix Cross-Site.Request.Forgery.via.vsrp_admin_options MEDIUM" "vertical-scroll-recent-post No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "vertical-scroll-recent-post 14.0 Reflected.Cross-Site.Scripting MEDIUM" "visibility-logic-elementor 2.3.5 Cross-Site.Request.Forgery MEDIUM" "visitors-online 1.0.0 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "visitors-online 0.4 SQL.Injection CRITICAL" "visualcomposer 45.9.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Title MEDIUM" "visualcomposer 45.0.1 Authenticated.Stored.XSS.via.Text.Block MEDIUM" "visualcomposer 27.0 Multiple.Authenticated.Cross-Site.Scripting.Issues HIGH" "vidseo 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "video-playlist-and-gallery-plugin 1.160 Settings.Update.via.CSRF MEDIUM" "vit-website-reviews No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "void-elementor-post-grid-addon-for-elementor-page-builder 2.4 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "very-simple-breadcrumb No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "video-popup 1.1.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "vmax-project-manager No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "video-sidebar-widgets No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "very-simple-contact-form 14.8 CAPTCHA.Bypass MEDIUM" "very-simple-contact-form 14.0 Missing.Authorization MEDIUM" "very-simple-contact-form 11.6 Captcha.bypass MEDIUM" "vimeography 2.4.5 Sensitive.Information.Exposure MEDIUM" "vimeography 2.4.2 Cross-Site.Request.Forgery MEDIUM" "vimeography 2.3.3 Contributor+.PHP.Object.Injection HIGH" "videowhisper-video-conference-integration No.known.fix Remote.File.Upload CRITICAL" "video-analytics-for-cloudflare-stream 1.2 Reflected.Cross-Site.Scripting MEDIUM" "video-contest No.known.fix Cross-Site.Request.Forgery MEDIUM" "video-contest No.known.fix Admin+.Stored.XSS LOW" "visitors-app No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "vdz-verification 1.4 Authenticated.Stored.XSS MEDIUM" "vk-filter-search 2.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "video-central No.known.fix Contributor+.Stored.XSS MEDIUM" "visitors-details No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "vc-addons-by-bit14 No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "vc-addons-by-bit14 1.4.6 Missing.Authorization.to.Authenticated.(Subscriber+).Plugin.Settings.Modification MEDIUM" "vr-calendar-sync 2.4.5 Unauthenticated.Local.File.Inclusion CRITICAL" "vr-calendar-sync 2.3.4 Calendar.Deletion/Update.&.Settings.Update.via.CSRF MEDIUM" "vr-calendar-sync 2.4.5 LFI.via.CSRF HIGH" "vr-calendar-sync 2.3.1 Reflected.Cross-Site.Scripting MEDIUM" "vr-calendar-sync 2.3.2 Unauthenticated.Arbitrary.Function.Call HIGH" "videowhisper-video-presentation No.known.fix Remote.File.Upload CRITICAL" "verowa-connect 3.0.2 Unauthenticated.SQL.Injection HIGH" "video-comments-webcam-recorder 1.92 Unauthenticated.Reflected.XSS MEDIUM" "video-share-vod 2.6.32 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "video-share-vod 2.6.31 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vdocipher 1.30 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viral-signup No.known.fix Unauthenticated.SQLi HIGH" "viral-signup No.known.fix Admin+.Stored.XSS LOW" "vision 1.7.2 Missing.Authorization MEDIUM" "vision 1.5.4 Contributor+.Stored.XSS MEDIUM" "vision 1.5.2 Reflected.Cross-Site.Scripting HIGH" "video-playlist-for-youtube 6.2 CSRF MEDIUM" "visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams No.known.fix Settings.Update.via.CSRF MEDIUM" "vikinghammer-tweet No.known.fix Stored.XSS.via.CSRF HIGH" "void-elementor-whmcs-elements 2.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "visitor-info No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visitor-info No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "video-synchro-pdf No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "video-synchro-pdf No.known.fix Unauthenticated.LFI MEDIUM" "vslider No.known.fix Cross-Site.Request.Forgery MEDIUM" "vslider No.known.fix Contributor+.Stored.XSS MEDIUM" "vrview No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "verbalize-wp No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "vision-pro 1.5.2 Reflected.Cross-Site.Scripting HIGH" "very-simple-quiz No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vikappointments 1.2.17 Cross-Site.Request.Forgery MEDIUM" "variable-product-swatches No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "variable-product-swatches 1.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "videowhisper-live-streaming-integration 6.2.1 Unauthenticated.Arbitrary.File.Read HIGH" "videowhisper-live-streaming-integration 6.2.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "videowhisper-live-streaming-integration 6.1.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videowhisper-live-streaming-integration 4.27.4 Cross-Site.Scripting.(XSS) MEDIUM" "videowhisper-live-streaming-integration 4.29.5 Multiple.Vulnerabilities CRITICAL" "videowhisper-live-streaming-integration 4.29.10 videowhisper_streaming.php.Multiple.Parameter.XSS HIGH" "videowhisper-live-streaming-integration 4.67.17 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "video-embed-box No.known.fix Authenticated.(subscriber+).SQL.Injection CRITICAL" "vod-infomaniak 1.5.10 Missing.Authorization MEDIUM" "vod-infomaniak 1.5.8 Cross-Site.Request.Forgery MEDIUM" "vod-infomaniak 1.5.7 Reflected.Cross-Site.Scripting HIGH" "vikbooking 1.7.3 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "vikbooking 1.7.3 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "vikbooking 1.7.2 Admin+.Stored.XSS LOW" "vikbooking 1.6.8 Insecure.Direct.Object.References MEDIUM" "vikbooking 1.6.8 Broken.Access.Control MEDIUM" "vikbooking 1.6.8 Reflected.Cross-Site.Scripting MEDIUM" "vikbooking 1.6.0 Multiple.CSRF LOW" "vikbooking 1.5.12 Admin+.Stored.XSS MEDIUM" "vikbooking 1.5.9 Reflected.Cross-Site.Scripting LOW" "vikbooking 1.5.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "vikbooking 1.5.7 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "vikbooking 1.5.8 Admin+.PHP.File.Upload MEDIUM" "vikbooking 1.5.4 Booking.Data.Disclosure CRITICAL" "video-embed-privacy 1.3 Reflected.Cross-Site.Scripting MEDIUM" "vanguard No.known.fix Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "vigilantor 1.3.11 Admin+.Stored.XSS LOW" "video-posts-webcam-recorder 3.2.4 Authenticated.Reflected.XSS MEDIUM" "video-posts-webcam-recorder 1.55.5 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "vk-block-patterns 1.31.1.1 Missing.Authorization MEDIUM" "vk-block-patterns 1.31.2.0 Cross-Site.Request.Forgery MEDIUM" "visit-site-link-enhanced No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "vimeo-video-autoplay-automute No.known.fix Contributor+.Stored.XSS MEDIUM" "video-embed-thumbnail-generator 4.8.11 Reflected.Cross-Site.Scripting MEDIUM" "video-embed-thumbnail-generator 4.7.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vr-views No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vitepos-lite 3.1.4 Missing.Authorization MEDIUM" "vitepos-lite 3.0.2 Missing.Authorization MEDIUM" "virim No.known.fix Unauthenticated.Object.Injection CRITICAL" "visualizer 3.11.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Import.Data.From.File MEDIUM" "visualizer 3.11.2 Authenticated.(Subscriber+).SQL.Injection CRITICAL" "visualizer 3.11.0 Missing.Authorization.to.Arbitrary.SQL.Execution HIGH" "visualizer 3.10.6 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.9.5 Contributor+.Stored.XSS MEDIUM" "visualizer 3.9.2 Contributor+.Stored.XSS MEDIUM" "visualizer 3.7.10 Contributor+.PHAR.Deserialization HIGH" "visualizer 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "visualizer 3.3.1 Blind.Server-Side.Request.Forgery.(SSRF) CRITICAL" "visualizer 3.3.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "video-slider-with-thumbnails 1.0.11 Reflected.XSS HIGH" "variation-swatches-and-gallery 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "vendor 1.1.1 Unauthenticated.Information.Disclosure MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vo-locator-the-wp-store-locator No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vg-postcarousel No.known.fix Authenticated.(Contributor+).Local.File.Inclusion HIGH" "visitor-analytics-io 1.3.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "vcos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "visual-sound No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "visual-sound No.known.fix Settings.Update.via.CSRF MEDIUM" "vp-sitemap No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vikrentcar 1.4.3 Cross-Site.Request.Forgery.to.Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "vikrentcar 1.4.1 Unauthenticated.SQL.Injection CRITICAL" "vikrentcar 1.3.2 Cross.Site.Request.Forgery MEDIUM" "vikrentcar 1.3.3 Information.Exposure MEDIUM" "vikrentcar 1.3.1 Admin+.Stored.XSS MEDIUM" "vikrentcar 1.1.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "vikrentcar 1.1.7 CSRF.to.Stored.XSS HIGH" "variable-inspector 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "variable-inspector 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "vrm360 No.known.fix Contributor+.Arbitrary.File.Upload.Leading.to.RCE HIGH" "vrm360 No.known.fix Full.Path.Disclosure MEDIUM" "vibebp 1.9.9.7.7 Unauthenticated.SQL.Injection HIGH" "vibebp 1.9.9.5.1 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "vibebp 1.9.9.5 Unauthenticated.Privilege.Escalation CRITICAL" "void-visual-whmcs-element 1.0.4.1 Contributor+.Stored.XSS MEDIUM" "wp-login-control No.known.fix Reflected.XSS HIGH" "wpcodefactory-helper 1.7.1 .Reflected.Cross-Site.Scripting MEDIUM" "wpcodefactory-helper 1.5.3 Reflected.Cross-Site.Scripting HIGH" "webp-svg-support No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "woo-auto-coupons 3.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wp-opensearch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-qr-codes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widget4call No.known.fix Reflected.XSS HIGH" "widget4call No.known.fix Reflected.XSS HIGH" "wpsynchro 1.11.3 Cross-Site.Request.Forgery MEDIUM" "wpsynchro 1.10.0 Settings.Update.via.CSRF MEDIUM" "wp-membership 1.6.3 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-membership 1.5.7 Subscriber+.Privilege.Escalation CRITICAL" "wp-membership No.known.fix Multiple.Vulnerabilities MEDIUM" "wp-course-manager No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-google-tag-manager No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-strava No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-multitasking 0.1.18 WP.Utilities.<.0.1.18.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-multitasking No.known.fix Reflected.XSS.via.Shortcode MEDIUM" "wp-multitasking No.known.fix SMTP.Settings.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Exit.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Welcome.Popup.Update.via.CSRF MEDIUM" "wp-multitasking No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-product-review 3.7.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "woo-vietnam-checkout 2.0.8 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.8 Admin+.Stored.Cross-Site.Scripting MEDIUM" "woo-vietnam-checkout 2.0.6 Unauthenticated.Stored.XSS HIGH" "woo-vietnam-checkout 2.0.5 Reflected.XSS HIGH" "wp-dummy-content-generator 3.3.0 Unauthenticated.Code.Injection CRITICAL" "wp-dummy-content-generator 3.1.3 Missing.Authorization MEDIUM" "wp-dummy-content-generator 3.0.0 Cross-Site.Request.Forgery MEDIUM" "wp-admin-style No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wpachievements-free No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-comment-fields 5.1 Cross-Site.Request.Forgery MEDIUM" "wp-comment-fields 5.1 Missing.Authorization MEDIUM" "wp-comment-fields 4.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-seo-redirect-301 2.3.2 Redirect.Deletion.via.CSRF MEDIUM" "wp-file-manager-pro 8.3.10 Unauthenticated.Limited.JavaScript.File.Upload HIGH" "wp-file-manager-pro 8.3.10 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.10 Unauthenticated.Backup.File.Download.and.Upload HIGH" "wp-file-manager-pro 8.3.8 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-file-manager-pro 8.3.5 Directory.Traversal CRITICAL" "wp-file-manager-pro 8.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-file-manager-pro 8.3.5 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "woo-customers-spreadsheet-bulk-edit 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-spreadsheet-bulk-edit 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-advanced-product-size-chart 2.4.6 Missing.Authorization MEDIUM" "woo-advanced-product-size-chart 2.4.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-advanced-product-size-chart 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-blackcheck No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-floating-cart-lite 2.8.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "woo-floating-cart-lite 2.7.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-floating-cart-lite 2.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-event-manager 3.1.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'events'.Shortcode MEDIUM" "wp-event-manager 3.1.42 Reflected.Cross-Site.Scripting.via.plugin MEDIUM" "wp-event-manager 3.1.42 Editor+.Stored.XSS LOW" "wp-event-manager 3.1.43 Reflected.XSS HIGH" "wp-event-manager 3.1.38 Admin+.Stored.XSS MEDIUM" "wp-event-manager 3.1.28 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-manager 3.1.23 Admin+.Stored.Cross-Site.Scripting LOW" "weblizar-pinterest-feeds 1.1.2 Authenticated.XSS.&.CSRF HIGH" "wordpress-tabs-slides No.known.fix CSRF MEDIUM" "wp-ultra-simple-paypal-shopping-cart 4.5 Cross-Site.Request.Forgery.(CSRF) HIGH" "webico-slider-flatsome-addons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wbc_image.Shortcode MEDIUM" "wow-moodboard-lite No.known.fix Open.Redirect MEDIUM" "wpglobus-translate-options No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpglobus-translate-options 2.2.0 Reflected.XSS HIGH" "webhotelier 1.6.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-datatable 0.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "wc-rest-payment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-rest-payment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpworx-faq No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpworx-faq No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "whatsapp No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-digital-content-delivery-with-drm-flickrocket No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-buddha-free-adwords No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-buddha-free-adwords No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woocommerce-multi-currency 2.3.7 WooCommerce.Multi.Currency.-.Currency.Switcher.<.2.3.7.-.Unauthenticated.SQL.Injection HIGH" "woocommerce-multi-currency 2.1.18 Authenticated.Product.Price.Change MEDIUM" "woo-currency 1.6.6 Admin+.Stored.XSS LOW" "wp-get-personal-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-migrate-db-pro 2.6.11 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-school-calendar-lite 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-clover-gateway-by-zaytech 1.3.2 Missing.Authorization.via.callback_handler MEDIUM" "wesecur-security No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Content.Update MEDIUM" "word-replacer-ultra No.known.fix Missing.Authorization MEDIUM" "woo-simple-frontend-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-simple-frontend-manager 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "watu 3.4.1.3 Authenticated.(Contributor+).SQL.Injection MEDIUM" "watu 3.4.1.2 Author+.Stored.XSS MEDIUM" "watu 3.4.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "watu 3.4.1.1 Sensitive.Information.Disclosure MEDIUM" "watu 3.3.9.3 Reflected.XSS HIGH" "watu 3.3.9.1 Reflected.XSS HIGH" "watu 3.3.8.1 Admin+.Stored.XSS LOW" "watu 3.3.8.3 Admin+.Stored.XSS LOW" "watu 3.3.8.2 Reflected.XSS HIGH" "watu 3.1.2.6 Reflected.XSS.via.question-form.html.php HIGH" "woocommerce-woocart-popup-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Unauthenticated.Unauthorised.Action MEDIUM" "woocommerce-shipping-canada-post 2.8.4 Cross-Site.Request.Forgery MEDIUM" "wp-bulk-delete 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-prayers-request No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayers-request No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-songbook No.known.fix Reflected.Cross-Site.Scripting HIGH" "whats-new-genarator No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-smtp 1.2.7 1.2.6.-.Authenticated.(Admin+).SQL.Injection HIGH" "wp-blocks-hub No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wezido-elementor-addon-based-on-easy-digital-downloads No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-total-hacks No.known.fix Subscriber+.Arbitrary.Options.Update.to.Stored.XSS HIGH" "wordpress-simple-paypal-shopping-cart 5.0.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.7.2 Authenticated(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.4 Unauthenticated.PII.Disclosure MEDIUM" "wordpress-simple-paypal-shopping-cart 4.6.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wpschoolpress No.known.fix Missing.Authorization.to.Arbitrary.User.Deletion MEDIUM" "wpschoolpress No.known.fix Authenticated.(Parent+).SQL.Injection MEDIUM" "wpschoolpress No.known.fix Missing.Authorization.to.Privilege.Escalation.via.Account.Takeover HIGH" "wpschoolpress No.known.fix Authenticated.(Teacher+).SQL.Injection MEDIUM" "wpschoolpress No.known.fix Authenticated.(Student/Parent+).SQL.Injection MEDIUM" "wpschoolpress 2.2.11 Insecure.Direct.Object.Reference.to.Authenticated.(Teacher+).Account.Takeover/Privilege.Escalation HIGH" "wpschoolpress 2.2.5 Teacher+.SQLi MEDIUM" "wpschoolpress 2.2.5 Cross-Site.Request.Forgery MEDIUM" "wpschoolpress 2.1.10 Reflected.Cross-Site.Scripting HIGH" "wpschoolpress 2.1.17 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wpschoolpress 2.1.10 Multiple.Authenticated.SQL.Injections HIGH" "wp-copyprotect No.known.fix Settings.Update.via.CSRF MEDIUM" "wpshopgermany-it-recht-kanzlei 1.8 Admin+.Stored.XSS LOW" "wishsuite 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishsuite 1.3.5 Admin+.Stored.XSS LOW" "wishsuite 1.3.4 Cross-Site.Request.Forgery MEDIUM" "wc-return-warrranty No.known.fix Reflected.Cross-Site.Scripting HIGH" "woo-preview-emails 2.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-preview-emails 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "web-stories 1.38.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "web-stories 1.32 Author+.Auth.Bypass LOW" "web-stories 1.25.0 Subscriber+.Server.Side.Request.Forgery MEDIUM" "wp-soononline-page No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-google-maps 9.0.41 Cross-Site.Request.Forgery MEDIUM" "wp-google-maps 9.0.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.37 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-google-maps 9.0.30 Reflected.Cross-Site.Scripting HIGH" "wp-google-maps 9.0.35 Information.Exposure.to.Potential.Denial.of.Service MEDIUM" "wp-google-maps 9.0.33 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-google-maps 9.0.33 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.29 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-google-maps 9.0.28 Unauthenticated.Stored.XSS HIGH" "wp-google-maps 9.0.16 Admin+.Path.Traversal LOW" "wp-google-maps 8.1.13 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "wp-google-maps 8.1.12 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-google-maps 7.11.35 CSRF.to.Stored.XSS MEDIUM" "wp-google-maps 7.11.28 Admin.Settings.CSRF CRITICAL" "wp-google-maps 7.11.18 Unauthenticated.SQL.Injection MEDIUM" "wp-gravity-forms-spreadsheets 1.1.1 Reflected.Cross-Site.Scripting HIGH" "websand-subscription-form No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-testimonials No.known.fix Authenticated.SQL.Injection HIGH" "wp-ecards-invites 1.3.905 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-contacts-manager No.known.fix Unauthenticated.SQLi CRITICAL" "wp-simple-events No.known.fix Admin+.Cross.Site.Scripting MEDIUM" "wp-from-email No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "white-page-publication No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-graphql-woocommerce 0.12.4 Unauthenticated.Coupon.Codes.Disclosure MEDIUM" "wpify-woo 4.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wpify-woo 4.0.9 Missing.Authorization MEDIUM" "wpify-woo 3.5.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-upload-restriction No.known.fix Authenticated.Stored.XSS MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.getSelectedMimeTypesByRole MEDIUM" "wp-upload-restriction 2.2.5 Missing.Access.Control.in.deleteCustomType MEDIUM" "woocommerce-products-filter 1.3.6.6 Unauthenticated.Local.File.Inclusion CRITICAL" "woocommerce-products-filter 1.3.6.4 Reflected.Cross-Site.Scripting.via.really_curr_tax.Parameter MEDIUM" "woocommerce-products-filter 1.3.6.2 Insecure.Direct.Object.Reference.to.Unsubscribe MEDIUM" "woocommerce-products-filter 1.3.6.2 Authenticated.(Shop.Manager+).Arbitrary.Options.Update HIGH" "woocommerce-products-filter 1.3.6.1 Products.Filter.Professional.for.WooCommerce.<.1.3.6.1.-.Unauthenticated.Time-Based.SQL.Injection CRITICAL" "woocommerce-products-filter 1.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.5.3 Subscriber+..Remote.Code.Execution CRITICAL" "woocommerce-products-filter 1.3.5.2 Cross-Site.Request.Forgery MEDIUM" "woocommerce-products-filter 1.3.5.3 Admin+.Local.File.Inclusion MEDIUM" "woocommerce-products-filter 1.3.5.3 Contributor+.SQL.Injection HIGH" "woocommerce-products-filter 1.3.5.2 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-products-filter 1.3.4.4 Multiple.Connections/Stats.CSRF MEDIUM" "woocommerce-products-filter 1.3.4.3 Unauthenticated.SQL.Injection.via.search.terms CRITICAL" "woocommerce-products-filter 1.3.4.3 Missing.Authorization.via.woof_meta_get_keys() MEDIUM" "woocommerce-products-filter 1.3.2 Products.Filter.for.WooCommerce.<.1.3.2.-.Admin+.PHP.Object.Injection LOW" "woocommerce-products-filter 1.2.6.3 Products.Filter.for.WooCommerce.<.1.2.6.3.-.Reflected.Cross-Site.Scripting HIGH" "woocommerce-products-filter 1.2.0 Multiple.Issues CRITICAL" "wc-fields-factory 4.1.7 ShopManager+.SQLi MEDIUM" "wpmandrill No.known.fix Missing.Authorization.via.getAjaxStats MEDIUM" "wpyog-documents No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-fb-messenger-button-lite 2.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-log-viewer No.known.fix Missing.Authorization MEDIUM" "wp-product-feed-manager 2.9.0 Missing.Authorization.to.Authenticated.(Contributor+).Arbitrary.Feed.Actions MEDIUM" "wp-product-feed-manager 2.6.0 Authenticated.(Admin+).SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-product-feed-manager 2.3.0 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-extra-charges-to-payment-gateways No.known.fix Unauthorised.Arbitrary.Plugin.Settings.Change.to.Stored.XSS CRITICAL" "wp-showhide 1.05 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-tools 1.2.10 Missing.Authorization.to.Authenticated.(Subscriber+)..Plugin.Module.Deactivation MEDIUM" "widget-options 4.1.1 Contributor+.Remote.Code.Execution HIGH" "widget-options 4.0.9 Missing.Authorization.to.Notice.Dismissal MEDIUM" "widget-options 4.0.8 Missing.Authorization MEDIUM" "widget-options 4.0.8 Contributor+.Remote.Code.Execution CRITICAL" "widget-options 4.0.2 Extended.<=.5.1.0.&..Widget.Options.<=.4.0.1.-.Authenticated.(Subscriber+).Information.Disclosure MEDIUM" "woo-audio-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-church-center No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "word-freshener No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-login-box No.known.fix Admin+.Stored.XSS LOW" "woo-checkout-field-editor-pro 2.0.4 Reflected.Cross-Site.Scripting.via.render_review_request_notice MEDIUM" "woo-checkout-field-editor-pro 1.8.0 Admin+.PHP.Object.Injection MEDIUM" "wp-ecommerce-shop-styling No.known.fix Unauthenticated.Dompdf.Local.File.Inclusion.(LFI) HIGH" "wp-facebook-messenger No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wechat-subscribers-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-contact-form No.known.fix Cross-Site.Request.Forgery.via.wpcf_adminpage MEDIUM" "wooshark-aliexpress-importer 2.2.5 Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "wooshark-aliexpress-importer 2.2.5 Unauthenticated.Settings.&.Products.Update MEDIUM" "woocommerce-abandoned-cart 5.16.2 Multiple.CSRF MEDIUM" "woocommerce-abandoned-cart 5.16.2 Missing.Authorization.via.multiple.AJAX.functions MEDIUM" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_delete_expired_used_coupon_code LOW" "woocommerce-abandoned-cart 5.16.1 Improper.Authorization.via.wcal_preview_emails LOW" "woocommerce-abandoned-cart 5.16.0 Admin+.Stored.XSS LOW" "woocommerce-abandoned-cart 5.15.0 Authentication.Bypass CRITICAL" "woocommerce-abandoned-cart 5.8.6 CSRF.Nonce.Bypasses MEDIUM" "woocommerce-abandoned-cart 5.8.3 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-abandoned-cart 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-abandoned-cart 1.9 Authenticated.Blind.SQL.Injection CRITICAL" "wp-tripadvisor-review-slider 12.7 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-tripadvisor-review-slider 11.9 Admin+.Stored.XSS LOW" "wp-tripadvisor-review-slider 11.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-tripadvisor-review-slider 10.8 Subscriber+.SQLi HIGH" "wp-automedic No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-automedic 1.5.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-country-restrictions-advanced 1.14.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-country-restrictions-advanced 1.13.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-humanstxt No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "word-balloon 4.22.0 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "word-balloon 4.20.3 Avatar.Removal.via.CSRF MEDIUM" "word-balloon 4.19.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wordapp-mobile-app No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordapp-mobile-app No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cleanup-and-basic-functions No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wordpress-tooltips 9.5.3 Cross-Site.Request.Forgery MEDIUM" "wordpress-tooltips 9.4.5 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wc-price-history 2.1.5 Authenticated.(Shop.manager+).PHP.Object.Injection HIGH" "wc-price-history 2.1.4 Missing.Authorization MEDIUM" "wp-duplicate-page 1.3 Admin+.Stored.Cross.Site.Scripting LOW" "woo-coupon-usage 5.16.7.2 Unauthenticated.Arbitrary.Shortcode.Execution.and.Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.12.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.5.1.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupon-usage 5.4.4 Unauthenticated.Reflected.XSS HIGH" "woo-coupon-usage 5.4.6 Reflected.XSS HIGH" "woo-coupon-usage 4.16.4.5 Unauthenticated.Stored.XSS HIGH" "woo-coupon-usage 4.16.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-coupon-usage 4.11.3.4 Arbitrary.Referral.Visits.Deletion.via.CSRF MEDIUM" "woo-coupon-usage 4.11.0.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-order-status-change-notifier No.known.fix Subscriber+.Arbitrary.Order.Status.Update MEDIUM" "wp-disable 1.5.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-intercom-slack No.known.fix Slack.Access.Token.Disclosure HIGH" "white-label-branding-elementor No.known.fix Admin+.Stored.XSS LOW" "wp-pagseguro-payments No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-awesome-login No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "woo-vipps 1.14.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-greet 6.3 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-powerplaygallery No.known.fix Arbitrary.File.Upload.&.SQL.Injection HIGH" "wpcs-content-scheduler No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpcs-content-scheduler 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-quick-front-end-editor No.known.fix Authenticated.Settings.Change.leading.to.Stored.XSS CRITICAL" "wp-quick-front-end-editor No.known.fix Authenticated.Content.Injection MEDIUM" "wp-mail-log 1.1.3 Contributor+.Arbitrary.File.Upload HIGH" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.SQL.Injection.in.wml_logs.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.LFI.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Incorrect.Authorization.in.REST.API.Endpoints LOW" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.SQL.Injection.in.wml_logs/send_mail.endpoint MEDIUM" "wp-mail-log 1.1.3 WP.Mail.Log.<.1,1,3.–.Contributor+.Arbitrary.File.Upload.to.RCE CRITICAL" "wp-mail-log 1.1.3 Editor+.SQL.Injection.via.id HIGH" "wp-mail-log 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-log 1.1.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wordpress-twitterbot No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-gpx-map 1.1.23 Arbitrary.File.Upload CRITICAL" "wp-multisite-content-copier-pro 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-multisite-content-copier-pro 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-dropbox-dropins No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "woo-direct-checkout-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-programmmanager No.known.fix Reflected.XSS HIGH" "wp-hide-that No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-gdpr-core No.known.fix Multiple.Unauthenticated.Issues HIGH" "wp-realestate-manager No.known.fix Authentication.Bypass CRITICAL" "woo-addon-uploads 1.7.2 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory HIGH" "woc-order-alert 3.2.2 Unauthenticated.SQLi HIGH" "wp-lister-amazon 0.9.6.36 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wp-ultimate-exporter 2.10 Information.Disclosure.Through.Unprotected.Directory HIGH" "wp-ultimate-exporter 2.9.1 Authenticated.(Admin+).Arbitrary.File.Read MEDIUM" "wp-ultimate-exporter 2.9.2 Authenticated.(Admin+).Remote.Code.Execution MEDIUM" "wp-ultimate-exporter 2.4.2 Unauthenticated.Information.Disclosure MEDIUM" "wp-ultimate-exporter 1.4.2 CSRF HIGH" "wp-ultimate-exporter 1.2 Unauthenticated.SQL.Injection CRITICAL" "wp-stacker No.known.fix Stored.XSS.via.CSRF HIGH" "wp-clap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-mini-program No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "whatshelp-chat-button 1.8.10 Admin+.Stored.XSS LOW" "wpview No.known.fix Admin+.Stored.XSS LOW" "wp-media-manager-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "w3speedster-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "w3speedster-wp 7.27 Cross-Site.Request.Forgery MEDIUM" "w3speedster-wp 7.27 Admin+.RCE MEDIUM" "w3speedster-wp 7.20 Settings.Update.via.CSRF MEDIUM" "wp-schema-pro 2.7.16 Contributor+.Custom.Field.Access LOW" "we-blocks No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wooCommerce-order-proposal 2.0.6 Authenticated.(Shop.Manager+).Privilege.Escalation.via.Order.Proposal HIGH" "wordpress-plugin-for-simple-google-adsense-insertion 2.1 Inject.ads.and.javascript.via.CSRF MEDIUM" "webp-converter-for-media 4.0.3 Unauthenticated.Open.redirect MEDIUM" "webp-converter-for-media 1.0.3 Cross-Site.Request.Forgery.(CSRF) HIGH" "woocommerce-product-importer No.known.fix Product.Importer.<=.1.5.2.-.Reflected.Cross-Site.Scripting MEDIUM" "wp-affiliate-links No.known.fix Reflected.XSS HIGH" "widgets-reset No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-recent-purchases No.known.fix Authenticated.(Admin+).Local.File.Inclusion HIGH" "woocommerce-gateway-nab-dp 2.1.2 NAB.Transact.<.2.1.2.-.Payment.Bypass HIGH" "wp-content-filter 3.1.0 Admin+.Stored.Cross.Site.Scripting LOW" "wp-crm No.known.fix CSV.Injection LOW" "wp-responsive-slider-with-lightbox 1.0.1 Arbitrary.File.Upload.via.CSRF HIGH" "wp-responsive-slider-with-lightbox No.known.fix Admin+.Stored.XSS MEDIUM" "wp-responsive-slider-with-lightbox 1.0.1 Image.Lightboxes.via.CSRF MEDIUM" "widgets-for-siteorigin No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widgets-for-siteorigin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-for-siteorigin 1.4.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "while-it-is-loading No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-chinese-conversion No.known.fix Reflected.XSS HIGH" "wp-404-auto-redirect-to-similar-post 1.0.5 Reflected.Cross-Site.Scripting.via.Debug.Mode.URI MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Reflected.Cross-Site.Scripting.via.request MEDIUM" "wp-404-auto-redirect-to-similar-post 1.0.4 Admin+.Stored.XSS LOW" "wc-payment-gateway-per-category No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-import-export-lite 3.9.27 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-import-export-lite 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-import-export-lite 3.9.5 Subscriber+.Extensions.Update MEDIUM" "wp-import-export-lite 3.9.5 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-connect No.known.fix Stored.XSS.via.CSRF HIGH" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners No.known.fix Subscriber+.SQLi HIGH" "wp-popup-banners 1.2.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-cfm 1.7.9 Cross-Site.Request.Forgery.via.multiple.AJAX.functions MEDIUM" "wpdtol-database-table-overview-logs 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wc-multi-currency 1.5.6 Missing.Authorization MEDIUM" "wc-multi-currency 1.5.6 Cross-Site.Request.Forgery MEDIUM" "wp-travel-blocks 3.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-blocks 3.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "where-did-they-go-from-here 2.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-shamsi No.known.fix Subscriber+.Attachment.Deletion MEDIUM" "wp-shamsi 4.1.1 Unauthenticated.Arbitrary.Plugin.Deactivation MEDIUM" "wp-shamsi 4.2.0 Subscriber+.Settings.Update MEDIUM" "wp-repost No.known.fix Admin+.Stored.XSS LOW" "web-directory-free 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "web-directory-free 1.7.3 Unauthenticated.LFI HIGH" "web-directory-free 1.7.2 Reflected.XSS HIGH" "web-directory-free 1.7.0 Unauthenticated.SQL.Injection HIGH" "wp-automatic 3.95.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.autoplay.Parameter MEDIUM" "wp-automatic 3.93.0 WordPress.Automatic.Plugin.<.3,93,0.Cross-Site.Request.Forgery MEDIUM" "wp-automatic 3.92.1 Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-automatic 3.92.1 Unauthenticated.SQL.Injection CRITICAL" "wp-automatic 3.92.1 Unauthenticated.Arbitrary.File.Download.and.Server-Side.Request.Forgery CRITICAL" "wp-automatic 3.53.3 Unauthenticated.Arbitrary.Options.Update CRITICAL" "woocommerce-myparcel 4.24.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-whatsapp 3.6.9 Missing.Authorization.to.Authenticated.(Subscriber+).Filebird.Plugin.Installation MEDIUM" "wp-whatsapp 3.6.5 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.4 Admin+.Stored.XSS LOW" "wp-whatsapp 3.6.3 Contributor+.Stored.XSS MEDIUM" "wp-whatsapp 3.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "wp-whatsapp 3.4.5 Admin+.Stored.XSS LOW" "wha-crossword No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wha-crossword No.known.fix Contributor+.Stored.XSS MEDIUM" "woocommerce-sendinblue-newsletter-subscription 4.0.18 Authenticated.(Editor+).Arbitrary.File.Download.and.Deletion HIGH" "wp-extra-fields No.known.fix Reflected.XSS HIGH" "wp-whois-domain No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "woo-pensopay 6.3.2 Reflected.XSS HIGH" "wpdoodlez No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-admin 2.6.4 Analytics.Report.Leaks MEDIUM" "wp-experiments-free No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-experiments-free No.known.fix Missing.Authorization MEDIUM" "wp-experiments-free 9.0.1 Unauthenticated.SQLi HIGH" "woo-discount-rules 2.6.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.4.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-discount-rules 2.2.1 Multiple.Authorization.Bypass HIGH" "woo-discount-rules 2.1.0 Multiple.Vulnerabilities CRITICAL" "wpexperts-square-for-give 1.3.2 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wpexperts-square-for-give 1.3.2 Subscriber+.SQL.Injection HIGH" "woopra 1.4.3.2 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-commentnavi 1.12.2 Admin+.Stored.XSS LOW" "wp-ds-blog-map No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-e-customers No.known.fix Reflected.XSS HIGH" "wp-file-get-contents 2.7.1 Contributor+.SSRF MEDIUM" "woocommerce-discounts-plus 3.4.5 Reflected.Cross-Site.Scripting HIGH" "wp-post-columns No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woocommerce-composite-products 8.7.6 Reflected.XSS MEDIUM" "wp-marketing-automations 3.3.0 Unauthenticated.SQLi HIGH" "wp-marketing-automations 3.2.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.8.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-marketing-automations 2.7.0 Authenticated(Administrator+).SQL.Injection MEDIUM" "wp-marketing-automations 2.1.2 Subscriber+.Automation.Creation MEDIUM" "woocommerce-maintenance-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-sales-notification 1.2.3 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wpgt-google-translate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpgt-google-translate No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-survey-plus No.known.fix Subscriber+.AJAX.Calls HIGH" "wp-polls 2.77.3 Unauthenticated.SQL.Injection.to.Stored.Cross-Site.Scripting MEDIUM" "wp-polls 2.76.0 IP.Validation.Bypass MEDIUM" "wp-polls 2.77.0 Subscriber+.Race.Condition MEDIUM" "wp-polls 2.73.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-polls 2.72 SQL.Injection CRITICAL" "wpmailer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-ups-pickup No.known.fix Missing.Authorization MEDIUM" "woo-ups-pickup 2.6.6 Reflected.XSS HIGH" "wp-user-merger 1.5.3 Admin+.SQLi.via.ID MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.user_id MEDIUM" "wp-user-merger 1.5.3 Admin+.SQLi.via.wpsu_user_id MEDIUM" "wp-post-block No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-splashing-images 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "wp-splashing-images 2.1.1 Authenticated.PHP.Object.Injection HIGH" "w2s-migrate-woo-to-shopify 1.3.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Read MEDIUM" "wp-crowdfunding No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Post.Content.Download MEDIUM" "wp-crowdfunding 2.1.13 Missing.Authorization.to.Authenticated.(Subscriber+).WooCommerce.Installation MEDIUM" "wp-crowdfunding 2.1.13 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcf_donate.Shortcode MEDIUM" "wp-crowdfunding 2.1.11 Missing.Authorization.to.Authenticated.(Subscriber+).to.Enable/Disable.Addons MEDIUM" "wp-crowdfunding 2.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-crowdfunding 2.1.10 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.9 Reflected.XSS HIGH" "wp-crowdfunding 2.1.8 Admin+.Stored.XSS LOW" "wp-crowdfunding 2.1.7 Reflected.XSS HIGH" "wp-crowdfunding 2.1.6 Cross-Site.Request.Forgery MEDIUM" "wp-crowdfunding 2.1.5 Missing.Authorization.via.settings_reset MEDIUM" "wh-cache-and-security No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-fiscalita-italiana No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-fiscalita-italiana 1.3.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-htpasswd No.known.fix Admin+.Stored.XSS LOW" "wp-user-manager 2.9.12 Missing.Authorization.to.Carbon.Fields.Custom.Sidebar.Addition/Removal MEDIUM" "wp-user-manager 2.9.12 Missing.Authorization.to.Authenticated.(Subscriber+).User.Meta.Key.Enumeration MEDIUM" "wp-user-manager 2.9.11 Cross-Site.Request.Forgery MEDIUM" "wp-user-manager 2.6.3 Arbitrary.User.Password.Reset.to.Account.Compromise HIGH" "wp-subscribe 1.2.13 Admin+.Stored.Cross-Site.Scripting LOW" "wip-woocarousel-lite 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-custom-page No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-back-button No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-front-end-login-and-register No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-api-authentication 2.4.1 Settings.Update.via.CSRF MEDIUM" "wp-csv-to-database No.known.fix CSRF LOW" "wp-gotowebinar 15.8 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.7 Missing.Authorization MEDIUM" "wp-gotowebinar 15.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-gotowebinar 15.1 Missing.Authorization MEDIUM" "wp-gotowebinar 14.46 Admin+.Stored.XSS LOW" "wp-stripe-checkout 1.2.2.42 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-stripe-checkout 1.2.2.38 Sensitive.Information.Exposure.via.Debug.Log HIGH" "wp-stripe-checkout 1.2.2.21 Contributor+.Stored.XSS MEDIUM" "woorewards 5.3.1 Missing.Authorization MEDIUM" "wp-system-log No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-google-street-view 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-street-view 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-native-articles 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-default-feature-image No.known.fix Admin+.Stored.XSS LOW" "wp-word-count No.known.fix Missing.Authorization.via.calculate_statistics MEDIUM" "wp-word-count 3.2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-shieldon 1.6.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp2android-turn-wp-site-into-android-app No.known.fix Unauthenticated.File.Upload CRITICAL" "woo-product-table No.known.fix Reflected.XSS HIGH" "woo-product-table 3.5.2 Information.Exposure MEDIUM" "woo-product-table 3.1.2 Unauthenticated.Arbitrary.Function.Call CRITICAL" "wp-pro-quiz No.known.fix Arbitrary.Quiz.Deletion.via.CSRF MEDIUM" "wux-blog-editor No.known.fix Authentication.Bypass.to.Administrator CRITICAL" "wux-blog-editor No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-code-highlightjs No.known.fix Undisclosed.Cross-Site.Scripting.(XSS) MEDIUM" "wp-code-highlightjs 0.6.3 CSRF.to.Stored.XSS MEDIUM" "woocommerce-basic-ordernumbers No.known.fix Missing.Authorization MEDIUM" "wp-sendgrid-mailer No.known.fix Missing.Authorization MEDIUM" "wp-sendgrid-mailer No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Log.Deletion MEDIUM" "wp-sendgrid-mailer No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-eMember 10.7.0 Stored.XSS.via.CSRF HIGH" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Bulk.Delete.via.CSRF MEDIUM" "wp-eMember 10.6.7 Reflected.XSS.via.Member.Edit HIGH" "wp-eMember 10.6.7 Unauthenticated.Stored.XSS.via.Member.Registration HIGH" "wp-eMember 10.6.6 Reflected.XSS HIGH" "wp-eMember 10.6.6 Stored.XSS.in.Blacklist.via.CSRF HIGH" "wp-eMember 10.6.7 Reflected.XSS MEDIUM" "wp-eMember 10.6.6 Admin+.Arbitrary.File.Upload MEDIUM" "wp-eMember 10.3.9 Reflected.XSS HIGH" "wp-eMember 10.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-products-widgets-for-elementor No.known.fix Contributor+.Local.File.Inclusion HIGH" "woo-products-widgets-for-elementor 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-products-widgets-for-elementor 1.0.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "woo-products-widgets-for-elementor 1.0.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-scraper 5.8.1 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wp-scraper 5.8 Missing.Authorization.to.Arbitrary.Page/Post.Creation MEDIUM" "wp-search-keyword-redirect No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-expert-agent-xml-feed No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-anti-fraud 3.9 Unauthenticated.Order.Status.Manipulation MEDIUM" "wrc-pricing-tables 2.3.8 Missing.Authorization MEDIUM" "wrc-pricing-tables 2.3.9 Admin+.Stored.XSS LOW" "woo-billing-with-invoicexpress 3.0.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "widget-for-contact-form-7 No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wechat-broadcast No.known.fix Local/Remote.File.Inclusion CRITICAL" "wp-table-builder 1.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder No.known.fix Admin+.Stored.XSS LOW" "wp-table-builder 1.4.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-table-builder 1.4.7 Admin+.Stored.XSS MEDIUM" "wp-table-builder 1.3.16 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-table-builder 1.3.10 Reflected.Cross-Site.Scripting HIGH" "wp-monalisa 6.5 Cross-Site.Request.Forgery MEDIUM" "wptouch 4.3.45 Admin+.PHP.Object.Injection MEDIUM" "wptouch 4.3.45 Admin+.Arbitrary.File.Upload MEDIUM" "wptouch 4.3.44 Reflected.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 5.3.3 Authenticated.(Admin+).PHP.Object.Injection MEDIUM" "wp-security-audit-log 5.3.0 Unauthenticated.Stored.XSS HIGH" "wp-security-audit-log 5.2.2 Unauthenticated.Stored.Cross-Site.Scripting.via.User_id.Parameter HIGH" "wp-security-audit-log 4.6.2 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-security-audit-log 4.5.2 Subscriber+.Information.Leak MEDIUM" "wp-security-audit-log 4.4.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-security-audit-log 4.1.5 SQL.Injection.in.External.Database.Module HIGH" "wp-security-audit-log 4.0.2 Broken.Access.Control.in.First-Time.Install.Wizard CRITICAL" "wp-security-audit-log 3.3.1.2 Subscriber+.Arbitrary.Option.Update MEDIUM" "woocommerce-beta-tester 2.2.4 Admin+.SQLi MEDIUM" "wm-zoom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-admin-interface 7.32 Missing.Authorization.via.wpcai_pro_notice_disable MEDIUM" "wp-custom-admin-interface 7.33 Missing.Authorization.to.Transients.Deletion MEDIUM" "wp-custom-admin-interface 7.29 Admin+.PHP.Object.Injection MEDIUM" "woo-product-slider 2.6.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "woo-product-slider 2.5.7 Subscriber+.Arbitrary.Options.Deletion HIGH" "wp-categories-widget 2.3 Reflected.XSS HIGH" "woocommerce-support-ticket-system 17.9 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post.Deletion.and.Information.Exposure MEDIUM" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-support-ticket-system 17.8 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "woocommerce-support-ticket-system 17.8 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-blogs-planetarium No.known.fix Settings.Update.via.CSRF MEDIUM" "woorocks-magic-content No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-tradingview No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-content-copy-protector 3.6.1 Cross-Site.Request.Forgery MEDIUM" "wp-content-copy-protector 3.5.6 Admin+.Stored.XSS LOW" "wp-content-copy-protector 3.4.5 Settings.Update.via.CSRF MEDIUM" "wp-content-copy-protector 3.1.5 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-content-copy-protector 3.4 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "woocommerce-delivery-notes 5.5.0 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "woocommerce-delivery-notes 5.4.1 Missing.Authorization.to.Authenticated.(Subscriber+).Logo.Deletion MEDIUM" "woocommerce-delivery-notes 4.9.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "woocommerce-delivery-notes 4.7.2 Reflected.XSS HIGH" "wp-config-file-editor No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woo-product-enquiry No.known.fix Unauthenticated.Stored.XSS HIGH" "wechat-reward No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-expand-tabs-free 2.2.7 Admin+.Stored.XSS LOW" "wp-expand-tabs-free 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-expand-tabs-free 2.1.17 Contributor+.Stored.XSS MEDIUM" "wp-expand-tabs-free 2.1.15 Multiple.CSRF MEDIUM" "watupro 5.5.3.7 SQL.Injection CRITICAL" "watupro 4.9.0.8 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-email-newsletter No.known.fix Reflected.XSS HIGH" "wp-cloudy 4.4.9 Admin+.SQL.Injection MEDIUM" "woo-gutenberg-products-block 11.1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woo-gutenberg-products-block 5.5.1 Unauthenticated.SQL.Injection CRITICAL" "woo-gutenberg-products-block 3.7.1 Guest.Account.Creation MEDIUM" "wp-copysafe-web 4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-copysafe-web 3.14 Unauthenticated.Reflected.XSS HIGH" "wp-copysafe-web 2.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woocommerce-superfaktura 1.40.4 Authenticated.(Subscriber+).Blind.Server-Side.Request.Forgery MEDIUM" "wp-popup-builder 1.3.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.wp_ajax_nopriv_shortcode_Api_Add HIGH" "wp-popup-builder 1.3.0 Subscriber+.Arbitrary.Popup.Deletion MEDIUM" "wp-popup-builder 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-jobhunt No.known.fix Unauthenticated.Privilege.Escalation.via.Password.Reset/Account.Takeover CRITICAL" "wp-jobhunt No.known.fix Authentication.Bypass.to.Candidate HIGH" "wp-jobhunt No.known.fix Unauthenticated.Privilege.Escalation.via.Email.Update/Account.Takeover CRITICAL" "wp-jobhunt No.known.fix Authentication.Bypass CRITICAL" "wp-jobhunt 2.4 User.enumeration.&.Reset.password CRITICAL" "wep-demo-import 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-contracts 1.3.12 Author+.SQLi MEDIUM" "wpsol No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-customer-source 1.3.2 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wiseagentleadform 3.0 Reflected.Cross-Site.Scripting MEDIUM" "watermark-reloaded No.known.fix Cross-Site.Request.Forgery.via.optionsPage HIGH" "wp-email-users No.known.fix Subscriber+.SQL.Injection HIGH" "wpsyncsheets-woocommerce 1.9 Missing.Authorization MEDIUM" "whmcs-bridge 6.4b Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "whmcs-bridge 6.3 Subscriber+.Stored.Cross-Site.Scripting MEDIUM" "widgets-for-aliexpress-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wordpress-database-reset 3.23 Cross-Site.Request.Forgery.to.WP.Reset.Plugin.Installation MEDIUM" "wordpress-database-reset 3.15 Unauthenticated.Database.Reset CRITICAL" "wordpress-database-reset 3.15 Privilege.Escalation HIGH" "wp-free-ssl No.known.fix Missing.Authorization MEDIUM" "wp-free-ssl 1.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.6 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.3 Unauthenticated.Arbitrary.Shortcode.Execution CRITICAL" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Missing.Authorization MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-data-filter-and-taxonomy-filter 1.3.1 Reflected.XSS HIGH" "wp-meta-data-filter-and-taxonomy-filter 1.2.8 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-scheduled-posts 5.1.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-scheduled-posts 5.0.9 Missing.Authorization MEDIUM" "wp-scheduled-posts 5.0.5 Contributor+.Arbitrary.Post.Update/Deletion LOW" "wp-curriculo-vitae No.known.fix Unauthenticated.Arbitrary.File.Upload.to.RCE CRITICAL" "wp-admin-ui-customize 1.5.14 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-ui-customize 1.5.13 Admin+.Stored.XSS LOW" "wp-meta-seo 4.5.14 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.14 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meta-seo 4.5.13 Unauthenticated.Password.Protected.Content.Access MEDIUM" "wp-meta-seo 4.5.13 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer.header HIGH" "wp-meta-seo 4.5.5 Author+.PHAR.Deserialization HIGH" "wp-meta-seo 4.5.3 Subscriber+.Improper.Authorization.causing.Arbitrary.Redirect MEDIUM" "wp-meta-seo 4.5.3 Subscriber+.SQLi HIGH" "wp-meta-seo 4.5.4 Subscriber+.Google.Analytics.Settings.Update MEDIUM" "wp-meta-seo 4.5.4 Subscriber+.SiteMap.Settings.Update MEDIUM" "wp-meta-seo 4.4.9 Social.Settings.Update.via.CSRF MEDIUM" "wp-meta-seo 4.4.7 Admin+.Stored.Cross-Site.Scripting.via.breadcrumbs LOW" "weather-in-any-city-widget 1.1.41 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-design-maps-places No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webbricks-addons 1.1.11 Contributor+.Stored.XSS MEDIUM" "wp-listings No.known.fix Missing.Authorization MEDIUM" "wp-listings No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-listings 2.0.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-email-capture 3.11 Unauthenticated.Email.Capture.Download MEDIUM" "wp-email-capture 3.10 Email.Captures.Update.via.CSRF MEDIUM" "wp-email-capture 3.10 Admin+.Stored.XSS LOW" "woo-esto 2.23.2 Settings.Update.via.CSRF MEDIUM" "wcp-openweather No.known.fix Cross-Site.Request.Forgery MEDIUM" "wcp-openweather No.known.fix Reflected.XSS HIGH" "wc-multivendor-marketplace 3.6.12 Reflected.Cross-Site.Scripting MEDIUM" "wc-multivendor-marketplace 3.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wc-multivendor-marketplace 3.4.12 Subscriber+.Unauthorised.AJAX.Calls HIGH" "wc-multivendor-marketplace 3.5.0 Multiple.CSRF MEDIUM" "wc-multivendor-marketplace 3.4.12 WooCommerce.Multivendor.Marketplace.<.3.4.12.-.Unauthenticated.SQL.Injection HIGH" "web3-token-gate 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-bannerize No.known.fix 4.0.2.-.Authenticated.SQL.Injection HIGH" "wp-lightbox-2 3.0.6.7 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "wp-lightbox-2 No.known.fix Admin+.Stored.XSS LOW" "wp-optimize 3.2.13 Cross-Site.Scripting.From.Third-party.Library HIGH" "wp-jobs 1.7 XSS MEDIUM" "wp-jobs 1.5 Authenticated.SQL.Injection HIGH" "wp-test-email 1.1.9 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-test-email 1.1.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-business-intelligence-lite 1.6.3 SQL.Injection CRITICAL" "wp-private-content-plus 3.6.2 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-private-content-plus 3.6.1 Unauthenticated.Protected.Post.Access MEDIUM" "wp-private-content-plus 3.2 Cross-Site.Request.Forgery HIGH" "wp-private-content-plus 3.2 CSRF.Nonce.Bypass HIGH" "wp-private-content-plus 2.0 Unauthenticated.Options.Change HIGH" "woo-aliexpress-dropshipping 2.1.2 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "woo-aliexpress-dropshipping No.known.fix Missing.Authorization MEDIUM" "wooreviews-importer No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-cookie-law-info No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-conditional-discount-rules-for-checkout 2.4.1 CSRF MEDIUM" "woo-conditional-discount-rules-for-checkout 2.3.3.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-discount-rules-for-checkout 2.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dev-powers-display-screen-dimensions-to-admin No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-awesome-import-export No.known.fix Import.&.Export.WordPress.Data.<=.4.1.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.SQL.Execution/Privilege.Escalation HIGH" "wplingo No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "woo-tipdonation No.known.fix Shop.Manager+.Stored.XSS MEDIUM" "walker-core 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "walker-core 1.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-smart-crm-invoices-free No.known.fix Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-hubspot-woocommerce 1.0.5 Reflected.Cross-Site.Scripting HIGH" "wp-latest-posts 5.0.8 Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "wp-latest-posts 3.7.5 XSS MEDIUM" "woocommerce-delivery-date No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-confirmation-email No.known.fix Reflected.XSS HIGH" "woo-confirmation-email No.known.fix Authentication.bypass.via.weak.token.generation HIGH" "woo-confirmation-email 3.4.0 CSRF.leading.to.Option.Update CRITICAL" "wpc-composite-products 7.2.8 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-database-error-manager No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-voting-contest 3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-booking-system 2.0.19.11 Missing.Authorization.via.wpbs_refresh_calendar_editor MEDIUM" "wp-booking-system 2.0.19.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-booking-system 2.0.19.3 Missing.Authorization MEDIUM" "wp-booking-system 2.0.18.1 Admin+.Stored.XSS LOW" "wp-booking-system 2.0.15 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-booking-system 1.5.2 CSRF.to.Authenticated.SQL.Injection HIGH" "wp-booking-system 1.4 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woo-product-filter 2.7.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "woo-product-filter 2.5.1 Subscriber+.Table.Data.Access MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Execution MEDIUM" "woo-thank-you-page-customizer 1.1.3 Missing.Authorization.to.Authenticated.(Subscriber+).Data.Export MEDIUM" "woo-thank-you-page-customizer 1.0.14 CSRF MEDIUM" "wp-knowledgebase No.known.fix CSRF MEDIUM" "woo-wholesale-pricing 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-wholesale-pricing 1.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-smart-preloader 1.15.1 Admin+.Stored.XSS LOW" "woo-tranzila-gateway No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wapppress-builds-android-app-for-website 6.0.5 Authenticated.(Subscriber+).Server-Side.Request.Forgery MEDIUM" "wapppress-builds-android-app-for-website 6.0.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-special-textboxes 6.2.5 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-special-textboxes 5.9.110 Admin+.Stored.Cross-Site.Scripting LOW" "wayne-audio-player No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "wp-shop-original No.known.fix Unauthenticated.Settings.Update MEDIUM" "woocommerce-menu-bar-cart 2.12.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-order-searching No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpagecontact No.known.fix Authenticated.(editor+).SQL.Injection HIGH" "wp-desklite No.known.fix Reflected.XSS HIGH" "winterlock 1.2.5 Cross-Site.Request.Forgery MEDIUM" "winterlock 1.0.23 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "winterlock 1.0.21 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wp-currency-exchange-rates 1.3.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpbulky-wp-bulk-edit-post-types 1.0.10 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-directorybox-manager No.known.fix Authentication.Bypass CRITICAL" "wp-directorybox-manager No.known.fix Authentication.Bypass CRITICAL" "woocommerce-gateway-gocardless 2.5.7 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpbits-addons-for-elementor 1.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wpbits-addons-for-elementor 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wpbits-addons-for-elementor 1.5 Contributor+.Stored.XSS MEDIUM" "wpbits-addons-for-elementor 1.3.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "watchtowerhq 3.10.4 Authentication.Bypass.to.Administrator.due.to.Missing.Empty.Value.Check CRITICAL" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "watchtowerhq 3.6.16 Unauthenticated.Arbitrary.File.Access HIGH" "wp-hr-manager No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-manager 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-manager 3.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-video-robot No.known.fix .Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "wp-video-robot No.known.fix The.Ultimate.Video.Importer.<=.1.20.0.-.Unauthenticated.SQL.Injection HIGH" "wp-file-manager 7.2.8 Missing.Authorization MEDIUM" "wp-file-manager 7.2.6 Authenticated.(Administrator+).Directory.Traversal MEDIUM" "wp-file-manager 7.2.5 Cross-Site.Request.Forgery.to.Local.JS.File.Inclusion HIGH" "wp-file-manager 7.2.2 Directory.Traversal CRITICAL" "wp-file-manager 7.2.2 Sensitive.Information.Exposure.via.Backup.Filenames HIGH" "wp-file-manager 7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-manager 6.9 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wp-file-manager 6.5 Backup.File.Directory.Listing MEDIUM" "wp-file-manager 5.2 Multiple.Vulnerabilities HIGH" "wp-file-manager 3.1 CSRF.to.Stored.Cross-Site.Scripting MEDIUM" "wp-file-manager 3.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "wp-magazine-modules-lite 1.1.3 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "woo-paylate 1.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-paylate 1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpzoom-elementor-addons 1.1.39 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wpzoom-elementor-addons 1.1.38 Unauthenticated.Local.File.Inclusion CRITICAL" "wpzoom-elementor-addons 1.1.37 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-elementor-addons 1.1.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-fields-search No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpcfs-preset.Shortcode MEDIUM" "wp-custom-fields-search 1.2.35 Admin+.Stored.XSS LOW" "wp-custom-fields-search 1.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-line-notify 1.4.5 Reflected.XSS HIGH" "wp-reviews-plugin-for-google 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-reviews-plugin-for-google 10.9.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-reviews-plugin-for-google 9.8 Contributor+.Stored.XSS MEDIUM" "wp-mermaid No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-not-login-hide-wpnlh No.known.fix Admin+.Stored.XSS LOW" "wp-hide-pages No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-zillow-review-slider 2.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-postratings-cheater No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-translitera No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-ban 1.69.1 Admin+.Stored.XSS LOW" "weekly-schedule 3.4.3 Authenticated.Stored.XSS MEDIUM" "wpc-grouped-product 4.4.3 Missing.Authorization MEDIUM" "wpupper-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Custom.CSS.Update MEDIUM" "wpupper-share-buttons 3.50 Missing.Authorization MEDIUM" "wpupper-share-buttons 3.43 Admin+.Stored.XSS LOW" "wise-chat 2.8.4 CSV.Injection HIGH" "wise-chat 2.7 Reverse.Tabnabbing MEDIUM" "wp-jitsi-shortcodes No.known.fix Admin+.Stored.XSS LOW" "wp-jitsi-shortcodes No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wpmu-prefill-post No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-testing No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-youtube-gallery 2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.id.Parameter MEDIUM" "woocommerce-add-to-cart-custom-redirect 1.2.14 Authenticated(Contributor+).Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "wp-lister-ebay 2.0.21 jQueryFileTree.-.Unauthenticated.Path.Traversal MEDIUM" "wc-captcha No.known.fix Admin+.Stored.XSS LOW" "wc-product-table-lite 3.9.5 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.9.0 Missing.Authorization MEDIUM" "wc-product-table-lite 3.8.7 Unauthenticated.Arbitrary.Shortcode.Execution.&.Reflected.Cross-Site.Scripting HIGH" "wc-product-table-lite 3.8.6 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wc-product-table-lite 3.8.6 Missing.Authorization.to.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wc-product-table-lite 3.1.0 CSRF MEDIUM" "wc-product-table-lite 2.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.5 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "woo-bulk-editor 1.1.4.4 Missing.Authorization MEDIUM" "woo-bulk-editor 1.1.4.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-editor 1.1.4.1 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting.via.Plugin.Options MEDIUM" "woo-bulk-editor 1.1.4.1 Missing.Authorization.via.Several.Functions MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-bulk-editor 1.1.3.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wc-builder 1.0.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-fevents-book No.known.fix Subscriber+.Stored.XSS HIGH" "wp-fevents-book No.known.fix Subscriber+.Arbitrary.Booking.Manipulation.via.IDOR MEDIUM" "wp-shoutbox-live-chat No.known.fix Unauthenticated.SQLi HIGH" "wp-shoutbox-live-chat No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-linkedin-auto-publish 8.12 Missing.Authorization MEDIUM" "wp-manutencao 1.0.7 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "woocommerce-bookings 2.0.4 Cross-Site.Request.Forgery MEDIUM" "wp-posts-carousel 1.3.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.auto_play_timeout.Parameter MEDIUM" "wp-google-fonts 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-zelle 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-zelle 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpvivid-backup-mainwp 0.9.34 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wpvivid-backup-mainwp 0.9.33 Reflected.Cross-Site.Scripting MEDIUM" "wp-original-media-path 2.4.1 Admin+.Stored.XSS LOW" "wp-force-ssl 1.67 Missing.Authorization.to.Settings.Update MEDIUM" "wp-font-awesome-share-icons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-post-category-notifications No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-order-notes 1.5.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-open-street-map 1.30 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woo-product-design No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wa-sticky-button 1.4.1 Unauthenticated.Arbitrary.Settings.Update.to.Stored.XSS HIGH" "wish-list-for-woocommerce 3.1.8 Cross-Site.Request.Forgery.to.Cross-Site.Scriping.via.Wishlist.Name MEDIUM" "wish-list-for-woocommerce 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wpcargo No.known.fix Missing.authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wpcargo No.known.fix Unauthenticated.SQL.Injection HIGH" "wpcargo 6.9.5 Admin+.Stored.Cross.Site.Scripting LOW" "wpcargo 6.9.5 Reflected.Cross.Site.Scripting MEDIUM" "wpcargo 6.9.0 Unauthenticated.RCE CRITICAL" "wp-donimedia-carousel No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-donate 1.5 Unauthenticated.SQL.Injection HIGH" "woocommerce-gateway-stripe 7.6.2 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-gateway-stripe 7.6.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-gateway-stripe 7.4.1 Subscriber+.Order.Intent.Update MEDIUM" "woocommerce-gateway-stripe 7.4.1 Unauthenticated.PII.Disclosure.via.IDOR HIGH" "wp-scrippets No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-glossary No.known.fix Missing.Authorization MEDIUM" "wp-glossary No.known.fix Contributor+.Stored.XSS MEDIUM" "wc-gsheetconnector 1.3.12 Missing.Authorization MEDIUM" "wc-gsheetconnector 1.3.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-gsheetconnector 1.3.6 Access.Code.Update.via.CSRF MEDIUM" "wc-gsheetconnector 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pocket-urls 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-pocket-urls 1.0.3 Reflected.Cross-Site.Scripting HIGH" "woo-pdf-invoice-builder 1.2.137 Reflected.Cross-Site.Scripting MEDIUM" "woo-pdf-invoice-builder 1.2.102 Cross-Site.Request.Forgery MEDIUM" "woo-pdf-invoice-builder 1.2.104 Reflected.XSS HIGH" "woo-pdf-invoice-builder 1.2.91 Admin+.Stored.XSS LOW" "woo-pdf-invoice-builder 1.2.92 Subscriber+.Arbitrary.Invoice.Access MEDIUM" "woo-pdf-invoice-builder 1.2.91 Invoice.Fields.Creation.via.CSRF MEDIUM" "woo-pdf-invoice-builder 1.2.90 Subscriber+.SQLi HIGH" "woo-pdf-invoice-builder 1.2.91 Invoice.Update.via.CSRF MEDIUM" "widget-or-sidebar-per-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-opening-hours No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "web-invoice No.known.fix Authenticated.SQLi HIGH" "web-invoice No.known.fix Authenticated.SQLi HIGH" "wp-db-backup 2.5.2 Arbitrary.Schedule.Settings.Update.via.CSRF MEDIUM" "wp-db-backup 2.5.1 Admin+.SQL.Injection MEDIUM" "wp-db-backup 2.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "wp-db-backup 2.3.0 Backup.Filename.Brute.Forcing HIGH" "wp-editor-bootstrap-blocks 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mail-bank 3.0.13 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-aweber-newsletter-subscription 4.0.3 Missing.Authorization.to.Access.Token.Modification MEDIUM" "wordpress-feed-statistics No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wordpress-feed-statistics 4.0 Open.Redirect MEDIUM" "woolentor-addons 3.1.1 Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Flash.Sale.Countdown.Module MEDIUM" "woolentor-addons 2.9.9 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.WL:.FAQ.Widget.Elementor.Template MEDIUM" "woolentor-addons 2.9.8 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "woolentor-addons 2.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Product.Horizontal.Filter.Widget MEDIUM" "woolentor-addons 2.8.9 Contributor+.Stored.XSS.via.woolentorsearch.Shortcode MEDIUM" "woolentor-addons 2.8.9 Authenticated.Option.Update MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.8 Missing.Authorization MEDIUM" "woolentor-addons 2.8.8 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.8.2 Contributor+.Template.Reset LOW" "woolentor-addons 2.8.5 Authenticated.(Contributor+).Stored.Cross-site.Scripting.via.QR.Code.Widget MEDIUM" "woolentor-addons 2.8.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.WL.Universal.Product.Layout MEDIUM" "woolentor-addons 2.8.2 Contributor+.Stored.Cross-Site.Scripting.via.Banner.Link MEDIUM" "woolentor-addons 2.6.3 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.2 Settings.Update.via.CSRF MEDIUM" "woolentor-addons 2.5.4 Contributor+.Stored.XSS MEDIUM" "woolentor-addons 2.5.4 PHP.Object.Injection MEDIUM" "woolentor-addons 1.8.6 WooCommerce.Elementor.Addons.+.Builder.<.1.8.6.-.Contributor+.Stored.XSS MEDIUM" "wphobby-demo-import No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-phpmyadmin-extension 5.2.0.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-phpmyadmin-extension 5.2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-concours No.known.fix Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-hss-extension-for-streaming-video No.known.fix Reflected.Cross-Site.Scripting.via.videolink.Parameter MEDIUM" "wp-agenda No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-gdpr-compliance No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-gdpr-compliance 2.0.23 Subscriber+.Arbitrary.Options.Update HIGH" "wp-gdpr-compliance 2.0.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-gdpr-compliance 1.5.6 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "wp-gdpr-compliance 1.4.3 Unauthenticated.Call.Any.Action.or.Update.Any.Option CRITICAL" "woocommerce-stock-manager 2.11.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-stock-manager 2.6.0 CSRF.to.Arbitrary.File.Upload HIGH" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Reflected.XSS HIGH" "woo-custom-emails No.known.fix Unauthenticated.Email.Settings.Update MEDIUM" "wpfront-scroll-top 2.0.6.07225 Admin+.Stored.XSS MEDIUM" "widgets-for-sourceforge-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "webcam-2way-videochat 5.2.8 Reflected.Cross-Site.Scripting HIGH" "webcam-2way-videochat 4.41.2 Cross-Site.Scripting.(XSS) MEDIUM" "wp-table-editor 1.6.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-scrive 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-scrive 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-ping-optimizer No.known.fix Log.Clearing.via.CSRF MEDIUM" "wordpress-ping-optimizer 2.35.1.3.0 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-custom-widget-area No.known.fix Subscriber+.Menus.Creation/Deletion/Update MEDIUM" "wp-custom-widget-area No.known.fix Missing.Authorization MEDIUM" "wp-event-partners No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-event-partners No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-job-board-pro No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-social-buttons No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-cookies-enabler No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wedocs 2.1.5 Missing.Authorization MEDIUM" "wp-fpo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpide 3.5.0 Unauthenticated.Full.Path.Dislcosure MEDIUM" "wpide 3.4.7 Reflected.Cross-Site.Scripting MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Edit.&.Upload MEDIUM" "wpide 3.0 Admin+.Arbitrary.File.Read MEDIUM" "wpide 3.0 Admin+.Local.File.Inclusion LOW" "wp-e-commerce No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Post.Creation MEDIUM" "wp-e-commerce No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wpf-ultimate-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wired-impact-volunteer-management 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.9 Authentication.Bypass CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "woocommerce-pdf-vouchers 4.9.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-vouchers 4.9.5 Missing.Authorization MEDIUM" "woocommerce-pdf-vouchers 4.9.4 PDF.Vouchers.<.4.9.4.-.Authentication.Bypass.to.Voucher.Vendor HIGH" "wp-download-codes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-paypal-payments 2.0.5 Merchant.ID.Details.Update.via.CSRF MEDIUM" "wookit No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webflow-pages 1.1.0 Missing.Authorization MEDIUM" "wp-amaps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-extra-file-types 0.5.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wdes-responsive-mobile-menu No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "woocommerce-bulk-order-form 3.6.0 Shop.Manager+.Stored.XSS MEDIUM" "web-stories-enhancer 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-show-more No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.show_more.Shortcode MEDIUM" "wp-rollback 1.2.3 Cross-Site.Scripting.(XSS).&.CSRF HIGH" "woocommerce-checkout-manager 7.3.1 Missing.Authorization MEDIUM" "woocommerce-checkout-manager 5.5.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-manager 4.3 Arbitrary.File.Upload HIGH" "w3s-cf7-zoho No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "w3s-cf7-zoho 2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "w3s-cf7-zoho 2.1.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-recaptcha-integration 1.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-recaptcha-integration No.known.fix Admin+.Stored.XSS LOW" "wc-sudan-payment-gateway No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "woo-inpost No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.File.Read.and.Delete CRITICAL" "wp-share-buttons-analytics-by-getsocial 4.4 Admin+.Stored.XSS LOW" "wp-fiddle No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-announcements No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "which-template-file 5.1.0 Reflected.XSS HIGH" "which-template-file 4.9 Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-migrate-2-aws 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-codice-fiscale No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-auctions No.known.fix Authenticated.(Editor+).SQL.Injection MEDIUM" "wp-auctions No.known.fix Editor+.SQL.Injection MEDIUM" "wp-auctions No.known.fix Editor+.Stored.XSS LOW" "wp-auctions No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-auctions No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-post-page-clone 1.2 Unauthorised.Post.Access MEDIUM" "wp-post-page-clone 1.1 SQL.Injections.due.to.Duplicated.Snippets HIGH" "wpcf7-redirect 3.0.0 Missing.Authorization MEDIUM" "wpcf7-redirect 2.9.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.6.0 Unauthenticated.Options.Update.to.Stored.XSS HIGH" "wpcf7-redirect 2.5.0 Reflected.Cross-Site.Scripting MEDIUM" "wpcf7-redirect 2.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Plugin.Installation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.Arbitrary.Post.Deletion MEDIUM" "wpcf7-redirect 2.3.4 Unauthenticated.Arbitrary.Nonce.Generation MEDIUM" "wpcf7-redirect 2.3.4 Authenticated.PHP.Object.Injection HIGH" "wpcf7-redirect 2.3.4 Unprotected.AJAX.Actions MEDIUM" "webparex No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-dark-mode 5.0.5 Missing.Authorization MEDIUM" "wp-dark-mode 4.0.8 Subscriber+.Local.File.Inclusion MEDIUM" "wp-dark-mode 4.0.0 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wp-nssuser-register No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-affiliate-platform 6.5.2 Affiliate.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 POST.Reflected.XSS MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Affiliate.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Lead.Editing HIGH" "wp-affiliate-platform 6.5.1 Profile.Update.via.CSRF MEDIUM" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Banner.Editing HIGH" "wp-affiliate-platform 6.5.1 Reflected.XSS.via.Registration.Form HIGH" "wp-affiliate-platform 6.5.1 Stored.XSS.via.CSRF HIGH" "wp-affiliate-platform 6.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-affiliate-platform 6.4.0 Affiliate.Record.Deletion.via.CSRF MEDIUM" "wp-affiliate-platform 6.4.0 Admin+.Stored.XSS LOW" "woocommerce-ean-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).EAN.Update MEDIUM" "woo-ukrposhta 1.18.0 Reflected.Cross-Site.Scripting.via.order,.post,.and.idd.Parameters MEDIUM" "woo-ukrposhta 1.17.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-ukrposhta 1.6.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpdbspringclean No.known.fix Reflected.XSS HIGH" "wpvivid-backuprestore 0.9.113 Admin+.Arbitrary.File.Upload HIGH" "wpvivid-backuprestore 0.9.107 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.108 Unauthenticated.PHP.Object.Injection HIGH" "wpvivid-backuprestore 0.9.106 Unauthenticated.Sensitive.Data.Exposure HIGH" "wpvivid-backuprestore 0.9.100 Admin+.PHAR.Deserialization HIGH" "wpvivid-backuprestore 0.9.69 Unauthenticated.SQLi.&.DoS HIGH" "wpvivid-backuprestore 0.9.95 Missing.Authorization MEDIUM" "wpvivid-backuprestore 0.9.92 WPvivid.<.0.9.92.-.Unauthenticated.Sensitive.Information.Exposure HIGH" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.90 Admin+.Arbitrary.Directory.Deletion.via.Path.Traversal HIGH" "wpvivid-backuprestore 0.9.90 Admin+.Stored.XSS MEDIUM" "wpvivid-backuprestore 0.9.91 Missing.Authorization.via.'start_staging'.and.'get_staging_progress' HIGH" "wpvivid-backuprestore 0.9.77 Admin+.Arbitrary.File.Deletion MEDIUM" "wpvivid-backuprestore 0.9.76 Admin+.Arbitrary.File.Read MEDIUM" "wpvivid-backuprestore 0.9.75 Admin+.PHAR.Deserialization MEDIUM" "wpvivid-backuprestore 0.9.71 Admin+.Arbitrary.File.Download LOW" "wpvivid-backuprestore 0.9.70 Reflected.Cross-Site.Scripting MEDIUM" "wpvivid-backuprestore 0.9.69 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpvivid-backuprestore 0.9.56 Reflected.Cross-Site.Scripting HIGH" "woo-seo-addon 2.1.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-seo-addon 2.1.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-rocket 2.10.4 Local.File.Inclusion.(LFI) HIGH" "wp-spreadplugin No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-education 1.2.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.text_html_tag MEDIUM" "wp-education 1.2.7 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woo-cart-count-shortcode 1.1.0 Contributor+.XSS MEDIUM" "woo-cart-count-shortcode No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-tithely No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wc-product-author 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-author 1.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "welcome-email-editor 5.0.7 Cross-Site.Request.Forgery MEDIUM" "welcome-email-editor 5.0.7 Subscriber+.Email.Sending MEDIUM" "wp-user-frontend 4.0.8 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-user-frontend 4.0.8 Use.of.Polyfill.io MEDIUM" "wp-user-frontend 3.6.6 Authenticated.(Author+).Privilege.Escalation HIGH" "wp-user-frontend 3.6.9 Missing.Authorization.via.AJAX.actions MEDIUM" "wp-user-frontend 3.5.29 Obscure.Registration.as.Admin MEDIUM" "wp-user-frontend 3.5.26 SQL.Injection.to.Reflected.Cross-Site.Scripting HIGH" "wp-user-frontend 3.5.25 Admin+.SQL.Injection MEDIUM" "woo-related-products-refresh-on-reload 3.3.16 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "webriti-smtp-mail No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-social 3.1.1 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-social 3.0.8 Authentication.Bypass CRITICAL" "wp-social 3.0.1 Missing.Authorization.to.Unauthenticated.Social.Login/Share.Status.Update MEDIUM" "wp-joomag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-donottrack No.known.fix Authenticated.(admin+).Stored.XSS MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Missing.Authorization MEDIUM" "wp-seopress 8.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-seopress 7.9.1 Authenticated(Contributor+).Stored.Cross-Site.Scripting.via.Social.Image.URL MEDIUM" "wp-seopress 7.9 Unauthenticated.Object.Injection HIGH" "wp-seopress 7.8 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.8 Contributor+.Open.Redirect LOW" "wp-seopress 7.6 Contributor+.Stored.XSS MEDIUM" "wp-seopress 7.7 Information.Exposure MEDIUM" "wp-seopress 7.6 Author+.Stored.Cross-Site.Scripting MEDIUM" "wp-seopress 7.3 Admin+.Stored.XSS LOW" "wp-seopress 6.5.0.3 Admin+.PHP.Object.Injection MEDIUM" "wp-seopress 5.0.4 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-custom-cursors No.known.fix Admin+.Stored.XSS LOW" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-custom-cursors 3.0.1 Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-custom-cursors 3.0.1 Arbitrary.Cursor.Deletion.via.CSRF MEDIUM" "wp-custom-cursors 3.2 Admin+.SQLi MEDIUM" "wp-club-manager 2.2.12 Missing.Authorization MEDIUM" "wp-club-manager 2.2.12 Authenticated.(Player+).Stored.Cross-Site.Scripting MEDIUM" "wp-club-manager 2.2.11 Missing.Authorization.to.Unauthenticated.Event.Permalink.Update MEDIUM" "woocommerce-pre-orders 2.0.3 Arbitrary.Pre-Order.Canceling.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.3 Unauthorised.Actions.via.CSRF MEDIUM" "woocommerce-pre-orders 2.0.2 Reflected.XSS HIGH" "woocommerce-pre-orders 2.0.1 Contributor+.Stored.XSS MEDIUM" "woocommerce-pre-orders 2.0.0 Reflected.XSS HIGH" "wp-emember 10.6.6 Authenticated.(Admin+).Arbitrary.File.Upload MEDIUM" "wp-icommerce No.known.fix Authenticated.(contributor+).SQL.Injection HIGH" "wp-notcaptcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-load-gallery No.known.fix Authenticated.(Author+).Arbitrary.File.Upload HIGH" "woo-document-preview 1.4.0 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wp-security-questions No.known.fix Cross-Site.Request.Forgery HIGH" "wp-security-questions No.known.fix CSRF.Bypass MEDIUM" "wp-e-commerce-style-email No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-social-bookmark-menu No.known.fix Settings.Update.via.CSRF MEDIUM" "woocommerce-jetpack 7.2.4 Authenticated.(ShopManager+).Stored.Cross-Site.Scripting.via.wcj_product_meta.Shortcode MEDIUM" "woocommerce-jetpack 7.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-jetpack 7.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortocde MEDIUM" "woocommerce-jetpack 7.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.2 Missing.Authorization.to.Authenticated.(Subscriber+).Order.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.3 Missing.Authorization.to.Product.Creation/Modification MEDIUM" "woocommerce-jetpack 7.1.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-jetpack 7.1.2 Authenticated.(Subscriber+).Information.Disclosure.via.Shortcode MEDIUM" "woocommerce-jetpack 7.1.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 7.1.1 Subscriber+.Sensitive.Information.Disclosure MEDIUM" "woocommerce-jetpack 7.1.0 Shop.Manager+.Missing.Authorization.to.Arbitrary.Options.Update MEDIUM" "woocommerce-jetpack 6.0.1 Multiple.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-jetpack 5.6.7 Custom.Role.Creation/Deletion.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.7 Checkout.Files.Deletion.via.CSRF LOW" "woocommerce-jetpack 5.6.7 ShopManager+.Arbitrary.File.Download MEDIUM" "woocommerce-jetpack 5.6.7 Settings.Reset.via.CSRF MEDIUM" "woocommerce-jetpack 5.6.3 Subscriber+.Order.Status.Update MEDIUM" "woocommerce-jetpack 5.6.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.PDF.Invoicing.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.Product.XML.Feeds.Module HIGH" "woocommerce-jetpack 5.4.9 Reflected.Cross-Site.Scripting.in.General.Module HIGH" "woocommerce-jetpack 5.4.4 Authentication.Bypass CRITICAL" "woocommerce-jetpack 3.8.0 XSS MEDIUM" "wpextended 3.0.14 Missing.Authorization.to.Unauthenticated.Post.Order.Manipulation MEDIUM" "wpextended 3.0.13 Unauthenticated.SQL.Injection.via.Login.Attempts.Module HIGH" "wpextended 3.0.12 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting HIGH" "wpextended 3.0.12 Missing.Authorization.to.Authenticated.(Subscriber+).Remote.Code.Execution HIGH" "wpextended 3.0.10 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wpextended 3.0.9 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wpextended 3.0.9 Insecure.Direct.Object.Reference MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.selected_option MEDIUM" "wpextended 3.0.9 Reflected.Cross-Site.Scripting.via.page MEDIUM" "wpextended 3.0.9 Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wpextended 3.0.9 Missing.Authorization.to.Admin.Username.Change MEDIUM" "wpextended 3.0.9 Directory.Traversal.to.Authenticated.(Subscriber+).Arbitrary.File.Download HIGH" "wpextended 3.0.0 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wpjournal No.known.fix Missing.Authorization MEDIUM" "wp-twilio-core 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-twilio-core 1.3.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "world-cup-predictor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-google-maps-pro 8.1.12 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-openpos 7.0.1 Unauthenticated.SQL.Injection HIGH" "woocommerce-openpos 7.0.2 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce-openpos 7.0.1 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wonderplugin-pdf-embed 1.7 Contributor+.Stored.XSS MEDIUM" "wp-with-spritz No.known.fix Unauthenticated.File.Inclusion CRITICAL" "wp-compress-image-optimizer 6.30.04 Reflected.Cross-Site.Scripting.via.custom_server.Parameter MEDIUM" "wp-compress-image-optimizer 6.21.01 Reflected.Cross-Site.Scripting MEDIUM" "wp-compress-image-optimizer 6.20.02 Missing.Authorization MEDIUM" "wp-compress-image-optimizer 6.20.02 Open.Redirect.via.css MEDIUM" "wp-compress-image-optimizer 6.11.01 Cross-Site.Request.Forgery MEDIUM" "wp-compress-image-optimizer 6.11.11 Missing.Authorization.to.Unauthenticated.CDN.Modification HIGH" "wp-compress-image-optimizer 6.10.34 Unauthenticated.Arbitrary.File.Read HIGH" "wp-map No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "woo-qiwi-payment-gateway No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-home-page-menu 3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wc-sms 2.8.1.1 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wc-sms 2.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-crm-system 3.4.0 Unauthenticated.Duplicate.Contact.Settings.Update MEDIUM" "wp-crm-system 3.2.9.1 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel No.known.fix Author+.SQL.Injection MEDIUM" "wp-travel No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-travel 9.7.0 Missing.Authorization MEDIUM" "wp-travel 9.4.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel 7.8.1 Unauthenticated.AJAX.Calls MEDIUM" "wp-travel 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel 4.4.7 CSRF.Nonce.Bypasses MEDIUM" "wp-travel 4.4.7 Cross-Site.Request.Forgery MEDIUM" "wp-business-intelligence 1.6.3 SQL.Injection CRITICAL" "wp-inject No.known.fix Admin+.Stored.XSS LOW" "wp-inject 1.16 Stored.XSS.&.CSRF HIGH" "wp-lead-stream No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-lead-stream No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-html-page-sitemap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "wp-xintaoke No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-baidu-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-simple-maintenance-mode 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-gallery No.known.fix Authenticated.(Contributor+).SQL.Injection.via.key.Parameter HIGH" "wp-easy-gallery No.known.fix Authenticated.(Subscriber+).SQL.Injection CRITICAL" "wp-easy-gallery No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Gallery.Manipulation MEDIUM" "wp-multisite-content-copier 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wooexim No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "wooexim No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wooexim No.known.fix CSRF.to.Reflected.XSS MEDIUM" "wp-embed-facebook 3.1.2 Contributor+.Stored.XSS.via.shortcode MEDIUM" "wp2speed No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wp2speed No.known.fix Improper.Authorization.due.to.use.of.Hardcoded.Credentials MEDIUM" "wp-instance-rename No.known.fix Arbitrary.File.Download MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.10 Missing.Authorization MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Cross-Site.Request.Forgery MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Reflected.Cross-Site.Scripting HIGH" "woocommerce-shipping-multiple-addresses 3.8.6 Customer+.Shipping.Address.Update MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.6 Billing.Address.Update.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.8.4 Subscriber+.Shipping.Address.Disclosure.via.IDOR MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Address.Creation/Update/Deletion.via.CSRF MEDIUM" "woocommerce-shipping-multiple-addresses 3.7.2 Reflected.Cross-Site.Scripting HIGH" "wp-super-cache 1.9 Unauthenticated.Cache.Poisoning MEDIUM" "wp-super-cache 1.7.3 Authenticated.Remote.Code.Execution HIGH" "wp-super-cache 1.7.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.7.2 Authenticated.Remote.Code.Execution.(RCE) HIGH" "wp-super-cache 1.4.9 Cross-Site.Scripting.(XSS) MEDIUM" "wp-super-cache 1.4.5 PHP.Object.Injection HIGH" "wp-super-cache 1.4.3 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-super-cache 1.3.1 trunk/plugins/domain-mapping.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/awaitingmoderation.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/badbehaviour.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/wptouch.php.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/wp-cache.php.wp_nonce_url.Function.URI.XSS MEDIUM" "wp-super-cache 1.3.1 trunk/plugins/searchengine.php.URI.XSS MEDIUM" "wp-super-cache 1.3.2 Remote.Code.Execution HIGH" "wp-order-by No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Checkout.Fields.Update.via.CSRF MEDIUM" "woocommerce-checkout-field-editor 1.7.5 Cross-Site.Request.Forgery.to.Checkout.Fields.Update MEDIUM" "wp-ptviewer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wip-incoming-lite 1.1.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-bulk-price-update 2.2.2 Reflected.XSS HIGH" "wp-live-chat-support-pro 8.0.32 File.Upload.Bypass CRITICAL" "wp-live-chat-support-pro 8.0.0.7 Unauthenticated.RCE CRITICAL" "wp-attachment-export 0.2.4 Unauthenticated.Posts.Download HIGH" "woo-customers-manager 1.1.14 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-manager 1.1.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-webauthn 1.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-webauthn 1.3.4 Contributor+.Stored.XSS.via.wwa_login_form.Shortcode MEDIUM" "wpappninja 11.57 Open.Redirect.via.'redirect'.Parameter HIGH" "wpappninja 11.53 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wpappninja 11.51 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.49 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.42 Reflected.Cross-Site.Scripting MEDIUM" "wpappninja 11.21 Admin+.Stored.XSS LOW" "wpappninja 11.19 Admin+.Stored.XSS LOW" "wpappninja 11.14 Contributor+.Stored.XSS MEDIUM" "woocommerce-multilingual 5.3.8 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-multilingual 5.3.7 Missing.Authorization MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.4 Shop.Manager+.SQL.Injection MEDIUM" "woocommerce-multilingual 5.3.5 Missing.Authorization MEDIUM" "wolfnet-idx-for-wordpress No.known.fix Admin+.Stored.XSS LOW" "wp-html-author-bio-by-ahmad-awais No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "wpguppy-lite 1.1.1 Authorization.Bypass MEDIUM" "wpguppy-lite 1.1.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wpguppy-lite 1.1.1 Subscriber+.Privilege.Escalation HIGH" "wpgetapi 2.25.1 Authenticated.(Administrator+).Server-Side.Request.Forgery MEDIUM" "wpgetapi 2.2.2 2.2.1.-.Authenticated.(Subscriber+).Arbitrary.Options.Update MEDIUM" "wp-smart-tv 2.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-order-status-per-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-order-status-per-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-recipe-maker 9.8.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-recipe-maker 9.7.0 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting.via.'tooltip' MEDIUM" "wp-recipe-maker 9.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'group_tag' MEDIUM" "wp-recipe-maker 9.4.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wprm-recipe-roundup-item.Shortcode MEDIUM" "wp-recipe-maker 9.3.0 Authenticated.Stored.Cross-Site.Scripting.via.Video.Embed MEDIUM" "wp-recipe-maker 9.2.0 Missing.Authorization.to.Authenticated.(Subscriber+).SQL.Injecton HIGH" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Recipe.Notes MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recipe-maker 9.1.1 Reflected.Cross-Site.Scripting.via.Referer MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.icon_color MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.'tag' MEDIUM" "wp-recipe-maker 9.1.1 Contributor+.Stored.Cross-Site.Scripting.via.header_tag MEDIUM" "wp-recipe-maker 9.1.1 Directory.Traversal MEDIUM" "wp-recipe-maker 8.6.1 Contributor+.Stored.XSS MEDIUM" "woo-binary-mlm No.known.fix Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "woo-binary-mlm No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wah-forms No.known.fix Missing.Authorization MEDIUM" "wp-stats-manager 7.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-stats-manager 7.6 Missing.Authorization MEDIUM" "wp-stats-manager 6.9.5 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-stats-manager 6.9 Unauthenticated.SQLi HIGH" "wp-stats-manager 6.5 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-stats-manager 5.8 Unauthenticated.SQLi HIGH" "wp-stats-manager 5.6 .Subscriber+.SQL.Injection HIGH" "wp-stats-manager 5.5 Arbitrary.IP.Address.Exclusion.to.Stored.XSS HIGH" "wp-stats-manager 4.8 Subscriber+.SQL.Injection HIGH" "wpglobus 1.9.7 Stored.XSS.&.CSRF HIGH" "workscout-core 1.3.4 Authenticated.Stored.XSS.&.XFS HIGH" "wp-product-gallery-lite 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "www-xml-sitemap-generator-org 2.0.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-product-carousel 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-product-carousel 1.5.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-stripe-express 1.12.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-express 1.7.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weight-based-shipping-for-woocommerce 5.5.0 Settings.Update.via.CSRF MEDIUM" "wpspx No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-logs-book No.known.fix Disable.Logging.via.CSRF MEDIUM" "wp-logs-book No.known.fix Unauthenticated.Stored.XSS HIGH" "wp-logs-book No.known.fix Log.Clearing.via.CSRF MEDIUM" "wp-invoice No.known.fix Arbitrary.Settings.Update.via.CSRF HIGH" "wp-invoice No.known.fix Stored.Cross-Site.Scripting.via.CSRF MEDIUM" "wp-invoice 4.1.1 Multiple.Vulnerabilities MEDIUM" "wp125 1.5.5 Arbitrary.Ad.Deletion.via.CSRF MEDIUM" "wp-youtube-lyte 1.7.16 Authenticated.Stored.XSS MEDIUM" "wp-rest-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-charts No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-colorbox 1.1.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wpforo 2.4.2 Subscriber+.Arbitrary.File.Read MEDIUM" "wpforo 2.3.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wpforo 2.3.5 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wpforo 2.3.4 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wpforo 2.2.6 Subscriber+.Content.Injection MEDIUM" "wpforo 2.2.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wpforo 2.1.9 Reflected.Cross-Site.Scripting HIGH" "wpforo 2.1.8 Subscriber+.Arbitrary.File.Read,.Author+.PHAR.Deserialization,.and.Subscriber+.Server-Side.Request.Forgery.via.file_get_contents HIGH" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Private/Public.via.IDOR MEDIUM" "wpforo 2.1.0 Arbitrary.User.Deletion.via.CSRF HIGH" "wpforo 2.1.0 Subscriber+.Arbitrary.File.Upload CRITICAL" "wpforo 2.0.6 Subscriber+.Forum.Post.Set.as.Solved/Unsolved.via.IDOR MEDIUM" "wpforo 2.0.6 Topic.Deletion.via.CSRF MEDIUM" "wpforo 2.0.6 Cross-Site.Request.Forgery MEDIUM" "wpforo 1.9.7 Open.Redirect MEDIUM" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.s.Parameter HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.User.Agent MEDIUM" "wpforo 1.7.0 New.Users.Set.as.Admin.via.CSRF HIGH" "wpforo 1.7.0 Reflected.Cross-Site.Scripting.(XSS).via.langid.Parameter HIGH" "wpforo 1.5.2 Privilege.Escalation CRITICAL" "wpforo 1.4.12 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpforo 1.4.11 Unauthenticated.SQL.Injection CRITICAL" "wufoo-shortcode 1.52 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-optin-wheel 1.4.3 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp2syslog No.known.fix Admin+.Stored.XSS LOW" "wp-post-disclaimer 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-variation-gallery 2.3.4 Reflected.Cross-Site.Scripting HIGH" "wp-ban-user No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-backitup No.known.fix Cross-Site.Request.Forgery.to.Backup.Trigger MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-backitup No.known.fix Missing.Authorization MEDIUM" "wp-backitup 1.50 Unauthenticated.Sensitive.Data.Exposure HIGH" "wp-downloadmanager 1.68.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.7 Admin+.Stored.Cross-Site.Scripting LOW" "wp-downloadmanager 1.68.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-downloadmanager 1.68.5 Server-Side.Request.Forgery.(SSRF) MEDIUM" "wpcalc No.known.fix Authenticated.SQL.Injection MEDIUM" "weather-atlas No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "weather-atlas 2.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woo-shipping-display-mode 3.7.7 Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-display-mode 3.7.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-login-customizer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-support-plus-responsive-ticket-system 9.1.2 Stored.XSS MEDIUM" "wp-support-plus-responsive-ticket-system 9.0.3 Multiple.Authenticated.SQL.Injection CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.8 Remote.Code.Execution.(RCE) CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 Privilege.Escalation CRITICAL" "wp-support-plus-responsive-ticket-system 8.0.0 WP.Support.Plus.Responsive.Ticket.System.<.8,0,0.–.Authenticated.SQL.Injection MEDIUM" "wp-viewstl No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-ispconfig3 No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-multiple-free-gift No.known.fix Insufficient.Server-Side.Validation.to.Arbitrary.Gift.Adding MEDIUM" "wp-smart-export No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-export No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-category-slider-grid 1.4.16 Missing.Authorization.via.notice.dismissal.functionality MEDIUM" "wc-checkout-getnet 1.8.1 Reflected.XSS MEDIUM" "wc-checkout-getnet 1.8.1 Admin+.Stored.XSS LOW" "wp-favorite-posts No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-favorite-posts 1.6.6 Cross-Site.Scripting.(XSS) MEDIUM" "wpjobboard 5.11.1 Reflected.Cross-Site.Scripting MEDIUM" "wpjobboard 5.7.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "wpjobboard 5.7.0 Unauthenticated.SQL.Injection CRITICAL" "wpjobboard 5.6.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpjobboard 4.5 Multiple.SQL.Injections HIGH" "wpjobboard 5.0 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "woo-availability-date No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-menu-extension No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-login-redirect No.known.fix Cross-Site.Request.Forgery MEDIUM" "woo-login-redirect No.known.fix CSRF MEDIUM" "woocommerce-order-address-print No.known.fix Reflected.XSS HIGH" "woo-product-feed-pro 13.3.2 Sensitive.Information.Exposure.via.Log.Files MEDIUM" "woo-product-feed-pro 13.2.6 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 12.4.5 Multiple.CSRF MEDIUM" "woo-product-feed-pro 11.2.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-feed-pro 11.0.7 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wp-able-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-noexternallinks 4.3 Backdoored MEDIUM" "woocommerce-product-recommendations 2.3.0 CSRF MEDIUM" "wp-responsive-tabs 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-youtube-live 1.8.3 Admin+.Stored.Cross.Site.Scripting LOW" "wp-youtube-live 1.7.22 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "wip-custom-login 1.3.0 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woo-quote-calculator-order No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-quote-calculator-order No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-plugin-lister No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-graphql 1.14.6 Editor+.SSRF MEDIUM" "wp-graphql 1.3.6 Denial.of.Service HIGH" "wp-graphql 0.3.5 Improper.Access.Control MEDIUM" "wp-graphql 0.3.0 Multiple.Vulnerabilities CRITICAL" "whmpress 6.3-revision-1 Unauthenticated.Local.File.Inclusion.to.Arbitrary.Options.Update CRITICAL" "whmpress No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "whmpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc4bp-groups 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-upcoming-product No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-upcoming-product No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-statistics 14.5.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 14.0 Authenticated.SQLi HIGH" "wp-statistics 13.2.11 Subscriber+.SQLi HIGH" "wp-statistics 13.2.9 Authenticated.SQLi HIGH" "wp-statistics 13.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-statistics 13.2.2 Reflected.Cross-Site.Scripting LOW" "wp-statistics 13.1.6 Multiple.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.IP CRITICAL" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_type CRITICAL" "wp-statistics 13.1.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-statistics 13.1.6 Unauthenticated.Blind.SQL.Injection.via.current_page_id CRITICAL" "wp-statistics 13.1.5 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-statistics 13.1.2 Arbitrary.Plugin.Activation/Deactivation.via.CSRF MEDIUM" "wp-statistics 13.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-statistics 13.0.8 Unauthenticated.SQL.Injection HIGH" "wp-statistics 12.6.7 Unauthenticated.Stored.XSS.Under.Certain.Configurations CRITICAL" "wp-statistics 12.6.7 Unauthenticated.Blind.SQL.Injection MEDIUM" "wp-statistics 12.6.6.1 Authenticated.Stored.XSS MEDIUM" "wp-statistics 12.6.4 Referer.Cross-Site.Scripting.(XSS) MEDIUM" "wp-statistics 12.0.10 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "wp-statistics 12.0.9 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-seo-tdk No.known.fix Unauthenticated.Setting.Update.to.Stored.XSS HIGH" "webwinkelkeur 3.25 Cross-Site.Request.Forgery MEDIUM" "wp-easy-booking 2.4.5 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wp-born-babies No.known.fix Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wupo-group-attributes 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wupo-group-attributes 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fail2ban 5.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-fail2ban 4.4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fail2ban 4.0.5 Subscriber+.Arbitrary.Option.Update CRITICAL" "wordpress-gallery No.known.fix "load".Remote.File.Inclusion CRITICAL" "wp-accessibility-helper 0.6.2.9 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wp-accessibility-helper 0.6.3 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.6 Missing.Authorization MEDIUM" "wp-accessibility-helper 0.6.2.5 Missing.Authorization.via.AJAX.action MEDIUM" "wp-accessibility-helper 0.6.0.7 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woo-thank-you-page-nextmove-lite 2.20.0 Missing.Authorization.to.Authenticated.(Subscriber+).Deactivation.Reason.Submission MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.2 Cross-Site.Request.Forgery MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.1 Missing.Authorization.to.Unauthenticated.System.Information.Disclosure MEDIUM" "woo-thank-you-page-nextmove-lite 2.18.0 Subscriber+.Arbitrary.Plugin.Installation/Activation HIGH" "wpdiscuz 7.6.25 Authentication.Bypass CRITICAL" "wpdiscuz 7.6.22 Unauthenticated.HTML.Injection MEDIUM" "wpdiscuz 7.6.19 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpdiscuz 7.6.16 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Uploaded.Image.Alternative.Text MEDIUM" "wpdiscuz 7.6.13 Admin+.Stored.XSS LOW" "wpdiscuz 7.6.12 Cross-Site.Request.Forgery MEDIUM" "wpdiscuz 7.6.12 Unauthenticated.Stored.XSS HIGH" "wpdiscuz 7.6.11 Unauthenticated.Content.Injection MEDIUM" "wpdiscuz 7.6.4 Author+.IDOR LOW" "wpdiscuz 7.6.11 Insufficient.Authorization.to.Comment.Submission.on.Deleted.Posts MEDIUM" "wpdiscuz 7.6.12 Missing.Authorization.in.AJAX.Actions MEDIUM" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.6 Unauthenticated.SQL.Injection HIGH" "wpdiscuz 7.6.4 Post.Rating.Increase/Decrease.iva.IDOR MEDIUM" "wpdiscuz 7.6.4 Unauthenticated.Data.Modification.via.IDOR MEDIUM" "wpdiscuz 7.5 wpDiscuz.7.4.2.-.Subscriber+.IDOR MEDIUM" "wpdiscuz 7.3.12 Sensitive.Information.Disclosure LOW" "wpdiscuz 7.3.4 Arbitrary.Comment.Addition/Edition/Deletion.via.CSRF MEDIUM" "wpdiscuz 7.3.2 wpDiscuz.<.7.3.2.-.Admin+.Stored.Cross-Site.Scripting LOW" "wpdiscuz 7.0.5 wpDiscuz.7.0.0.-.7.0.4.-.Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpdiscuz 5.3.6 Unauthenticated.SQL.Injection CRITICAL" "wck-custom-fields-and-custom-post-types-creator 2.3.3 Admin+.Stored.XSS LOW" "wp-cafe 2.2.29 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.28 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).File.inclusion.via.Shortcode HIGH" "wp-cafe 2.2.26 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Reservation.Form.Shortcode MEDIUM" "wp-cafe 2.2.24 Unauthenticated.Blind.Server-Side.Request.Forgery MEDIUM" "wp-cafe 2.2.23 Missing.Authorization MEDIUM" "woocommerce-display-products-by-tags No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-shortcode 1.4.17 CSRF MEDIUM" "wp-disable-sitemap 1.1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-disable-sitemap 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wibstats-statistics-for-wordpress-mu No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pay-per-post 3.1.11 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pay-per-post 3.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photo-text-slider-50 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-text-slider-50 8.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "widget-google-reviews 3.2 Contributor+.Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "widget-google-reviews 2.2.4 Subscriber+.SQLi HIGH" "widget-google-reviews 2.2.3 Subscriber+.Widget.Creation MEDIUM" "wps-telegram-chat No.known.fix Missing.Authorization.to.Information.Exposure MEDIUM" "wps-telegram-chat No.known.fix Authenticated.(Subscriber+).Unauthorized.Access.to.Telegram.Bot.API MEDIUM" "wp-posturl No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "wappointment 2.6.1 Admin+.SSRF MEDIUM" "wappointment 2.2.5 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woo-quick-cart-for-multiple-variations No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-cart-for-multiple-variations No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-etracker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-page-post-widget-clone No.known.fix Missing.Authorization MEDIUM" "wp-logo-showcase 1.3.37 Editor.Plugin's.Settings.Update LOW" "wp-conditional-post-restrictions 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-conditional-post-restrictions 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wppizza 3.19.5 Reflected.Cross-Site.Scripting MEDIUM" "wppizza 3.18.14 Reflected.Cross-Site.Scripting MEDIUM" "wppizza 3.18.11 Missing.Authorization MEDIUM" "wppizza 3.18.3 Reflected.XSS HIGH" "wppizza 3.17.2 Reflected.XSS HIGH" "wicked-folders 2.18.17 Subscriber+.Folder.Structure.Update MEDIUM" "wicked-folders 2.18.17 Folder.Structure.Update.via.CSRF MEDIUM" "wicked-folders 2.8.10 Subscriber+.SQL.Injection HIGH" "wp-mediatagger No.known.fix Reflected.XSS HIGH" "wp-mediatagger No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-useronline 2.88.3 Unauthenticated.Stored.XSS HIGH" "wp-useronline 2.88.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-useronline 2.88.0 Admin+.Stored.Cross-Site.Scripting LOW" "woo-product-gallery-slider 2.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "woo-tuner No.known.fix Missing.Authorization MEDIUM" "wp-baidu-submit No.known.fix Admin+.Stored.XSS LOW" "wp-notification-bell 1.3.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-quicklatex 3.8.8 Admin+.Stored.XSS LOW" "wp-quicklatex 3.8.7 Admin+.Stored.XSS.in.Background.Color.field LOW" "wp-smart-import 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.1.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-import 1.0.3 Reflected.Cross-Ste.Scripting MEDIUM" "wp-smart-import 1.0.1 Auhenticated.Server-side.Request.Forgery MEDIUM" "wp-postratings 1.91.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-postratings 1.90 Ratings.Tempering.via.Race.Condition MEDIUM" "wp-postratings 1.86.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-postratings 1.62 Authenticated.SQL.Injection CRITICAL" "wp-dtree-30 No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-dtree-30 No.known.fix Reflected.XSS HIGH" "wp-dtree-30 No.known.fix Admin+.Stored.XSS LOW" "wp-orphanage-extended 1.3 Cross-Site.Request.Forgery.to.Orphan.Account.Privilege.Escalation HIGH" "wp-conference-schedule 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-product-vendors 2.2.3 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.2.2 Missing.Authorization MEDIUM" "woocommerce-product-vendors 2.1.77 Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.77 Vendor.Admin+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.79 ShopManager+.SQLi MEDIUM" "woocommerce-product-vendors 2.1.77 Unauthenticated.Reflected.XSS HIGH" "woocommerce-product-vendors 2.1.69 Vendor.Commission.Percentage.Update.via.IDOR MEDIUM" "woocommerce-product-vendors 2.1.66 Note.Creation.via.IDOR LOW" "woocommerce-product-vendors 2.1.66 Unauthenticated.Blind.SQLi HIGH" "wp-cufon No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-font-awesome No.known.fix Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-font-awesome 1.7.9 Contributor+.Stored.XSS MEDIUM" "wpperformancetester No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-roadmap 1.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-all-export 1.4.1 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export 1.4.1 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export 1.4.0 Admin+.RCE MEDIUM" "wp-all-export 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-export 1.3.5 Admin+.SQL.Injection MEDIUM" "wp-all-export 1.3.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-team-manager 2.1.13 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-team-manager 2.0.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-field-editor-pro 3.6.3 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-events-manager 2.2.0 Authenticated.(Subscriber+).Time-Based.SQL.Injection HIGH" "wp-last-modified-info 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.lmt-post-modified-info.Shortcode MEDIUM" "wp-hosting-performance-check No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-manage-fraud-orders No.known.fix Unauthenticated.Information.Exposure.via.Log.Files MEDIUM" "woo-manage-fraud-orders No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-parcel-pro 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-parcel-pro 1.6.12 Cross-Site.Request.Forgery MEDIUM" "woo-parcel-pro 1.6.12 Open.Redirect MEDIUM" "wp-query-creator No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wiser-notify 2.6 Missing.Authorization MEDIUM" "wp-cookie No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wc-multishipping 2.3.8 Subscriber+.Arbitrary.Account.Credentials.Test MEDIUM" "wc-multishipping 2.3.6 Missing.Authorization.to.Log.Export MEDIUM" "wp-tools-gravity-forms-divi-module 7.1.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-gravity-forms-divi-module 6.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpbenchmark 1.3.7 Cross-Site.Request.Forgery.via.execute_plugin() MEDIUM" "wordpress-backup-to-dropbox 4.1 Reflected.XSS MEDIUM" "wp-panoramio No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-best-quiz No.known.fix Author+.Stored.XSS MEDIUM" "wpfunnels 3.5.6 Reflected.Cross-Site.Scripting MEDIUM" "wpfunnels 3.0.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpfunnels 2.7.17 Reflected.Cross-Site.Scripting HIGH" "wpfunnels 2.6.9 Contributor+.Stored.XSS MEDIUM" "winning-portfolio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.2.4 Missing.Authorization.to.Unauthenticated.Service.Disconnection MEDIUM" "wp-easy-pay 4.2b1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-easy-pay 4.1 CSRF MEDIUM" "wp-easy-pay 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-easy-pay 3.2.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-easy-pay 3.2.3 Cross-Site.Request.Forgery MEDIUM" "woocommerce-payplug No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-payplug No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-basic-elements 5.3.0 Settings.Update.via.CSRF MEDIUM" "wp-html-mail 3.4.2 Test.Email.Sending.via.CSRF MEDIUM" "wp-html-mail 3.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-html-mail 3.1 Unprotected.REST-API.Endpoint MEDIUM" "wp-html-mail 3.0.8 CSRF.to.XSS MEDIUM" "wordlift No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wordlift 3.37.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-piwik 1.0.29 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-piwik 1.0.28 Admin+.Stored.XSS LOW" "wp-piwik 1.0.27 Plugin.Settings.Reset.via.CSRF MEDIUM" "wp-piwik 1.0.10 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wd-image-magnifier-xoss No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-database-backup 7.4 Unauthenticated.Database.Back-Up.Exposure HIGH" "wp-database-backup 5.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-database-backup 5.2 Unauthenticated.OS.Command.Injection MEDIUM" "wp-database-backup 5.1.2 XSS HIGH" "wp-database-backup 4.3.6 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wpgsi 3.8.3 Cross-Site.Request.Forgery.to.Arbitrary.Post.Publish MEDIUM" "wpgsi 3.8.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wpgsi 3.7.9 Reflected.Cross-Site.Scripting MEDIUM" "wpgsi 3.6.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpgsi 3.6.0 CSRF.Bypass MEDIUM" "wpgsi 3.6.0 Reflected.Cross-Site.Scripting HIGH" "wooswipe 3.0.0 Subscriber+.Settings.Update MEDIUM" "wordpress-data-guards No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wc-cashapp 6.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wc-cashapp 5.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-myghpay-payment-gateway No.known.fix Reflected.Cross-Site.Scripting HIGH" "waiting No.known.fix Subscriber+.Stored.XSS HIGH" "waiting No.known.fix Subscriber+.SQLi HIGH" "waiting No.known.fix Missing.Authorization MEDIUM" "waiting No.known.fix Admin+.Cross-Site.Scripting LOW" "waiting No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-catalogue No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-aparat 2.2.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 Cross-Site.Request.Forgery MEDIUM" "woo-abandoned-cart-recovery 1.0.4.1 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-imagezoom No.known.fix Reflected.XSS HIGH" "woocommerce-multiple-customer-addresses 21.7 Arbitrary.Address.Creation/Deletion/Access/Update.via.IDOR HIGH" "woocommerce-alidropship 1.1.1 Unauthenticated.Sensitive.Data.Exposure HIGH" "woothemes-sensei 4.24.0.1.24.0 Unauthenticated.Rewrite.Rules.Flushing MEDIUM" "woothemes-sensei 4.24.0.1.24.0 Authenticated.(Student+).Stored.Cross-Site.Scripting MEDIUM" "wp-mail-catcher 2.1.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-mail-catcher 2.1.7 Cross-Site.Request.Forgery MEDIUM" "wp-mail-catcher 2.1.4 WP.Mail.Catcher.<.2.1.4.-.Admin+.SQLi MEDIUM" "wp-mail-catcher 2.1.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wpfrom-email 1.8.9 Admin+.Stored.XSS LOW" "wp-client-logo-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "wassup No.known.fix Unauthenticated.Stored.XSS HIGH" "wassup 1.9.1 Cross.Site.Scripting MEDIUM" "wp-jquery-lightbox 1.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.title.Attribute MEDIUM" "wp-enable-svg No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wordpress-activity-o-meter No.known.fix Reflected.XSS HIGH" "wp-bibtex No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bibtex 3.0.2 Cross-Site.Request.Forgery.to.Stored.and.Reflected.Cross-Site.Scripting MEDIUM" "wp-film-studio 1.3.5 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woocommerce-product-addons 6.2.0 Shop.Manager+.PHP.Object.Injection HIGH" "woocommerce-product-addons 6.2.0 Cross-Site.Request.Forgery MEDIUM" "wn-flipbox-pro 2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-ical-availability No.known.fix Missing.Authorization MEDIUM" "wp-ical-availability No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-custom-cart-button No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-simple-registration 1.5.7 Unauthenticated.Privilege.Escalation CRITICAL" "wp-docs 2.2.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.2.1 Authenticated.(Subscriber+).Time-Based.SQL.Injection.via.'dir_id' MEDIUM" "wp-docs 2.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-docs 2.1.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-docs 2.0.0 Reflected.XSS HIGH" "wp-contact-form7-email-spam-blocker No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-pano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-facebook-feed No.known.fix Reflected.XSS HIGH" "wp-facebook-feed No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-show-posts 1.1.6 Improper.Authorization.to.Information.Exposure MEDIUM" "wp-show-posts 1.1.5 Information.Exposure MEDIUM" "wp-show-posts 1.1.4 Contributor+.Stored.XSS MEDIUM" "wp-bing-search 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-bing-search 2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-timelines 3.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-timelines 3.6.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-timelines 3.6.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-carousel-free 2.7.4 Admin+.Stored.XSS LOW" "wp-carousel-free 2.6.9 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "wp-carousel-free 2.6.4 Authenticated.(Admin+).PHP.Object.Injection HIGH" "wp-carousel-free 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.'sp_wp_carousel_shortcode' MEDIUM" "wp-carousel-free 2.6.9 Editor+.Stored.XSS LOW" "wp-carousel-free 2.5.3 Contributor+.Stored.XSS MEDIUM" "wp-popup-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woo-variation-gallery 1.1.29 Authenticated.Stored.XSS MEDIUM" "wp-woo-commerce-sync-for-g-sheet No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpc-badge-management 2.4.1 Missing.Authorization MEDIUM" "wc-basic-slider 2.1.0 CSRF.Bypass MEDIUM" "wp-browser-update 4.6 Admin+.Stored.XSS LOW" "wp-browser-update 4.5 Settings.Update.via.CSRF MEDIUM" "wp-flipclock 1.8 Contributor+.Stored.XSS MEDIUM" "wp-amazon-shop No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-all-import-pro 4.9.8 Cross-Site.Request.Forgery.to.Imported.Content.Deletion MEDIUM" "wp-all-import-pro 4.9.8 Authenticated.(Administrator+).PHP.Object.Injection.via.Import.File HIGH" "wp-all-import-pro 4.9.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-all-import-pro 4.9.4 Authenticated.(Administrator+).Server-Side.Request.Forgery.via.File.Import HIGH" "wp-all-import-pro 4.1.2 Multiple.Vulnerabilities CRITICAL" "wp-all-import-pro 4.1.1 RCE HIGH" "wp-child-theme-generator 1.1.2 Missing.Authorization.to.Unauthenticated.Child.Theme.Creation/Activation MEDIUM" "wp-child-theme-generator 1.1.3 Admin+.Arbitrary.File.Upload MEDIUM" "wp-system No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sponsors No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "woo-checkout-for-digital-goods 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-for-digital-goods 3.6.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-checkout-for-digital-goods 2.2 CSRF.to.Settings.Change MEDIUM" "wp-block-pack No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-eventpress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wphelpkit 1.1 Reflected.Cross-Site.Scripting MEDIUM" "wphelpkit 1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "weaver-for-bbpress 1.7.1 Reflected.Cross-Site.Scripting.via._wpnonce.Parameter MEDIUM" "wp-live-chat-support 8.2.0 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-live-chat-support 8.0.33 Missing.Permission.Checks.on.some.REST.API.Calls CRITICAL" "wp-live-chat-support 8.0.27 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 8.0.18 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.08 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 8.0.06 Unauthenticated.Stored.XSS MEDIUM" "wp-live-chat-support 7.1.05 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 1.7.03 XSS MEDIUM" "wp-live-chat-support 7.0.07 Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.04 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-live-chat-support 6.2.02 Stored.Cross-Site.Scripting MEDIUM" "woo-badge-designer-lite 1.1.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-discord-post No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "web-application-firewall 2.1.3 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "web-application-firewall 2.1.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-ecommerce-quickpay No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-advance-search No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-advance-search No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-advance-search 1.1 Multiple.XSS MEDIUM" "wp-job-manager-companies 1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-checkout-regsiter-field-editor 2.1.9 Cross-Site.Request.Forgery MEDIUM" "wp-coupons-and-deals 3.1.19 Reflected.Cross-Site.Scripting MEDIUM" "wp-coupons-and-deals 3.1.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-flipkart-importer No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpformify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpformify 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-blog-and-widgets 2.3.1 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-taxonomy-import No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-serial-numbers No.known.fix Missing.Authorization MEDIUM" "wc-serial-numbers 1.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-min-max-quantity-step-control-single 4.6 Reflected.XSS HIGH" "wp-terms-popup 2.6.1 Admin+.Stored.XSS LOW" "wpeform-lite 1.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wpeform-lite 1.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-books-gallery 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-books-gallery 4.4.9 CSRF MEDIUM" "wp-books-gallery 3.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-product-category-selection-widget No.known.fix Reflected.XSS HIGH" "wp-user-switch No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-switch 1.0.3 Subscriber+.Authentication.Bypass HIGH" "wp-database-admin No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-fountain No.known.fix Reflected.Cross-Site.Scripting HIGH" "websimon-tables No.known.fix Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woo-product-bundle 7.3.2 Cross-Site.Request.Forgery MEDIUM" "wp-wiki-tooltip No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wc-j-upsellator 2.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-replicate-post 4.1 Contributor+.SQL.Injection MEDIUM" "wp-fastest-cache 1.2.7 Admin+.Arbitrary.File.Deletion MEDIUM" "wp-fastest-cache 1.2.2 Unauthenticated.SQL.Injection HIGH" "wp-fastest-cache 1.1.5 Blind.SSRF.via.CSRF LOW" "wp-fastest-cache 1.1.3 Multiple.CSRF LOW" "wp-fastest-cache 0.9.5 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-fastest-cache 0.9.5 Subscriber+.SQL.Injection HIGH" "wp-fastest-cache 0.9.1.7 Authenticated.Arbitrary.File.Deletion.via.Path.Traversal LOW" "wp-fastest-cache 0.9.0.3 Cross-Site.Request.Forgery.(CSRF).Arbitrary.File.Deletion CRITICAL" "wp-fastest-cache 0.8.9.6 Directory.Traversal MEDIUM" "wp-fastest-cache 0.8.9.1 Unauthenticated.Arbitrary.File.Deletion HIGH" "wp-fastest-cache 0.8.8.6 CSRF.and.multiple.XSS CRITICAL" "wp-fastest-cache 0.8.7.5 Blind.SQL.Injection HIGH" "wpfront-user-role-editor 4.1.0 Limited.Information.Exposure MEDIUM" "wpfront-user-role-editor 3.2.1.11184 Reflected.Cross-Site.Scripting MEDIUM" "woolementor No.known.fix Author+.Stored.XSS MEDIUM" "woolementor 4.5 Unauthenticated.PHP.Object.Injection CRITICAL" "woolementor 4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "wordlive-livecall-addon-for-woocommerce No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-events 4.1.3 Unauthenticated.Arbitrary.File.Overwrite CRITICAL" "weather-effect 1.3.6 Admin+.Stored.Cross-Site.Scripting LOW" "weather-effect 1.3.4 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-triggers-lite No.known.fix Reflected.XSS HIGH" "wp-triggers-lite No.known.fix Admin+.SQL.Injection MEDIUM" "wp-category-meta No.known.fix CSRF MEDIUM" "woozone 14.1.0 Missing.Authorization MEDIUM" "woozone 14.1.0 Reflected.Cross-Site.Scripting HIGH" "woozone No.known.fix Subscriber+.SQL.Injection HIGH" "woozone 14.1.0 Subscriber+.Privilege.Escalation HIGH" "woozone 14.1.0 Missing.Authorization MEDIUM" "woozone 14.0.31 Unauthenticated.SQL.Injection HIGH" "woo-custom-and-sequential-order-number No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-masquerade No.known.fix Subscriber+.Account.Takeover HIGH" "wp-responsive-menu 3.1.7.1 Subscriber+.Settings.Update.to.Stored.XSS HIGH" "wp-asambleas No.known.fix Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wp-asambleas No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-hide-security-enhancer 2.5.2 Missing.Authorization.to.Unauthenticated.Arbitrary.File.Contents.Deletion HIGH" "wp-hide-security-enhancer 1.8 Reflected.Cross-Site.Scripting MEDIUM" "wordprezi 0.9 Contributor+.Strored.XSS MEDIUM" "wp-abstracts-manuscripts-manager 2.7.4 Cross-Site.Request.Forgery.to.Arbitrary.Account.Deletion HIGH" "wp-abstracts-manuscripts-manager 2.7.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.7.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Admin+.Stored.XSS LOW" "wp-abstracts-manuscripts-manager 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-abstracts-manuscripts-manager 2.6.4 Reflected.XSS HIGH" "wordpress-countdown-widget 3.1.9.3 Admin+.Stored.XSS LOW" "wc-frontend-manager 6.7.13 Insecure.Direct.Object.Reference.to.Account.Takeover/Privilege.Escalation HIGH" "wc-frontend-manager 6.7.9 Authenticated.(Shop.manager+).Stored.Cross-Site.Scripting MEDIUM" "wc-frontend-manager 6.6.1 Subscriber+.Unauthorised.AJAX.Calls MEDIUM" "wc-frontend-manager 6.6.0 Multiple.CSRF MEDIUM" "wc-frontend-manager 6.5.12 Frontend.Manager.for.WooCommerce.<.6.5.12.-.Customer/Subscriber+.SQL.Injection HIGH" "woocommerce-check-pincode-zipcode-for-shipping No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-automatic-widget No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Task.Comments MEDIUM" "wp-todo No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_addcomment MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_manage() MEDIUM" "wp-todo No.known.fix Cross-Site.Request.Forgery.via.wptodo_settings MEDIUM" "wp-todo No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-todo 1.2.9 Contributor+.Stored.XSS MEDIUM" "wordpress-toolbar No.known.fix Open.Redirect MEDIUM" "woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wpcom-member 1.7.7 Unauthenticated.Time-Based.SQL.Injection HIGH" "wpcom-member 1.7.6 Authentication.Bypass.via.'user_phone' CRITICAL" "wpcom-member 1.5.4.1 Reflected.Cross-Site.Scripting MEDIUM" "wpcom-member 1.5.3 Unauthenticated.Privilege.Escalation.via.User.Meta CRITICAL" "wp-front-end-profile 1.3.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-front-end-profile 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-front-end-profile 1.2.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-front-end-profile 1.2.2 CSRF.Check.Incorrectly.Implemented LOW" "wp-front-end-profile 0.2.2 Privilege.Escalation.&.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-follow-up-emails 4.9.50 Unauthenticated.Reflected.XSS HIGH" "woocommerce-follow-up-emails 4.9.50 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wooemailreport No.known.fix Reflected.XSS HIGH" "whizzy No.known.fix Missing.Authorization MEDIUM" "whizzy No.known.fix Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-discourse 2.5.2 Missing.Authorization MEDIUM" "wpdm-premium-packages 5.9.7 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wpdm-premium-packages 5.9.4 Reflected.Cross-Site.Scripting.via.add_query_arg MEDIUM" "wpdm-premium-packages No.known.fix Sell.Digital.Products.Securely.<=.5.9.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpdmpp_pay_link.Shortcode MEDIUM" "wpdm-premium-packages No.known.fix Admin+.SQL.Injection MEDIUM" "wpdm-premium-packages 5.9.2 Cross-Site.Request.Forgery MEDIUM" "wpdm-premium-packages 5.8.3 Reflected.Cross-Site.Scripting MEDIUM" "wpdm-premium-packages 5.7.5 Sell.Digital.Products.Securely.<.5.7.5.-.Subscriber+.Privilege.Escalation HIGH" "wp-floating-menu 1.4.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-floating-menu 1.4.1 Authenticated.Reflected.Cross-Site.Scripting CRITICAL" "woo-customers-order-history No.known.fix Missing.Authorization MEDIUM" "woo-customers-order-history 5.2.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-customers-order-history 5.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-mapa-politico-spain 3.7.0 Authenticated.Stored.Cross-Site.Scripting LOW" "woo-advanced-shipment-tracking 3.5.3 CSRF MEDIUM" "woo-advanced-shipment-tracking 3.2.7 Authenticated.Options.Change CRITICAL" "woo-coupons-bulk-editor 1.3.40 Reflected.Cross-Site.Scripting MEDIUM" "woo-coupons-bulk-editor 1.3.28 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widget-settings-importexport No.known.fix Authenticated.Stored.XSS HIGH" "wp-persistent-login 2.0.15 Reflected.Cross-Site.Scripting MEDIUM" "wp-persistent-login 2.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-svg No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-table-reloaded No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-htaccess-control No.known.fix Admin+.Stored.XSS LOW" "web-push No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-quick-setup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Plugin/Theme.Installation HIGH" "wp-image-compression No.known.fix Cross-Site.Request.Forgery MEDIUM" "web3-authentication 3.0.0 Authentication.Bypass HIGH" "web3-authentication 2.7.0 Authentication.Bypass CRITICAL" "wpaudio-mp3-player No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-relevant-ads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-relevant-ads No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-relevant-ads No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "woocommerce-exporter 2.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-exporter 2.7.2.1 Store.Exporter.<.2.7.2.1.-.Reflected.XSS HIGH" "woocommerce-exporter 2.7.1 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce-exporter 2.4 Store.Exporter.<.2.4.-.CSV.Injection CRITICAL" "woo-bookings-calendar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-checkout-cielo No.known.fix Insufficient.Verification.of.Data.Authenticity.to.Order.Payment.Status.Update MEDIUM" "wpmarketplace No.known.fix Arbitrary.File.Upload HIGH" "woo-orders-tracking 1.2.11 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woo-orders-tracking 1.2.6 Admin+.Arbitrary.File.Access/Read MEDIUM" "woo-orders-tracking 1.1.10 Reflected.Cross-Site.Scripting HIGH" "woo-easy-duplicate-product 0.3.0.8 Missing.Authorization.via.wedp_duplicate_product_action MEDIUM" "woo-easy-duplicate-product 0.3.0.1 Reflected.XSS HIGH" "webo-facto-connector 1.41 Unauthenticated.Privilege.Escalation CRITICAL" "wp-paginate 2.1.9 Admin+.Stored.Cross-Site.Scripting LOW" "wp-paginate 2.1.4 Admin+.Stored.Cross-Site.Scripting LOW" "wibiya No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-file-checker No.known.fix Authenticated.(Admin+).Arbitrary.File.Deletion MEDIUM" "woocommerce-payments 6.7.0 Unauthenticated.Order.Deletion.via.IDOR LOW" "woocommerce-payments 5.9.1 Shop.Manager+.SQLi MEDIUM" "woocommerce-payments 6.5.0 Contributor+.Cross-Site.Scripting MEDIUM" "woocommerce-payments 4.9.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-payments 4.5.1 Intent.Parameter.Tampering HIGH" "woocommerce-payments 5.6.2 Unauthenticated.Privilege.Escalation CRITICAL" "wp-maximum-upload-file-size 1.1.4 Authenticated.(Author+).Full.Path.Disclosure MEDIUM" "wp-memory 2.46 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wp-fb-autoconnect 4.6.3 Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-fb-autoconnect 4.6.2 Cross-Site.Request.Forgery MEDIUM" "webcamconsult 1.6.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-mailto-links 3.1.4 Contributor+.Stored.XSS MEDIUM" "wp-cirrus No.known.fix Admin+.Stored.Cross-Site.Scripting MEDIUM" "woo-product-carousel-slider-and-grid-ultimate 1.10.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Authenticated.(Contributor+).Local.File.Inclusion.via.'theme' HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.10.0 Contributor+.Local.File.Inclusion HIGH" "woo-product-carousel-slider-and-grid-ultimate 1.9.8 Authenticated(Contributor+).PHP.Object.Injection HIGH" "wps-hide-login 1.9.16.4 Hidden.Login.Page.Disclosure LOW" "wps-hide-login 1.9.16 Login.Page.Disclosure MEDIUM" "wps-hide-login 1.9.12 Hidden.Login.Page.Location.Disclosure LOW" "wps-hide-login 1.9.1 Protection.Bypass.with.Referer-Header MEDIUM" "wps-hide-login 1.5.5 Secret.Login.Page.Disclosure CRITICAL" "wps-hide-login 1.5.3 Multiples.Issues HIGH" "wordpress-gdpr 2.0.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wordpress-gdpr 2.0.3 Missing.Authorization.to.Unauthenticated.Arbitrary.User.Deletion MEDIUM" "wordpress-gdpr 1.9.26 Authenticated.Reflected.Cross-Site.Scripting MEDIUM" "wordpress-gdpr 1.9.27 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-frontend-shop-manager 4.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "woo-gift-cards-lite 3.0.7 Missing.Authorization.to.Infinite.Money.Glitch HIGH" "woo-gift-cards-lite 2.6.7 Missing.Authorization.to.Unauthenticated.Information.Exposure MEDIUM" "woo-gift-cards-lite 2.1.2 Cross-Site.Request.Forgery MEDIUM" "woo-gift-cards-lite 2.1.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wp-background-tile No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-one-click-upsell-funnel 3.4.10 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wps_wocuf_pro_yes.Shortcode MEDIUM" "wp-media-optimizer-webp No.known.fix Reflected.Cross-Site.Scripting.via.wpmowebp-css-resources.and.wpmowebp-js-resources.Parameters MEDIUM" "wizshop No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wb-custom-product-tabs-for-woocommerce 1.2.5 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "wp-lister-for-amazon 2.6.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.6.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-amazon 2.4.4 Reflected.XSS HIGH" "wp-custom-post-template No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-gratify No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-athletics No.known.fix Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-athletics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-maintenance-mode-site-under-construction 1.9 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-maintenance-mode-site-under-construction 1.8.2 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "woostify-sites-library 1.4.8 Subscriber+.Arbitrary.Options.Update.to.DoS HIGH" "woocommerce-mercadopago 7.6.2 7.6.1.-.Authenticated.(Subscriber+).Arbitrary.File.Download MEDIUM" "woocommerce-mercadopago 6.4.0 CSRF MEDIUM" "wp-structuring-markup No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-post-corrector No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-country-selector 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-socializer 7.3 Admin+.Stored.Cross-Site.Scripting LOW" "woo-zoho 1.2.4 Reflected.Cross-Site.Scripting HIGH" "wonderm00ns-simple-facebook-open-graph-tags 2.2.4.2 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-image-seo No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpsite-follow-us-badges 3.1.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpsite_follow_us_badges.Shortcode MEDIUM" "wp-tarteaucitron-js-self-hosted No.known.fix Running.a.Vulnerable.Dependency MEDIUM" "wpdm-gutenberg-blocks 2.1.9 Contributor+.XSS MEDIUM" "wp-basics No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-subscriptions 5.8.0 Missing.Authorization MEDIUM" "woocommerce-subscriptions 4.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce-subscriptions 4.6.0 Subscription.Suspension/Activation.via.CSRF MEDIUM" "woocommerce-subscriptions 2.6.3 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "woocommerce-subscriptions 3.0.3 CSRF.to.Cancel/Re-Activate.Subscription LOW" "wordpress-video No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-gallery-plugin No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-plotly 1.0.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-smart-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-place-order-without-payment 2.6.8 Unauthenticated.Local.File.Inclusion CRITICAL" "wc-place-order-without-payment 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-place-order-without-payment 2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dashboard-notes 1.0.12 Subscriber+.Stored.XSS HIGH" "wp-dashboard-notes 1.0.11 Contributor+.Arbitrary.Private.Notes.Update.via.IDOR LOW" "wp-dashboard-notes 1.0.11 Unauthorised.Deletion.of.Private.Notes LOW" "woo-authorize-net-gateway-aim 6.0.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-authorize-net-gateway-aim 5.1.27 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-cookies-alert No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-mapit 3.0.0 Contributor+.Stored.XSS MEDIUM" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wp-pexels-free-stock-photos No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-meteor 3.4.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "wppdf No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpfront-notification-bar 3.4 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wpfront-notification-bar 3.4 Admin+.Stored.XSS MEDIUM" "wpfront-notification-bar 2.1.0.08087 Authenticated.Stored.XSS LOW" "wpfront-notification-bar 2.0.0.07176 Authenticated.Stored.XSS MEDIUM" "wp-captcha No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-captcha No.known.fix Captcha.Bypass MEDIUM" "wonder-fontawesome No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-my-admin-bar No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-my-admin-bar No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-for-japan 2.6.5 Missing.Authorization MEDIUM" "woocommerce-for-japan 2.5.8 Reflected.XSS MEDIUM" "woocommerce-for-japan 2.5.5 Reflected.XSS HIGH" "wens-responsive-column-layout-shortcodes No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-media-folder 5.7.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Plugin.settings.change MEDIUM" "wp-media-folder 5.7.3 Missing.Authorization.to.Authenticated(Subscriber+).Title.Modification MEDIUM" "wp-user No.known.fix Unauthenticated.SQLi HIGH" "wp-user No.known.fix Admin+.Stored.XSS LOW" "wp-user 7.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-users-disable No.known.fix Unauthenticated.Settings.Update MEDIUM" "ws-facebook-likebox No.known.fix Contributor+.Stored.XSS MEDIUM" "wsb-brands 1.2 Admin+.Stored.XSS LOW" "ws-form-pro 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form-pro 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "ws-form-pro 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-cloudflare-page-cache 4.7.6 Cross-Site.Request.Forgery MEDIUM" "wp-propagator No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-fullcalendar 1.6 Contributor+.Stored.XSS MEDIUM" "wp-fullcalendar 1.5 Unauthenticated.Arbitrary.Post.Access HIGH" "wp-health 2.17.1 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-site-protector No.known.fix Settings.Update.via.CSRF MEDIUM" "wpdb-to-sql No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-service-payment-form-with-authorizenet No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-dream-carousel No.known.fix Reflected.XSS HIGH" "widgets-for-ebay-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "woorousell 1.1.1 Contributor+.Stored.XSS MEDIUM" "woorousell 1.0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-simple-sitemap No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpml-string-translation 3.2.6 Admin+.SQLi MEDIUM" "wpdevart-vertical-menu 1.5.9 Theme.Deletion.via.CSRF MEDIUM" "wpdevart-vertical-menu 1.5.9 Admin+.Stored.XSS LOW" "wp-data-access 5.5.23 Unauthenticated.SQL.Injection HIGH" "wp-data-access 5.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-data-access 5.3.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-data-access 5.3.8 Subscriber+.Privilege.Escalation HIGH" "wp-data-access 5.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-data-access 5.0.0 Admin+.SQL.Injection HIGH" "wonderplugin-slider-lite 14.0 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-finance No.known.fix Stored.XSS.via.CSRF HIGH" "wp-finance No.known.fix Reflected.XSS HIGH" "wholesalex 1.3.3 Unauthenticated.Privilege.Escalation MEDIUM" "wholesalex 1.3.2 Sensitive.Information.Exposure.via.export_users MEDIUM" "wholesalex 1.3.3 Unauthenticated.PHP.Object.Injection CRITICAL" "wholesalex 1.3.2 Authenticated(Subscriber+).Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wp-datepicker 2.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.2 Missing.Authorization MEDIUM" "wp-datepicker 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-datepicker 2.1.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wp-map-block 1.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wti-like-post No.known.fix IP.Spoofing MEDIUM" "wti-like-post 1.4.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "wti-like-post 1.4.3 Unauthenticated.Blind.SQL.Injection CRITICAL" "wp-content-pilot 1.3.4 Authenticated.(Contributor+).Content.Injection MEDIUM" "wc-shipos-delivery No.known.fix Reflected.Cross-Site.Scripting.via.dvsfw_bulk_label_url.Parameter MEDIUM" "wemanage-app-worker 1.2.3 Subscriber+.Arbitrary.File.Upload HIGH" "wp-job-manager 2.3.0 Unauthenticated.Information.Exposure MEDIUM" "wp-job-manager 2.1.0 Unauthenticated.Job.Status.Update MEDIUM" "wp-job-manager 2.1.0 Cross-Site.Request.Forgery MEDIUM" "wp-job-manager 1.31.3 Phar.Deserialization MEDIUM" "wp-job-manager 1.29.3 Unauthenticated.Object.Injection CRITICAL" "wp-job-manager 1.26.2 Unauthenticated.Arbitrary.File.Upload HIGH" "woo-remove-cart-and-query-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-remove-cart-and-query-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-bulletin-board No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wppageflip No.known.fix index.php.pageflipbook_language.Parameter.Traversal.Local.File.Inclusion CRITICAL" "wp-food-manager 1.0.4 Admin+.Stored.XSS LOW" "wp-remote-site-search 1.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-radio No.known.fix Missing.Authorization.via.multiple.AJAX.actions MEDIUM" "wp-radio No.known.fix Authenticated(Subscriber+).Stored.Cross-Site.Scripting.via.Settings MEDIUM" "wp-radio No.known.fix CSRF MEDIUM" "wp-radio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-radio 3.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-simpleweather No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "web-stat 1.4.1 API.Key.Disclosure HIGH" "wp-simple-galleries No.known.fix Contributor+.PHP.Object.Injection HIGH" "wp-limit-login-attempts No.known.fix IP.Spoofing MEDIUM" "woocommerce-currency-switcher 1.4.2.3 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.2 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "woocommerce-currency-switcher 1.4.2.1 Missing.Authorization MEDIUM" "woocommerce-currency-switcher 1.4.1.9 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woocommerce-currency-switcher 1.4.1.8 Cross-Site.Request.Forgery MEDIUM" "woocommerce-currency-switcher 1.4.1.7 Subscriber+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.4.1.5 Cross-Site.Request.Forgery.via.delete_profiles_data MEDIUM" "woocommerce-currency-switcher 1.3.9.4 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.9.3 Contributor+.Stored.XSS MEDIUM" "woocommerce-currency-switcher 1.3.7.5 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7.3 Reflected.Cross-Site.Scripting HIGH" "woocommerce-currency-switcher 1.3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-currency-switcher 1.3.7 Authenticated.(Low.Privilege).Local.File.Inclusion CRITICAL" "wp-forecast 9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-forecast 7.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-better-emails No.known.fix Admin+.Stored.XSS LOW" "woo-viet 1.5.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-ninjaforms-product-addons 1.7.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-inventory-management No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpsolr-search-engine 8.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-power-stats No.known.fix CSRF MEDIUM" "wc-pre-order No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-login-security-and-history No.known.fix CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-krpano No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-gallery-exporter No.known.fix Authenticated.(Administrator+).Arbitrary.File.Download LOW" "wf-cookie-consent 1.1.4 Authenticated.Persistent.Cross-Site.Scripting.(XSS) MEDIUM" "woo-stripe-payment 3.3.10 3.3.9.-.Missing.Authorization.Controls.to.Financial.Account.Hijacking MEDIUM" "wp-popups-lite 2.2.0.2 Unauthenticated.Full.Path.Disclosure MEDIUM" "wp-popups-lite 2.1.5.6 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-popups-lite 2.1.5.1 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.9 Contributor+.Stored.XSS MEDIUM" "wp-popups-lite 2.1.4.8 Contributor+.Stored.XSS MEDIUM" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-testimonial-widget No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-testimonial-widget No.known.fix Missing.Authorization MEDIUM" "wpqa 6.1.1 Arbitrary.Category.and.Tag.Follow/Unfollow.via.CSRF MEDIUM" "wpqa 6.1.1 Contributor+.Stored.XSS MEDIUM" "wpqa 5.9.3 Missing.validation.lead.to.functionality.abuse LOW" "wpqa 5.9 Follow/Unfollow.via.CSRF MEDIUM" "wpqa 5.7 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.5 Unauthenticated.Private.Message.Disclosure MEDIUM" "wpqa 5.4 Reflected.Cross-Site.Scripting MEDIUM" "wpqa 5.2 Subscriber+.Arbitrary.Profile.Picture.Deletion.via.IDOR MEDIUM" "wpqa 5.2 Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "wpqa 5.2 Subscriber+.Stored.Cross-Site.Scripting.via.Profile.fields MEDIUM" "woocommerce-brands 1.6.50 Cross-Site.Request.Forgery MEDIUM" "woocommerce-brands 1.6.46 Contributor+.Stored.XSS MEDIUM" "wp-airbnb-review-slider 4.0 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-airbnb-review-slider 3.3 Subscriber+.SQLi HIGH" "wp-airbnb-review-slider 3.3 CSRF MEDIUM" "woo-conditional-payment-gateways 1.16.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-payment-gateways 1.13.1.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-recently-viewed-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-flash-uploader 3.1.3 Arbitrary.Comm&.Execution CRITICAL" "wadi-survey No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wadi-survey No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-products-designer No.known.fix CSRF MEDIUM" "woocommerce-pos 1.4.12 Insufficient.Verification.of.Data.Authenticity.to.Authenticated.(Customer+).Information.Disclosure MEDIUM" "wp-login-with-ajax No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-query-console No.known.fix Unauthenticated.Remote.Code.Execution CRITICAL" "wp-media-library-categories 2.0.1 Admin+.Stored.XSS LOW" "wp-media-library-categories 2.0.0 Admin+.Stored.XSS LOW" "windsor-strava-club No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-staging-pro 5.6.1 Backup.Duplicator.&.Migration.<.5.6.1.-.Cross-Site.Request.Forgery.to.Limited.Local.File.Inclusion HIGH" "wp-staging-pro 5.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging-pro 5.4.0 Admin+.Stored.XSS LOW" "wp-staging-pro 5.1.3 Unauthenticated.Backup.Download HIGH" "wc-wallet No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Content.Deletion MEDIUM" "wplms-plugin 1.9.9.5.3 Unauthenticated.SQL.Injection HIGH" "wp-imageflow2 5.2.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-imageflow2 5.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 5.0 Missing.Authorization MEDIUM" "wordpress-easy-paypal-payment-or-donation-accept-plugin 4.9.10 Contributor+.Stored.XSS MEDIUM" "wp-asset-clean-up 1.3.9.9 Authenticated.(Admin+).Server-Side.Request.Forgery MEDIUM" "wp-asset-clean-up 1.3.9.4 Missing.Authorization MEDIUM" "wp-asset-clean-up 1.3.5.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting.via.AJAX.Action HIGH" "wp-asset-clean-up 1.3.8.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-asset-clean-up 1.3.6.7 CSRF.&.XSS LOW" "wp-autosearch No.known.fix Unauthenticated.SQLi HIGH" "wp-meta-and-date-remover 2.3.1 Cross-Site.Request.Forgery.via.updateSettings MEDIUM" "wp-meta-and-date-remover 2.2.0 Subscriber+.Stored.XSS HIGH" "wp-meta-and-date-remover 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.43.4 Use.of.Polyfill.io MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.32.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-google-adwords-conversion-tracking-tag 1.14.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-nmi-three-step No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-nmi-three-step No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-nmi-three-step No.known.fix CSRF.Bypass MEDIUM" "wordpress-custom-sidebar No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-social-feed No.known.fix Reflected.XSS HIGH" "wp-phone-message No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-phone-message No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-eu-vat-assistant 2.1.2.230718 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-eu-vat-assistant 2.0.28.220224 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "website-toolbox-forums 2.0.2 Reflected.Cross-Site.Scripting.via.websitetoolbox_username MEDIUM" "wordpress-file-upload-pro 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wordpress-file-upload-pro 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wp-register-profile-with-shortcode 3.6.0 Cross-Site.Request.Forgery.to.User.Password.Reset HIGH" "wp-register-profile-with-shortcode 3.5.9 Admin+.Stored.XSS LOW" "woocommerce-html5-video No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widget-twitter No.known.fix Contributor+.SQLi MEDIUM" "wp-bulk-sms No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rss-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wc1c-main No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-google-places-review-slider 15.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 13.6 Admin+.Stored.XSS LOW" "wp-google-places-review-slider 12.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-google-places-review-slider 11.8 Subscriber+.SQLi HIGH" "wp-google-places-review-slider 11.6 Admin+.Stored.XSS LOW" "wp-courses 3.2.22 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.User.Meta.Update HIGH" "wp-courses 3.2.4 Subscriber+.Arbitrary.Options.Update HIGH" "wp-courses 3.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-courses 3.2.4 Missing.Authorization MEDIUM" "wp-courses 2.0.44 Reflected.Cross-Site.Scripting HIGH" "wp-courses 2.0.44 Authenticated.Stored.XSS.via.Video.Embed.Code LOW" "wp-courses 2.0.29 Broken.Access.Controls.leading.to.Courses.Content.Disclosure HIGH" "wptools 3.43 Subscriber+.Arbitrary.Plugin.Installation HIGH" "wpforms 1.8.5.4 Unauthenticated.Stored.Cross-Site.Scripting.via.Form.Submission HIGH" "wpforms 1.7.7 CSV.Injection MEDIUM" "wp-intro-js-tours No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpsso 18.18.2 Missing.Authorization MEDIUM" "wp-insert 2.5.1 Admin+.Stored.XSS MEDIUM" "weixin-robot-advanced No.known.fix Reflected.XSS HIGH" "wp-auto-top No.known.fix Cross-Site.Request.Forgery MEDIUM" "wpfavicon No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting LOW" "woocommerce-ultimate-gift-card No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-ultimate-gift-card 2.9.1 Create,.Sell.and.Manage.Gift.Cards.with.Customized.Email.Templates.<.2.9.1.-.Reflected.Cross-Site.Scripting MEDIUM" "wp-twitter-mega-fan-box No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wpmozo-addons-lite-for-elementor 1.1.1 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wpmozo-addons-lite-for-elementor 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wha-wordsearch No.known.fix Contributor+.Stored.XSS MEDIUM" "wha-wordsearch No.known.fix Author+.Stored.Cross-Site.Scripting MEDIUM" "woo-add-to-cart-text-change 2.1 Add.to.cart.Text.Update.via.CSRF MEDIUM" "wp-ultimate-reviews-free No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-backgrounds-lite No.known.fix CSRF.Bypass MEDIUM" "wpadverts 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "wpadverts 2.1.7 Unauthenticated.Stored.Cross-Site.Scripting.via.adverts_add.Shortcode HIGH" "wpadverts 2.1.3 Cross-Site.Request.Forgery MEDIUM" "wp-custom-login-page No.known.fix Admin+.Stored.XSS LOW" "wplegalpages 3.2.8 Cross-Site.Request.Forgery MEDIUM" "wplegalpages 2.9.3 Contributor+.Stored.XSS MEDIUM" "wplegalpages 2.7.1 Subscriber+.Arbitrary.Settings.Update.to.Stored.XSS MEDIUM" "wplegalpages 1.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-post-modal No.known.fix Admin+.Stored.XSS LOW" "wp-mail-smtp 4.1.0 Admin+.SMTP.Password.Exposure LOW" "wordpress-users No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-altcoin-payment-gateway No.known.fix Unauthenticated.SQL.Injection HIGH" "woo-altcoin-payment-gateway 1.7.3 Unauthenticated.SQLi HIGH" "woo-altcoin-payment-gateway 1.6.1 Reflected.Cross-Site.Scripting HIGH" "woo-advanced-product-information 1.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordfence 7.6.1 Admin+.Stored.Cross-Site.Scripting LOW" "wordfence 7.1.14 Username.Enumeration.Prevention.Bypass MEDIUM" "wordfence 5.1.5 Cross-Site.Scripting.(XSS) MEDIUM" "weaver-themes-shortcode-compatibility No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wumii-related-posts No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-infusionsoft-woocommerce 1.0.9 Reflected.Cross-Site.Scripting HIGH" "wp-event-solution 4.0.21 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-event-solution 4.0.6 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 4.0.5 Missing.Authorization.to.Authenticated.(Contributor+).Event.Data.Import MEDIUM" "wp-event-solution 4.0.0 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-solution 3.3.51 Missing.Authorization.to.Unauthenticated.Events.Export MEDIUM" "wp-affiliate-disclosure 1.2.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.$id MEDIUM" "wp-affiliate-disclosure 1.2.7 Cross-Site.Request.Forgery.via.check_capability MEDIUM" "wp-affiliate-disclosure 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-affiliate-disclosure 1.1.4 Subscriber+.Arbitrary.Option.Update CRITICAL" "webapp-builder No.known.fix Unauthenticated.File.Upload CRITICAL" "woocommerce-cloak-affiliate-links 1.0.36 Cross-Site.Request.Forgery MEDIUM" "woocommerce-cloak-affiliate-links 1.0.34 Missing.Authorization.to.Unauthenticated.Permalink.Modification HIGH" "weebotlite No.known.fix Admin+.Stored.XSS LOW" "woodiscuz-woocommerce-comments No.known.fix Cross-Site.Request.Forgery MEDIUM" "woodiscuz-woocommerce-comments No.known.fix Admin+.Stored.XSS LOW" "wp-nerd-toolkit No.known.fix Unauthenticated.Information.Exposure MEDIUM" "woocommerce-chained-products 2.12.0 Unauthenticated.Arbitrary.Options.Update.to.'no' MEDIUM" "wp-custom-google-search No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpcasa 1.3.0 Insecure.Direct.Object.Reference MEDIUM" "wp-gmappity-easy-google-maps No.known.fix Subscriber+.SQL.Injection HIGH" "wp-super-popup No.known.fix Admin+.Stored.XSS LOW" "wp-about-author No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-vr-view No.known.fix Outdated.VRView.Library.Used,.Leading.to.Reflected.XSS HIGH" "wpdirectorykit 1.3.6 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.3.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wpdirectorykit 1.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wpdirectorykit 1.2.7 Missing.Authorization MEDIUM" "wpdirectorykit 1.2.4 Missing.Authorization.for.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.4 Reflected.Cross-Site.Scripting.via.search.parameter MEDIUM" "wpdirectorykit 1.2.0 Unauthenticated.Local.File.Inclusion HIGH" "wpdirectorykit 1.2.3 Unauthenticated.Arbitrary.Settings.Update MEDIUM" "wpdirectorykit 1.2.2 Cross-Site.Request.Forgery.to.Plugin.Settings.Update MEDIUM" "wpdirectorykit 1.2.0 Cross-Site.Request.Forgery MEDIUM" "wpdirectorykit 1.2.0 Open.Redirect MEDIUM" "wp-topbar No.known.fix CSRF MEDIUM" "wp-topbar No.known.fix Admin+.SQLi MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-custom-taxonomy-meta No.known.fix Cross-Site.Request.Forgery.to.Taxonomy.Meta.Add/Delete MEDIUM" "wp-custom-taxonomy-meta No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp24-domain-check 1.10.15 Reflected.Cross-Site.Scripting MEDIUM" "wp24-domain-check 1.6.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woostagram-connect No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-ultimate-csv-importer 7.9.9 Author+.RCE MEDIUM" "wp-ultimate-csv-importer 7.9.9 Imported.Files.Disclosure MEDIUM" "wp-ultimate-csv-importer 7.9.9 Author+.Privilege.Escalation MEDIUM" "wp-ultimate-csv-importer 6.5.8 Admin+.SQLi MEDIUM" "wp-ultimate-csv-importer 6.5.8 Missing.Authorisation LOW" "wp-ultimate-csv-importer 6.5.3 Admin+.Blind.SSRF MEDIUM" "wp-ultimate-csv-importer 6.4.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ultimate-csv-importer 6.4.2 Subscriber+.Arbitrary.Option.Deletion HIGH" "wp-ultimate-csv-importer 6.4.1 Subscriber+.Arbitrary.File.Upload CRITICAL" "wp-ultimate-csv-importer 5.6.1 CSRF HIGH" "wp-ultimate-csv-importer 3.8.8 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-ultimate-csv-importer 3.8.1 XSS MEDIUM" "wp-opt-in No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-time-capsule 1.22.22 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-time-capsule 1.22.22 Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-time-capsule 1.22.22 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-time-capsule 1.22.21 Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-time-capsule 1.22.7 Reflected.Cross-Site.Scripting HIGH" "wp-time-capsule 1.21.16 Authentication.Bypass CRITICAL" "wen-responsive-columns 1.3.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-helper-lite 4.6.2 Missing.Authorization.in.whp_smtp_send_mail_test MEDIUM" "wp-helper-lite 4.6.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-helper-lite 4.5.2 Cross-Site.Request.Forgery.via.whp_fields MEDIUM" "wp-helper-lite 4.3 Reflected.Cross-Site.Scripting HIGH" "wp-s3 1.6 Reflected.XSS HIGH" "wp-poll No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.via.form_data.Parameter HIGH" "wp-poll 3.3.78 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-poll 3.3.77 Information.Exposure MEDIUM" "wp-live-tv No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-live-tv No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-website-creator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-save-abandoned-carts 8.2.1 Cross-Site.Request.Forgery MEDIUM" "wp-tiles No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-tiles No.known.fix Contributor+.Stored.XSS HIGH" "wp-tiles No.known.fix Subscriber+.Draft/Private.Post.Title.Disclosure MEDIUM" "wp-post-styling 1.3.1 Multiple.CSRF MEDIUM" "woocommerce-country-based-payments 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-country-based-payments 1.4.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-store-locator-extenders 1.4.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-store-locator-extenders 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-order-export-lite 3.5.6 Unauthenticated.PHP.Object.Injection.via.Order.Details HIGH" "woo-order-export-lite 3.4.5 Shop.Manager+.Remote.Code.Execution CRITICAL" "woo-order-export-lite 3.3.3 Export.Files.via.CSRF MEDIUM" "woo-order-export-lite 3.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-order-export-lite 3.1.8 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woo-order-export-lite 3.1.4 Authenticated.Cross-Site.Scripting.(XSS) LOW" "woo-order-export-lite 1.5.5 CSV.Injection HIGH" "wp-page-duplicator No.known.fix Missing.Authorization.to.Unauthenticated.Post/Page.Duplication MEDIUM" "wp-download-mirror-counter No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-auto-affiliate-links 6.4.7 Admin+.SQL.Injection MEDIUM" "wp-auto-affiliate-links 6.4.4 Authenticated.(Editor+).SQL.Injection CRITICAL" "wp-auto-affiliate-links 6.4.3.1 Missing.Authorization.via.aalAddLink MEDIUM" "wp-auto-affiliate-links 6.4.2.8 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.6 Cross-Site.Request.Forgery MEDIUM" "wp-auto-affiliate-links 6.4.2.5 Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wp-auto-affiliate-links 6.3.0.3 Settings.Update.via.CSRF MEDIUM" "wow-carousel-for-divi-lite 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Carousel.and.Logo.Carousel.Widgets MEDIUM" "wow-carousel-for-divi-lite 1.2.12 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-payments 3.5.9 Missing.Authorization MEDIUM" "woocommerce-product-payments 3.2.8 Reflected.XSS HIGH" "woocommerce-product-payments 3.2.7 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-product-payments 3.1.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-chgfontsize No.known.fix Arbitrary.Settings.Update.via.CSRF.to.Stored.XSS MEDIUM" "wp-central No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-central 1.5.1 Improper.Access.Control.to.Privilege.Escalation HIGH" "wpvr 8.5.15 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpvr 8.5.6 Missing.Authorization MEDIUM" "wpvr 8.5.5 Missing.Authorization MEDIUM" "wpvr 8.3.15 Unauthenticated.Plugin.Downgrade.leading.to.XSS HIGH" "wpvr 8.3.5 Reflected.XSS HIGH" "wpvr 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wpvr 8.3.0 Subscriber+.Arbitrary.Tour.Update MEDIUM" "wpvr 8.2.9 Reflected.XSS HIGH" "wpvr 8.2.8 Subscriber+.Settings.Update MEDIUM" "wpvr 8.2.7 Contributor+.Stored.XSS MEDIUM" "wp-simple-booking-calendar 2.0.11 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-booking-calendar 2.0.8.5 Cross-Site.Request.Forgery MEDIUM" "wp-simple-booking-calendar 2.0.6 Authenticated.SQL.Injection MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 15.0 Contributor+.Stored.XSS MEDIUM" "wpseo-local 14.9 Reflected.XSS HIGH" "wpseo-local 14.9 CSRF MEDIUM" "woo-razorpay 4.5.7 Transfers.Manipulation.via.CSRF MEDIUM" "woo-razorpay 4.5.7 Subscriber+.Transfers.Manipulation MEDIUM" "wp-awesome-faq No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-awesome-faq 4.1.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-inimat No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wpbricks No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpbricks No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-shipping-per-product 2.5.5 Missing.Authorization MEDIUM" "wp-blog-post-layouts 1.1.4 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "wplyrics No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-csv No.known.fix Reflected.XSS.via.CSV.Import MEDIUM" "woo-refund-and-exchange-lite 4.4.6 Unauthenticated.Sensitive.Information.Exposure.Through.Unprotected.Directory MEDIUM" "woo-refund-and-exchange-lite 4.4.6 Subscriber+.IDOR MEDIUM" "woo-refund-and-exchange-lite 4.0.9 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-keyword-monitor No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpo365-login 28.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.pintra.Shortcode MEDIUM" "wpo365-login 15.4 Unauthenticated.Stored.Cross-Site.Scripting CRITICAL" "wpo365-login 11.7 JWT.Signature.Verification.Bypass HIGH" "wp-job-openings 3.4.3 Sensitive.Data.Exposure.via.Directory.Listing MEDIUM" "woffice-core 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice-core 5.4.9 Missing.Authorization MEDIUM" "wpc-smart-messages 4.2.2 Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "wpc-smart-messages 4.2.2 Missing.Authorization.to.Authenticated.(Subscriber+).Message.Activation/Deactivation MEDIUM" "wp-pinterest-automatic 4.14.4 Unauthenticated.Arbitrary.Options.Update CRITICAL" "wp-feature-box No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wps-team 2.8.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-dispensary No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-custom-checkout-fields No.known.fix Reflected.Cross-Site.Scripting HIGH" "woo-social-login 2.7.8 WordPress./.WooCommerce.Plugin.<.2.7.8.-.Authentication.Bypass HIGH" "woo-social-login 2.7.6 Social.Login.<.2.7.6.-.Authentication.Bypass.to.Account.Takeover CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Authentication.Bypass HIGH" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "woo-social-login 2.7.4 Social.Login.<.2.7.4.-.Unauthenticated.Privilege.Escalation.via.One-Time.Password HIGH" "woo-social-login 2.7.0 Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Unauthenticated.PHP.Object.Injection CRITICAL" "woo-social-login 2.6.3 Social.Login.<.2.6.3.-.Email.Verification.due.to.Insufficient.Randomness MEDIUM" "wpslacksync 1.8.6 Slack.Access.Token.Disclosure HIGH" "wpheka-request-for-quote 1.3 CSRF.Bypass MEDIUM" "wp-ticket 5.10.4 Admin+.Stored.Cross-Site.Scripting LOW" "wp-ticket 5.6.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-mobile-pack No.known.fix Cross-Site.Request.Forgery MEDIUM" "wordpress-mobile-pack 2.1.3 Information.Disclosure HIGH" "woocommerce-pdf-invoices-packing-slips 3.8.7 Missing.Authorization MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 3.8.1 Unauthenticated.Server-Side.Request.Forgery MEDIUM" "woocommerce-pdf-invoices-packing-slips 3.7.6 Shop.Manager+.SQL.Injection HIGH" "woocommerce-pdf-invoices-packing-slips 3.0.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.16.0 Reflected.Cross-Site.Scripting LOW" "woocommerce-pdf-invoices-packing-slips 2.15.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-pdf-invoices-packing-slips 2.10.5 Reflected.Cross-Site.Scripting HIGH" "woocommerce-pdf-invoices-packing-slips 2.0.13 XSS MEDIUM" "wpgform No.known.fix Admin+.Stored.XSS LOW" "wpgform 0.94 Eval.Injection HIGH" "wp-editor 1.2.9.1 Authenticated.(Admin+).PHAR.Deserialization HIGH" "wp-editor 1.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-editor 1.2.8 Sensitive.Information.Exposure.via.log.file MEDIUM" "wp-editor 1.2.7 Authenticated.SQL.injection CRITICAL" "wp-editor 1.2.6.3 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "wp-editor 1.2.6 CSRF.&.Incorrect.Permissions CRITICAL" "wp-jump-menu No.known.fix Admin+.Stored.XSS LOW" "wp-import-export 3.9.16 Unauthenticated.Sensitive.Data.Disclosure HIGH" "wp-attest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-attest No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-filter No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-facebook-review-showcase-lite 1.0.9 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-retina-2x 6.4.6 Sensitive.Information.Exposure MEDIUM" "wp-retina-2x 5.2.3 Cross-Site.Scripting.(XSS) MEDIUM" "woo-admin-product-notes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-admin-product-notes No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-admin-product-notes No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-sort-order 1.3.2 Missing.Authorization MEDIUM" "weekly-class-schedule No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-smart-quick-view 4.1.2 Contributor+.DOM-Based.Stored.XSS.via.FancyBox.JavaScript.Library MEDIUM" "woo-smart-quick-view 4.0.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-pro-counter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-pro-counter No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-visited-countries-reloaded 3.1.1 Reflected.Cross-Site.Scripting HIGH" "woocommerce-catalog-enquiry 5.0.6 Cross-Site.Request.Forgery.via.REST.API MEDIUM" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Stored.XSS.via.Arbitrary.Setting.Update HIGH" "woocommerce-catalog-enquiry 5.0.3 Unauthenticated.Inquiry.Saving.&.Sensitive.Information.Disclosure MEDIUM" "woocommerce-catalog-enquiry 3.1.0 Arbitrary.File.Upload HIGH" "woo-oscommerce-sync No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wd-facebook-feed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wd-facebook-feed 1.2.9 Reflected.XSS MEDIUM" "wd-facebook-feed 1.1.27 Authenticated.SQL.Injection MEDIUM" "wpgenealogy 0.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wpgenealogy 0.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp2appir No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-nextgen-galleryview No.known.fix Reflected.XSS HIGH" "wordpress-nextgen-galleryview No.known.fix Cross-Site.Request.Forgery MEDIUM" "wc-multivendor-membership 2.11.0 Unauthenticated.Arbitrary.Password.Update.via.IDOR CRITICAL" "wc-multivendor-membership 2.10.1 Unauthenticated.AJAX.Calls HIGH" "wc-multivendor-membership 2.10.1 Unauthenticated.Privilege.Escalation CRITICAL" "wc-multivendor-membership 2.10.0 Multiple.CSRF MEDIUM" "wp-video-lightbox 1.9.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.width.Parameter MEDIUM" "wp-video-lightbox 1.9.7 Contributor+.Stored.XSS MEDIUM" "wp-video-lightbox 1.9.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-video-lightbox 1.9.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-video-lightbox 1.9.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-easy-recipe No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-coming-soon-booster 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-social-widget 2.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.shortcode MEDIUM" "wp-social-widget 2.2.4 Contributor+.Stored.XSS MEDIUM" "wp-svg-upload No.known.fix Author+.Stored.XSS.via.SVG MEDIUM" "wp-d3 No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-d3 2.4.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-simple-html-sitemap 3.2 Authenticated.(Admin+).SQL.Injection CRITICAL" "wp-simple-html-sitemap 2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-simple-html-sitemap 2.8 Missing.Authorization MEDIUM" "wp-simple-html-sitemap 2.3 Reflected.XSS HIGH" "wp-simple-html-sitemap 2.6 Contributor+.Stored.XSS MEDIUM" "wedesin-html-sitemap No.known.fix Reflected.Cross-Site.Scripting.via.'channel' MEDIUM" "wp-click-info No.known.fix Reflected.XSS HIGH" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-revive-adserver No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wholesale-market-for-woocommerce 2.0.0 Admin+.Arbitrary.Log.Download MEDIUM" "wholesale-market-for-woocommerce 2.0.1 Settings.Update.via.CSRF MEDIUM" "wholesale-market-for-woocommerce 1.0.8 Admin+.Arbitrary.File.Download MEDIUM" "wholesale-market-for-woocommerce 1.0.7 Unauthenticated.Arbitrary.File.Download HIGH" "wp-estimation-form 10.1.77 Missing.Authorization MEDIUM" "wp-estimation-form 10.1.76 Reflected.Cross-Site.Scripting MEDIUM" "wp-estimation-form 10.1.76 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wishlist-member-x No.known.fix Unauthenticated.Denial.of.Service MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Stored.Cross-Site.Scripting HIGH" "wishlist-member-x No.known.fix Missing.Authorization.to.Information.Disclosure MEDIUM" "wishlist-member-x No.known.fix Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wishlist-member-x No.known.fix Unauthenticated.Information.Exposure MEDIUM" "wishlist-member-x No.known.fix Authenticated.(Subscriber+).Remote.Code.Execution CRITICAL" "wishlist-member-x No.known.fix Subscriber+.Privilege.Escalation HIGH" "wp-bitly No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "wp-bitly 2.7.3 Missing.Authorization MEDIUM" "wp-bitly 2.7.2 Contributor+.Stored.XSS MEDIUM" "webmaster-tools No.known.fix Admin+.Stored.XSS LOW" "webmaster-tools No.known.fix Settings.Update.to.Stored.XSS.via.CSRF HIGH" "wpforms-user-registration 2.1.2 Missing.Authorization.to.Authenticated.(Contributor+).Privilege.Escalation HIGH" "wgauge No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wgauge No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-advanced-search 3.3.9.3 Admin+.Stored.XSS LOW" "wp-advanced-search 3.3.9.2 Unauthenticated.SQL.Injection HIGH" "wp-advanced-search 3.3.9 Settings.Update.via.CSRF MEDIUM" "wp-advanced-search 3.3.7 Authenticated.SQL.Injection HIGH" "wp-elegant-testimonial No.known.fix Multiple.Authenticated.Stored.Cross-Site.Scripting LOW" "woocommerce-products-slider 1.13.51 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-products-slider 1.13.42 Contributor+.Stored.XSS MEDIUM" "woocommerce-products-slider 1.13.22 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-woocommerce-quickbooks 1.1.9 Reflected.Cross-Site.Scripting HIGH" "woocommerce-conversion-tracking 2.0.12 Subscriber+.Addon.Installation MEDIUM" "woocommerce-conversion-tracking 2.0.12 Subscriber+.happy-elementor-addons.Installation.&.Activation MEDIUM" "wp-photo-sphere No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-edd-downloads 1.0.61 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-edd-downloads 1.0.49 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-permalink-manager 2.3.11 Unauthenticated.Local.File.Inclusion CRITICAL" "woo-permalink-manager 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-permalink-manager 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-smart-wishlist 4.7.2 Add/Remove.Wishlist.Items.via.CSRF MEDIUM" "woo-smart-wishlist 2.9.9 Reflected.Cross-Site.Scripting MEDIUM" "woo-smart-wishlist 2.9.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-image-carousel No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-address-book 1.6.0 CSRF HIGH" "wp-users-exporter No.known.fix CSV.Injection MEDIUM" "wp-publications No.known.fix Admin+.Stored.XSS LOW" "wp-publications No.known.fix Local.File.Inclusion HIGH" "wsify-widget No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-google-analytics-events 2.8.1 Reflected.Cross-Site.Scripting MEDIUM" "woosms-sms-module-for-woocommerce 3.0.3 Missing.Authorization.via.Multiple.AJAX.Actions MEDIUM" "woocommerce 9.7.1 Shop.Manager+.Stored.XSS.via.New.Product.Form MEDIUM" "woocommerce 9.4.3 Reflected.XSS HIGH" "woocommerce 9.4.3 Unauthenticated.Order.Creation MEDIUM" "woocommerce 9.1.0 Unauthenticated.HTML.Injection MEDIUM" "woocommerce 9.2 Contributor+.Stored.XSS MEDIUM" "woocommerce 9.1.4 Stored.XSS LOW" "woocommerce 9.0.0 Shop.Manager+.Content.Injection LOW" "woocommerce 8.9.3 8.9.2.-.Reflected.XSS HIGH" "woocommerce 8.6.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.6 Contributor+.Private/Draft.Products.Access LOW" "woocommerce 8.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce 8.3.0 Cross-Site.Request.Forgery MEDIUM" "woocommerce 8.2.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Featured.Image.alt.Attribute MEDIUM" "woocommerce 7.9 Unauthenticated.Sensitive.Information.Disclosure MEDIUM" "woocommerce 7.9.0 Sensitive.Information.Exposure MEDIUM" "woocommerce 7.0.1 Authenticated(Shop.Manager+).Sensitive.Information.Exposure MEDIUM" "woocommerce 8.1.1 Shop.Manager+.User.Metadata.Disclosure MEDIUM" "woocommerce 6.6.0 Admin+.Stored.HTML.Injection LOW" "woocommerce 6.3.1 Orders.Marked.as.Paid.(via.PayPal.Standard.Gateway) LOW" "woocommerce 6.2.1 Path.Traversal.via.Importers MEDIUM" "woocommerce 6.2.1 Subscriber+.Arbitrary.Comment.Deletion MEDIUM" "woocommerce 5.7.0 Analytics.Report.Leaks MEDIUM" "woocommerce 5.5.1 Authenticated.Blind.SQL.Injection HIGH" "woocommerce 5.2.0 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "woocommerce 4.7.0 Arbitrary.Order.Status.Disclosure.via.IDOR MEDIUM" "woocommerce 4.6.2 Guest.Account.Creation MEDIUM" "woocommerce 4.2.1 Potential.Cross-Site.Scripting.(XSS).via.SelectWoo MEDIUM" "woocommerce 4.1.0 Unescaped.Metadata.when.Duplicating.Products LOW" "woocommerce 3.6.5 Cross-Site.Request.Forgery.(CSRF).&.File.Type.Check MEDIUM" "woocommerce 3.5.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "woocommerce 3.5.1 Authenticated.Stored.XSS HIGH" "woocommerce 3.4.6 Authenticated.Phar.Deserialization MEDIUM" "woocommerce 3.4.6 Authenticated.Stored.XSS MEDIUM" "wm-options-import-export No.known.fix Unauthenticated.Information.Exposure MEDIUM" "woo-advanced-extra-fees-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.25.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages 2.24.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-notification-bar No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-admin-logo-changer No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "wp-mail-logging 1.11.2 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-mail-logging 1.10.0 Outdated.Redux.Framework MEDIUM" "woo-store-mode No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-fade-in-text-news 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wpsyncsheets-wpforms 1.6.1 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "woocommerce-ajax-filters 1.6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-ajax-filters 1.5.4.7 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-academic-people No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpoptin No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "wpoptin 2.0.2 Unauthenticated.Local.File.Inclusion HIGH" "wpoptin 1.2.7 Reflected.Cross-Site.Scripting MEDIUM" "wpoptin 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fundraising-donation 1.7.1 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-fundraising-donation 1.7.0 Missing.Authorization MEDIUM" "wp-fundraising-donation 1.5.0 Unauthenticated.SQLi HIGH" "what-would-seth-godin-do 2.1.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "w4-post-list 2.4.6 Reflected.XSS HIGH" "w4-post-list 2.4.6 Contributor+.Stored.XSS MEDIUM" "w4-post-list 2.4.6 Subscriber+.Password.Protected.Post.Content.Disclosure MEDIUM" "w4-post-list 2.4.5 Contributor+.Stored.XSS MEDIUM" "wp-log-action 0.52 Reflected.XSS HIGH" "wp-paypal 1.2.3.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-photo-reviews 1.3.14 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "wp-page-widget 4.0 Settings.Update.via.CSRF MEDIUM" "wp-google-map-plugin 4.6.2 Authenticated.(Contributor+).SQL.Injection HIGH" "wp-google-map-plugin 4.4.0 Editor+.Stored.XSS LOW" "wp-google-map-plugin 4.4.3 Category/Location/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.2.4 Marker.Category/Map.Deletion.via.CSRF MEDIUM" "wp-google-map-plugin 4.1.5 Authenticated.SQL.Injection MEDIUM" "wp-google-map-plugin 4.1.0 CSRF.to.Unauthenticated.PHP.Object.Injection HIGH" "wp-google-map-plugin 4.0.4 XSS MEDIUM" "wp-google-map-plugin 3.1.2 XSS MEDIUM" "wp-google-map-plugin 2.3.10 Multiple.CSRF MEDIUM" "wp-google-map-plugin 3.0.0 CSRF.to.Authenticated.Cross-Site.Scripting.(XSS) HIGH" "wp-google-map-plugin 2.3.7 XSS MEDIUM" "wp-bugbot No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-bugbot No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-board No.known.fix Unauthenticated.SQL.Injection CRITICAL" "wp-email 2.69.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-email 2.69.0 Log.Deletion.via.CSRF MEDIUM" "wp-email 2.69.0 Anti-Spam.Protection.Bypass.via.IP.Spoofing MEDIUM" "woo-extra-flat-rate 4.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-extra-flat-rate 4.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-header-images 2.0.1 Reflected.Cross-Site.Scripting HIGH" "wp-planet No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "wordpress-multisite-user-sync 2.1.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-billingo-plus 4.4.5.4 Multiple.CSRF MEDIUM" "wp-gpx-maps No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.sgpx.Shortcode MEDIUM" "wp-gpx-maps 1.7.06 Missing.Authorization MEDIUM" "wp-jobsearch 2.6.8 Unauthenticated.Privilege.Escalation CRITICAL" "wp-jobsearch 2.6.8 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-jobsearch 2.6.1 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch 2.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.6 Missing.Authorization MEDIUM" "wp-jobsearch 2.5.4 Cross-Site.Request.Forgery MEDIUM" "wp-jobsearch 2.5.4 Unauthenticated.PHP.Object.Injection CRITICAL" "wp-jobsearch No.known.fix Authentication.Bypass.to.Account.Takeover CRITICAL" "wp-jobsearch 2.3.4 Arbitrary.File.Upload.to.RCE CRITICAL" "wp-jobsearch 2.3.4 Authentication.Bypass CRITICAL" "wp-jobsearch 1.8.2 Subscriber+.Arbitrary.Blog.Options.Update HIGH" "wp-jobsearch 1.8.2 Subscriber+.Add/Update.Schedule.Calls MEDIUM" "wp-jobsearch 1.8.2 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-jobsearch 1.7.4 Authenticated.Stored.XSS MEDIUM" "wp-jobsearch 1.5.6 Unauthenticated.Reflected.XSS MEDIUM" "wp-jobsearch 1.5.5 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "wp-jobsearch 1.5.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "wp-jobsearch 1.5.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woomotiv 3.6.3 Unauthenticated.SQL.Injection HIGH" "woomotiv 3.5.0 Review.Count.Reset.via.CSRF MEDIUM" "woomotiv 3.4.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-customers-manager 31.4 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "woocommerce-customers-manager 30.1 Bulk.Action.via.CSRF MEDIUM" "woocommerce-customers-manager 30.1 User.Deletion.via.CSRF LOW" "woocommerce-customers-manager 30.2 Subscriber+.Stored.XSS HIGH" "woocommerce-customers-manager 29.8 Reflected.XSS HIGH" "woocommerce-customers-manager 29.8 Subscriber+.Email.Disclosure MEDIUM" "woocommerce-customers-manager 29.7 Subscriber+.SQL.Injection HIGH" "woocommerce-customers-manager 26.6 Arbitrary.Account.Creation/Update.via.CSRF HIGH" "woocommerce-customers-manager 26.6 Authenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "woocommerce-customers-manager 26.5 Arbitrary.Account.Creation/Update.by.Low.Privilege.Users HIGH" "wp-listings-pro No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-file-upload 4.25.3 Cross-Site.Request.Forgery.in.wfu_file_details MEDIUM" "wp-file-upload 4.24.14 Unuathenticated.Remote.Code.Execution CRITICAL" "wp-file-upload 4.25.0 Unauthenticated.Remote.Code.Execution,.Arbitrary.File.Read,.and.Arbitrary.File.Deletion CRITICAL" "wp-file-upload 4.24.14 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.in.wfu_file_downloader.php HIGH" "wp-file-upload 4.25.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Path.Traversal MEDIUM" "wp-file-upload 4.24.12 Unauthenticated.Path.Traversal.to.Arbitrary.File.Read.and.Deletion.in.wfu_file_downloader.php CRITICAL" "wp-file-upload 4.24.9 Unauthenticated.Stored.Cross-Site.Scripting.via.SVG.File.Upload HIGH" "wp-file-upload 4.24.8 Missing.Authorization MEDIUM" "wp-file-upload 4.24.8 Unauthenticated.Stored.XSS HIGH" "wp-file-upload 4.24.8 Reflected.XSS HIGH" "wp-file-upload 4.24.8 Authenticated.(Contributor+).Directory.Traversal MEDIUM" "wp-file-upload 4.24.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.24.1 Cross-Site.Request.Forgery MEDIUM" "wp-file-upload 4.23.3 Author+.Stored.Cross-Site.Scripting LOW" "wp-file-upload 4.19.2 Admin+.Path.Traversal MEDIUM" "wp-file-upload 4.19.2 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-file-upload 4.16.3 Contributor+.Path.Traversal.to.RCE CRITICAL" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-file-upload 4.16.3 Contributor+.Stored.Cross-Site.Scripting.via.Malicious.SVG MEDIUM" "wp-file-upload 4.13.0 Directory.Traversal.to.RCE CRITICAL" "wp-file-upload 4.3.4 Cross-Site.Scripting.(XSS) MEDIUM" "wp-file-upload 4.3.3 Security.Issue.in.Shortcodes MEDIUM" "wp-file-upload 3.9.0 Insufficient.File.Extension.Blacklisting HIGH" "wp-file-upload 3.4.1 Unauthenticated.Malicious.File.Upload HIGH" "wp-file-upload 3.0.0 Multiple.Vulnerabilities HIGH" "wp-file-upload 2.7.1 JS.File.Upload HIGH" "wpgateway No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "woocommerce-payu-paisa No.known.fix Price.Tampering MEDIUM" "wp-letsencrypt-ssl 7.1.0 Sensitive.Information.Exposure.via.insufficiently.protected.files HIGH" "wp-letsencrypt-ssl 6.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-letsencrypt-ssl 5.7.10 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webappick-product-feed-for-woocommerce 6.5.7 Shop.Manager+.Arbitrary.Options.Update HIGH" "webappick-product-feed-for-woocommerce 3.1.15 Authenticated.Reflected.XSS MEDIUM" "wordpress-gallery-transformation No.known.fix Blind.SQL.Injection CRITICAL" "wp-setup-wizard 1.0.8.2 Authenticated.(Subscriber+).Full.Database.Download MEDIUM" "wt-woocommerce-wishlist 2.1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "widget-logic 5.10.3 CSRF.and.Lack.of.Authorisation HIGH" "widget-logic 5.10.2 CSRF.to.RCE HIGH" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.20 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.19 Unauthenticated.Content.Restriction.Bypass.to.Sensitive.Information.Exposure MEDIUM" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.15 Admin+.Stored.XSS LOW" "wp-user-avatar 4.15.9 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.5 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.6 Contributor+.Stored.Cross-Site.Scripting.via.'reg-single-checkbox' MEDIUM" "wp-user-avatar 4.15.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.profilepress-edit-profile.Shortcode MEDIUM" "wp-user-avatar 4.15.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.[reg-select-role].Shortcode MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Unauthenticated.Stored.XSS MEDIUM" "wp-user-avatar 4.15.0 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.14.4 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.13.3 Information.Disclosure.via.Debug.Log MEDIUM" "wp-user-avatar 4.13.2 Limited.Privilege.Escalation.via.'acceptable_defined_roles' HIGH" "wp-user-avatar 4.13.2 ProfilePress.<.4,13,2.Cross-Site.Request.Forgery.via.'admin_notice' MEDIUM" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Reflected.XSS HIGH" "wp-user-avatar 4.5.5 Contributor+.Stored.XSS MEDIUM" "wp-user-avatar 4.5.4 Admin+.Stored.XSS LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting LOW" "wp-user-avatar 4.5.1 Admin+.Stored.Cross-Site.Scripting.via.Form.Settings LOW" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting HIGH" "wp-user-avatar 3.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-avatar 3.1.11 Unauthenticated.Cross-Site.Scripting.(XSS).in.tabbed.login/register.widget MEDIUM" "wp-user-avatar 3.1.11 Multiple.Vulnerabilities CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Arbitrary.File.Upload.in.File.Uploader.Component CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Unauthenticated.Privilege.Escalation CRITICAL" "wp-user-avatar 3.1.4 3.1.3.-.Arbitrary.File.Upload.in.Image.Uploader.Component MEDIUM" "wp-user-avatar 3.1.8 Authenticated.Stored.XSS CRITICAL" "wp-webinarsystem 1.33.25 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Creation HIGH" "wp-webinarsystem 1.33.25 Missing.Authorization.to.Authenticated.(Subscriber+).Webinar.Updates HIGH" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.21 Cross-Site.Request.Forgery MEDIUM" "wp-webinarsystem 1.33.10 Reflected.Cross-Site.Scripting MEDIUM" "wp-imap-authentication No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wptelegram-widget 2.1.28 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-shapes No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "wp-bootscraper 4.0.0 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-maintenance-mode 2.6.9 Subscriber+.Page.design.Update MEDIUM" "wp-maintenance-mode 2.4.5 Subscribed.Users.Deletion.via.CSRF MEDIUM" "wp-maintenance-mode 2.0.7 Subscriber.Information.Disclosure MEDIUM" "wp-maintenance-mode 2.0.7 Authenticated.Multisite.Remote.Code.Execution HIGH" "wp-maintenance-mode 2.0.7 Missing.Settings.Authorization MEDIUM" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Export MEDIUM" "wc-dynamic-pricing-and-discounts 2.4.2 Unauthenticated.Settings.Import.to.Stored.XSS HIGH" "white-label 2.9.1 Cross-Site.Request.Forgery.via.white_label_reset_wl_admins MEDIUM" "wemail 1.14.6 Reflected.Cross-Site.Scripting MEDIUM" "wemail 1.14.3 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wp-subtitle 3.4.1 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-better-permalinks 3.0.5 CSRF.allowing.Option.Update HIGH" "waymark 1.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "waymark 1.4.2 Reflected.Cross-Site.Scripting.via.'content' MEDIUM" "woo-quick-view 1.1.3 Unauthenticated.Information.Disclosure MEDIUM" "woo-payment-gateway-for-piraeus-bank 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "wp-cors 0.2.2 Admin+.Stored.XSS LOW" "wp-stateless 3.4.1 Missing.Authorization.to.Limited.Arbitrary.Options.Update HIGH" "woocommerce-compare-products No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-compare-products No.known.fix Unauthenticated.PHP.Object.Injection HIGH" "webba-booking-lite 5.0.50 Missing.Authorization.to.Authenticated.(Subscriber+).CSS.Settings.Update MEDIUM" "webba-booking-lite 5.0 Cross-Site.Request.Forgery MEDIUM" "webba-booking-lite 4.5.31 Reflected.Cross-Site.Scripting MEDIUM" "webba-booking-lite 4.2.22 Admin+.Stored.Cross-Site.Scripting LOW" "webba-booking-lite 4.2.18 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-visual-slidebox-builder No.known.fix Subscriber+.SQLi HIGH" "wpdevtool No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-staging 3.5.0 Admin+.Arbitrary.File.Upload MEDIUM" "wp-staging 3.5.0 Admin+.SSRF MEDIUM" "wp-staging 3.5.0 Sensitive.Information.Exposure.via.Log.File MEDIUM" "wp-staging 3.4.0 Admin+.Stored.XSS LOW" "wp-staging 3.2.0 Unauthorized.Sensitive.Data.Exposure HIGH" "wp-staging 3.1.3 Unauthenticated.Backup.Download HIGH" "wp-staging 2.9.18 Admin+.Stored.Cross-Site.Scripting LOW" "woo-product-variation-swatches 2.3.8 Reflected.Cross-Site.Scripting HIGH" "wp-guppy 1.3 Sensitive.Information.Disclosure HIGH" "wp-svg-images 4.3 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG MEDIUM" "wp-svg-images 3.4 Authenticated.(author+).Stored.XSS.via.SVG MEDIUM" "widgets-on-pages-and-posts No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "widgets-on-pages-and-posts No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "webriti-companion 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "widget-for-eventbrite-api 5.3.1 Reflected.Cross-Site.Scripting MEDIUM" "widget-for-eventbrite-api 4.4.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-sticky-social 1.0.2 Stored.XSS.via.CSRF HIGH" "wp-table-pixie 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-eis No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-analytify 5.5.1 Missing.Authorization MEDIUM" "wp-analytify 5.5.0 Missing.Authorization MEDIUM" "wp-analytify 5.4.0 Cross-Site.Request.Forgery.to.Opt-out MEDIUM" "wp-analytify 5.2.4 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.2.4 Missing.Authorization MEDIUM" "wp-analytify 5.2.4 Missing.Authorization.to.Unauthenticated.Google.Analytics.Tracking.ID.Modification MEDIUM" "wp-analytify 5.2.0 Cross-Site.Request.Forgery MEDIUM" "wp-analytify 5.1.1 Missing.Authorization.to.Opt-In MEDIUM" "wp-analytify 4.2.3 Cache.Deletion.via.CSRF MEDIUM" "wp-analytify 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-find-your-nearest No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-find-your-nearest No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishlist 1.0.44 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishlist 1.0.42 Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-change-email-sender 2.0 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-signals 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-category-discount 4.13 Missing.Authorization.via.wpcd_save_discount() MEDIUM" "wp-cookie-user-info 1.0.9 Admin+.SQL.Injection MEDIUM" "wp-cookie-user-info 1.0.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-ada-compliance-check-basic 3.1.4 Cross-Site.Request.Forgery MEDIUM" "woocommerce-cvr-payment-gateway 6.1.0 Missing.Authorization.to.Authenticated.(Contributor+).CVR.Update MEDIUM" "wp-csv-exporter 1.3.7 CSV.Injection LOW" "wp-csv-exporter 1.3.7 Admin+.SQLi MEDIUM" "wp-all-export-pro 1.9.2 Authenticated.(ShopManager+).Arbtirary.Options.Update MEDIUM" "wp-all-export-pro 1.9.2 Unauthenticated.Remote.Code.Execution.via.Custom.Export.Fields HIGH" "wp-all-export-pro 1.8.6 Admin+.RCE MEDIUM" "wp-all-export-pro 1.8.6 Remote.Code.Execution.via.CSRF CRITICAL" "wp-all-export-pro 1.8.6 Author+.PHAR.Deserialization.via.CSRF HIGH" "wp-all-export-pro 1.7.9 Authenticated.SQLi MEDIUM" "wp-all-export-pro 1.7.9 Authenticated.Code.Injection CRITICAL" "wp-attachments No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "wp-attachments 5.0.6 Admin+.Stored.XSS LOW" "wp-attachments 5.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "wp-domain-redirect No.known.fix Authenticated.SQL.Injection MEDIUM" "wp-perfect-plugin 1.8.6 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woo-exfood 3.3.3 Restaurant.Menu.&.Food.ordering.<.3.3.3.-.Unauthenticated.Arbitrary.Shortcode.Execution.via.ids HIGH" "weaverx-theme-support 6.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.div.Shortcode MEDIUM" "weaverx-theme-support 6.3.1 Admin+.PHP.Object.Injection LOW" "weaverx-theme-support 6.2.7 Contributor+.Stored.XSS MEDIUM" "wppricing-builder-lite-responsive-pricing-table-builder No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wheel-of-life 1.1.9 Missing.Authorization MEDIUM" "wheel-of-life 1.1.8 Missing.Authorization.on.Several.AJAX.Endpoints MEDIUM" "wp-links-page 4.9.6 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Image.Update MEDIUM" "wp-links-page 4.9.5 Cross-Site.Request.Forgery.via.wplf_ajax_update_screenshots MEDIUM" "wp-links-page 4.9.4 Contributor+.Stored.XSS MEDIUM" "wp-coder 3.6.1 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-coder 3.5.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-coder 2.5.6 Reflected.XSS MEDIUM" "wp-coder 2.5.4 Admin+.SQLi MEDIUM" "wp-coder 2.5.3 Code.Deletion.via.CSRF MEDIUM" "wp-coder 2.5.2 RFI.leading.to.RCE.via.CSRF HIGH" "wp-db-table-editor No.known.fix Missing.Authorization.to.Authenticated(Contributor+).Database.Access HIGH" "wp-hr-gdpr No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hr-gdpr 0.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.7.2 CSRF MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.7.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-ecommerce-tracking-for-google-and-facebook 3.6.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpsection 1.3.9 Authenticated.(Contributor+).Local.File.Inlcusion HIGH" "wordpress-seo-premium 11.6 Authenticated.Stored.XSS CRITICAL" "widgets-for-zillow-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wc-vendors 2.4.7.1 Authenticated.(Shop.manager+).SQL.Injection.via.search.dates HIGH" "wc-vendors 2.4.5 Contributor+.Stored.XSS MEDIUM" "wpsimpletools-upload-limit No.known.fix Reflected.XSS HIGH" "wpematico 2.6.12 Admin+.Stored.Cross-Site.Scripting LOW" "wp-widget-bundle No.known.fix Widget.Disable/Enable.via.CSRF MEDIUM" "wp-widget-bundle No.known.fix Admin+.Stored.XSS LOW" "wp-widget-bundle No.known.fix Unauthencated.Reflected.XSS MEDIUM" "wc-remove-tabs-and-fields 1.68 Reflected.Cross-Site.Scripting MEDIUM" "wplite No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "woo-mailerlite 2.0.9 Cross-Site.Request.Forgery.via.Multiple.AJAX.Functions MEDIUM" "woo-mailerlite 2.0.9 Missing.Authorization.via.Multiple.Functions MEDIUM" "wp-custom-countdown No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wechat-social-login No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wechat-social-login No.known.fix Authentication.Bypass CRITICAL" "woocommerce-amazon-affiliates-light-version No.known.fix Lite.<=.3.1.-.CSRF MEDIUM" "web3-coin-gate No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "weblibrarian No.known.fix Reflected.XSS HIGH" "weblibrarian 3.5.5 SQL.Injection MEDIUM" "weblibrarian 3.4.8.6 XSS MEDIUM" "weblibrarian 3.4.8.7 XSS MEDIUM" "wp-extended-search 2.1.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-fixtag No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.21.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.18.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-mailster 1.8.18.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.18.0 Cross-Site.Request.Forgery MEDIUM" "wp-mailster 1.8.17.0 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-mailster 1.8.18.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).SQL.Injection.via.orderby HIGH" "wp-mailster 1.8.17.0 Missing.Authorization MEDIUM" "wp-mailster 1.8.17.0 Unauthenticated.Information.Exposure MEDIUM" "wp-mailster 1.8.17.0 Missing.Authorization HIGH" "wp-mailster 1.8.16.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-mailster 1.8.17.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-mailster 1.5.5 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wp-touch-slider No.known.fix Reflected.XSS HIGH" "wp-anything-slider 9.2 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wp-newsletter-subscription No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-tell-a-friend-popup-form No.known.fix Admin+.Stored.XSS LOW" "wp-tell-a-friend-popup-form No.known.fix Settings.Update.via.CSRF MEDIUM" "woo-product-finder 1.4.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-hide-post No.known.fix Arbitrary.Post.Hiding.via.CSRF MEDIUM" "woocommerce-product-addon 33.0.9 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-product-addon 32.0.21 Unauthenticated.Content.Injection.Vulnerability MEDIUM" "woocommerce-product-addon 32.0.19 Unauthenticated.Arbitrary.File.Upload.via.ppom_upload_file CRITICAL" "woocommerce-product-addon 32.0.7 Reflected.Cross-Site.Scripting HIGH" "woocommerce-product-addon 32.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "woocommerce-product-addon 24.0 Subscriber+.Settings.Update.to.Stored.XSS MEDIUM" "woocommerce-product-addon 18.4 Authenticated.Stored.XSS MEDIUM" "wpantiddos No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-ultimate-post-grid 4.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-grid-with-filters.Shortcode MEDIUM" "wp-ultimate-post-grid 3.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpupg-text.Shortcode MEDIUM" "ws-form 1.10.14 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form 1.9.245 Reflected.Cross-Site.Scripting.via.URL MEDIUM" "ws-form 1.9.244 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "ws-form 1.9.218 Unauthenticated.CSV.Injection MEDIUM" "ws-form 1.9.171 Authenticated(Administrator+).SQL.Injection MEDIUM" "ws-form 1.8.176 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "ws-form 1.8.176 Admin+.Stored.Cross-Site.Scripting LOW" "wp-politic 2.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-politic 2.3.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-ad-guru No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-munich-blocks 0.10.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-munich-blocks 0.11.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-munich-blocks 0.7.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wsm-downloader No.known.fix Domain.Name.Restriction.Bypass LOW" "wsm-downloader No.known.fix Unauthenticated.Arbitrary.File.Download HIGH" "wp-hijri 1.5.2 Reflected.XSS HIGH" "weglot 4.2.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Block.Attributes MEDIUM" "weglot 1.9.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-1-slider 1.3.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "woo-swatches-manager No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wcp-contact-form No.known.fix Reflected.XSS HIGH" "wp-to-twitter 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-to-twitter 3.3.0 Subscriber+.Arbitrary.Option.Update CRITICAL" "writersblok-ai 1.3.20 Reflected.Cross-Site.Scripting MEDIUM" "wwm-social-share-on-image-hover No.known.fix Admin+.Stored.XSS LOW" "wp-whatsapp-chat 6.0.5 Admin+.Stored.Cross-Site.Scripting LOW" "woo-cart-abandonment-recovery 1.2.27 Templates/Abandoned.Orders.Deletion.via.CSRF MEDIUM" "webp-express 0.14.8 Authenticated.Stored.XSS MEDIUM" "webp-express 0.14.11 Multiple.Issues HIGH" "wp-slimstat 5.2.7 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-slimstat 5.1.4 Subscriber+.Stored.XSS HIGH" "wp-slimstat 5.0.10 Contributor+.SQL.Injection MEDIUM" "wp-slimstat 5.0.9 Admin+.Stored.XSS LOW" "wp-slimstat 5.0.10 Contributor+.Stored.XSS MEDIUM" "wp-slimstat 5.0.5 Reflected.XSS HIGH" "wp-slimstat 5.0.5 Admin+.SQLi MEDIUM" "wp-slimstat 4.9.4 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3.3 Subscriber+.SQL.Injection HIGH" "wp-slimstat 4.9.3 Unauthenticated.Stored.XSS HIGH" "wp-slimstat 4.8.4 CSRF.to.Stored.XSS.and.Setting.Updates MEDIUM" "wp-slimstat 4.8.1 Unauthenticated.Stored.XSS.from.Visitors MEDIUM" "wp-advance-comment No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-advance-comment No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-advance-comment No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-projects-portfolio No.known.fix Reflected.XSS HIGH" "wp-projects-portfolio No.known.fix Stored.XSS.via.CSRF HIGH" "wp-social-stream No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Parameter MEDIUM" "wpb-elementor-addons 1.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-backup-manager No.known.fix Reflected.XSS HIGH" "woocommerce-abandoned-cart-pro 5.2.0 Unauthenticated.Stored.Cross-Site.Scripting.(XSS) CRITICAL" "web-instant-messenger No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-broken-images No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-social-seo-booster No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-time-slots-booking-form 1.2.11 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-time-slots-booking-form 1.2.12 Missing.Authorization MEDIUM" "wp-time-slots-booking-form 1.2.07 Unauthenticated.Price.Manipulation MEDIUM" "wp-time-slots-booking-form 1.1.82 Admin+.Stored.XSS LOW" "wp-time-slots-booking-form 1.1.63 Admin+.Stored.Cross-Site.Scripting LOW" "woo-multi-currency 2.2.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.get_products_price.Function HIGH" "woo-multi-currency 2.2.4 Reflected.Cross-Site.Scripting MEDIUM" "woo-multi-currency 2.1.18 Reflected.Cross-Site.Scripting MEDIUM" "wordsurvey No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.sounding_title.Parameter MEDIUM" "wp-responsive-testimonials-slider-and-widget No.known.fix Contributor+.Stored.XSS MEDIUM" "where-i-was-where-i-will-be No.known.fix Unauthenticated.Remote.File.Inclusion CRITICAL" "wp-clean-up No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-slide-categorywise No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-effects 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-effects 1.2.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-photo-effects 1.2.3 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-simple-anchors-links No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpanchor.Shortcode MEDIUM" "wot-elementor-widgets No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-extra 6.5 Cross-Site.Request.Forgery.ToolImport MEDIUM" "wp-extra 6.3 Missing.Authorization.to.Arbitrary.Email.Sending MEDIUM" "wp-extra 6.3 Subscriber+..htaccess.File.Modification HIGH" "wp-extra 6.3 Missing.Authorization.to.Export.Settings MEDIUM" "wp-smushit 3.16.5 Subscriber+.Resmush.List.Deletion MEDIUM" "wp-smushit 3.9.9 Admin+.Reflected.Cross-Site.Scripting LOW" "wp-smushit 3.0.0 Authenticated.Phar.Deserialization MEDIUM" "wp-smushit 2.7.6 File.Transversal HIGH" "wp-raptor No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-spell-check No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.18 Cross-Site.Request.Forgery MEDIUM" "wp-spell-check 9.13 Admin+.Stored.Cross-Site.Scripting LOW" "wp-spell-check 9.13 Ignored.Word.Deletion.via.CSRF MEDIUM" "wp-spell-check 9.3 Reflected.Cross-Site.Scripting HIGH" "wp-spell-check 7.1.10 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-header-notification No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Reflected.Cross-Site.Scripting MEDIUM" "widgets-on-pages 1.8.0 Contributor+.Stored.XSS MEDIUM" "widgets-on-pages 1.6.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-to-buffer 3.7.5 Reflected.Cross-Site.Scripting HIGH" "wp-social-broadcast No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "widget-countdown 2.7.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-reactions-lite 1.3.9 CSRF LOW" "wpmastertoolkit 1.14.0 Authenticated.(Admin+).Arbitrary.File.Download MEDIUM" "wpmastertoolkit 1.14.0 Authenticated.(Admin+).Arbitrary.File.Upload HIGH" "wp-awesome-buttons No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.btn2.Shortcode MEDIUM" "wp-customer-reviews 3.7.1 Malicious.Redirect.via.HTTP-EQUIV.Injection LOW" "wp-customer-reviews 3.6.7 Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-customer-reviews 3.6.7 Admin+.Stored.XSS MEDIUM" "wp-customer-reviews 3.5.6 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-customer-reviews 3.4.3 Multiple.Unauthenticated.and.Low.Priv.Authenticated.Stored.XSS CRITICAL" "wp-customer-reviews 3.0.9 CSRF.&.XSS HIGH" "wp-turnstile-cloudflare-captcha No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-social-login No.known.fix Contributor+.Stored.XSS MEDIUM" "wordpress-social-login No.known.fix Admin+.Stored.XSS LOW" "wordpress-social-login No.known.fix Reflected.XSS HIGH" "wp-full-stripe-free 7.0.18 Settings.Update.via.CSRF MEDIUM" "wp-full-stripe-free 7.0.6 Admin+.Stored.XSS LOW" "wp-full-stripe-free 7.0.6 Admin+.Stored.Cross-Site.Scripting MEDIUM" "wp-ajax-contact-form No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-ajax-contact-form No.known.fix Arbitrary.Email.Deletion.via.CSRF MEDIUM" "wp-multi-store-locator 2.5.2 Unauthenticated.SQL.Injection HIGH" "wp-multi-store-locator 2.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator 2.4.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-multi-store-locator 2.5.1 Contributor+.Stored.XSS MEDIUM" "wp-vipergb 1.6.2 Cross-Site.Request.Forgery MEDIUM" "wp-vipergb 1.13.16 XSS MEDIUM" "w3-total-cache 2.8.2 Subscriber+.Server-Side.Request.Forgery HIGH" "w3-total-cache 2.8.2 Unauthenticated.Plugin.Deactivation.and.Extensions.Activation/Deactivation MEDIUM" "w3-total-cache 2.8.2 Information.Exposure.via.Log.Files LOW" "w3-total-cache 2.7.6 Sensitive.Credentials.Stored.in.Plaintext LOW" "w3-total-cache 2.1.5 Reflected.XSS.in.Extensions.Page.(JS.Context) HIGH" "w3-total-cache 2.1.4 Reflected.XSS.in.Extensions.Page.(Attribute.Context) CRITICAL" "w3-total-cache 2.1.3 Authenticated.Stored.XSS MEDIUM" "w3-total-cache 0.9.7.4 Cryptographic.Signature.Bypass HIGH" "w3-total-cache 0.9.7.4 Blind.SSRF.and.RCE.via.phar HIGH" "w3-total-cache 0.9.7.4 Cross-Site.Scripting.(XSS) HIGH" "w3-total-cache 0.9.5 Information.Disclosure.Race.Condition CRITICAL" "wp-users-masquerade No.known.fix Authentication.Bypass HIGH" "wp-rss-aggregator 4.23.13 Missing.Authorization MEDIUM" "wp-rss-aggregator 4.23.12 Missing.Authorization.to.Authenticated.(Subscriber+).Feed.State.Update MEDIUM" "wp-rss-aggregator 4.23.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-rss-aggregator 4.23.6 Authenticated.(Admin+).Server-Side.Request.Forgery.via.RSS.Feed.Source LOW" "wp-rss-aggregator 4.23.5 Admin+.Stored.XSS MEDIUM" "wp-rss-aggregator 4.20 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-rss-aggregator 4.19.3 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wp-rss-aggregator 4.19.2 Admin+.Stored.Cross-Site.Scripting LOW" "wp-image-uploader No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-image-uploader No.known.fix Cross-Site.Request.Forgery.to.Arbitrary.File.Deletion HIGH" "wp-image-uploader No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "woocommerce-dropshipping No.known.fix Unauthenticated.Arbitrary.Email.Send MEDIUM" "woocommerce-dropshipping 4.4 Unauthenticated.SQLi HIGH" "wrapper-link-elementor 1.0.5 Injected.Backdoor CRITICAL" "wish-list-for-woocommerce-pro 3.1.3 3.1.2.-.Reflected.Cross-Site.Scripting.via.wtab.Parameter MEDIUM" "woo-moneybird No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpjam-basic 6.2.1.1 Contributor+.Stored.XSS MEDIUM" "wp-auto-republish 1.5.6.1 Subscriber+.Settings.Update/Access MEDIUM" "wp-auto-republish 1.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-auto-republish 1.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-responsive-photo-gallery 1.0.16 Authenticated.(Subscriber+).Limited.Server-Side.Request.Forgery MEDIUM" "wp-responsive-photo-gallery 1.0.4 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-photo-gallery 1.0.14 Reflected.XSS HIGH" "wp-responsive-photo-gallery 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "wp-link-bio No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-link-bio No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "w3swoozoho 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-music-player No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-cleanfix 5.7.0 Subscriber+.Post/Comment/Post.Meta.Content.Replacement MEDIUM" "wp-cleanfix 3.0.2 Remote.Comm&.Execution,.CSRF.&.XSS HIGH" "wp-wc-affiliate-program 8.5.0 Authentication.Bypass.to.Account.Takeover.and.Privilege.Escalation CRITICAL" "wp-championship 9.3 Multiple.CSRF MEDIUM" "wordpress-seo 22.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 22.6 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-seo 21.1 Authenticated.(Seo.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wordpress-seo 17.3 Unauthenticated.Full.Path.Disclosure NONE" "wordpress-seo 11.6 Authenticated.Stored.XSS CRITICAL" "wordpress-seo 9.2 Authenticated.Race.Condition MEDIUM" "wordpress-seo 5.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-seo 3.4.1 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wc-affiliate No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.wf-export-all MEDIUM" "wc-affiliate 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-affiliate 2.4 Reflected.XSS HIGH" "wha-puzzle No.known.fix Contributor+.Stored.XSS MEDIUM" "woo-total-sales No.known.fix Missing.Authorization.to.Unauthenticated.Sales.Report.Retrieval MEDIUM" "woocommerce-social-media-share-buttons No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-vertical-image-slider 1.2.17 .Reflected.XSS HIGH" "wp-vertical-image-slider 1.2.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-vertical-image-slider 1.2 Cross-Site.Scripting.&.CSRF CRITICAL" "wp-security-hardening 1.2.7 Unauthenticated.Security.Feature.Bypass.to.Username.Enumeration MEDIUM" "wp-security-hardening 1.2.2 Reflected.XSS.via.historyvalue HIGH" "wp-security-hardening 1.2.2 Reflected.XSS.via.URI MEDIUM" "widgets-controller No.known.fix Unauthenticated.Cross-Site.Scripting MEDIUM" "wp-2fa 2.6.4 Unauthenticated.Information.Exposure.via.Log.File MEDIUM" "wp-2fa 2.6.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.6.0 Arbitrary.Email.Sending.via.CSRF MEDIUM" "wp-2fa 2.6.0 Subscriber+.Arbitrary.Email.Sending MEDIUM" "wp-2fa 2.3.0 Time-Based.Side-Channel.Attack MEDIUM" "wp-2fa 2.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-2fa 2.2.0 Arbitrary.2FA.Disabling.via.IDOR MEDIUM" "wordpress-access-control No.known.fix Improper.Access.Control.to.Sensitive.Information.Exposure.via.REST.API MEDIUM" "wp-contest No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-contest No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "woo-conditional-product-fees-for-checkout 3.9.3.2 Reflected.Cross-Site.Scripting MEDIUM" "woo-conditional-product-fees-for-checkout 3.8.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "website-monetization-by-magenet 1.0.29.2 Cross-Site.Request.Forgery MEDIUM" "woocommerce-es 2.1 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-es 2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-product-sort-and-display 2.4.2 Missing.Authorization MEDIUM" "wp-mobile-detector 3.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-to-hootsuite 1.3.9 Reflected.Cross-Site.Scripting HIGH" "wp-mpdf 3.8 Reflected.Cross-Site.Scripting MEDIUM" "wp-mpdf 3.5.2 CSRF.Bypass.in.Multiple.Plugins MEDIUM" "wpcs-wp-custom-search No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "webful-simple-grocery-shop No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-mailer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-group No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-collections 1.7.0 Unauthenticated.SQL.Injection CRITICAL" "woocommerce-collections 1.7.0 Missing.Authorization.to.Unauthenticated.Arbitrary.Post/Page.Deletion MEDIUM" "woo-producttables-pro 1.9.5 Unauthenticated.Arbitrary.SQL.Execution CRITICAL" "wp-paytm-pay No.known.fix Donation.Plugin.<=.1.3.2.-.Authenticated.(admin+).SQL.Injection MEDIUM" "wp-recall 16.26.12 Unauthenticated.SQL.Injection HIGH" "wp-recall 16.26.12 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Shortcode.Exeuction MEDIUM" "wp-recall 16.26.12 Authenticated.(Contributor+).Protected.Post.Disclosure MEDIUM" "wp-recall 16.26.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-recall 16.26.12 Admin+.SQL.Injection MEDIUM" "wp-recall 16.26.9 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Password.Update CRITICAL" "wp-recall 16.26.7 Unauthenticated.Payment.Deletion.via.delete_payment MEDIUM" "wp-recall 16.26.7 Cross-Site.Request.Forgery MEDIUM" "wp-recall 16.26.6 Unauthenticated.SQL.Injection CRITICAL" "wp-recall 16.26.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "wp-recall 16.26.6 Insecure.Direct.Object.Reference MEDIUM" "wp-recall 16.24.48 Reflected.Cross-Site.Scripting HIGH" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Missing.Authorization MEDIUM" "wp-job-manager-resumes 2.2.0 Resume.Manager.<.2.2.0.-.Cross-Site.Request.Forgery MEDIUM" "wp-file-download-light No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-payment-form 4.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-payment-form 4.2.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-editormd 10.0.4 Cross-Site.Scripting.(XSS) MEDIUM" "woo-seo-content-randomizer-addon 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-product-slider-and-carousel-with-category 2.8 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wisdm-reports-for-learndash 1.8.2.2 Reports.Free.<.1.8.2.2.-.Missing.Authorization.to.Plugin.Settings.Update MEDIUM" "wats 1.0.64 Authenticated.Stored.Cross-Site.Scripting.(XSS) LOW" "woocommerce-help-scout 2.9.1 Unauthenticated.Arbitrary.File.Upload.leading.to.RCE CRITICAL" "wpbrutalai 2.06 Admin+.Stored.XSS LOW" "wpbrutalai 2.0.0 SQL.Injection.via.CSRF HIGH" "wpbrutalai 2.0.1 Admin+.Reflected.XSS HIGH" "wp-hotel-booking 2.1.7 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Retrieval MEDIUM" "wp-hotel-booking 2.1.6 Missing.Authorization MEDIUM" "wp-hotel-booking No.known.fix Contributor+.Local.File.Inclusion HIGH" "wp-hotel-booking 2.1.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wp-hotel-booking 2.1.1 Unauthenticated.SQL.Injection CRITICAL" "wp-hotel-booking 2.0.9.3 Missing.Authorization MEDIUM" "wp-hotel-booking 2.0.9.3 Improper.Authorization.on.Multiple.REST.API.Routes MEDIUM" "wp-hotel-booking 2.0.8 Subscriber+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.8 Unauthenticated.SQLi HIGH" "wp-hotel-booking 2.0.9 Contributor+.Arbitrary.Post.Deletion MEDIUM" "wp-hotel-booking 2.0.1 Unauthenticated.Arbitrary.Settings.Update HIGH" "wp-hotel-booking 1.10.6 CSRF MEDIUM" "wp-hotel-booking 1.10.4 Unauthenticated.PHP.Object.Injection HIGH" "wp-hotel-booking 1.10.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "writer-helper No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wise-forms No.known.fix Unauthenticated.Stored.XSS HIGH" "wphelpful No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "windsor-strava-athlete No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "windsor-strava-athlete No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-spid-italia 2.12 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-spid-italia 2.3.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-armour-extended 1.32 Cross-Site.Request.Forgery MEDIUM" "wp-armour-extended 1.32 Reflected.Cross-Site.Scripting MEDIUM" "wpshopgermany-protectedshops 2.1 Admin+.Stored.XSS LOW" "wc-tabs No.known.fix Authentiated.(Shop.Manager+).PHP.Object.Injection.in.product_has_custom_tabs HIGH" "waitlist-woocommerce 2.7.6 Reflected.Cross-Site.Scripting MEDIUM" "waitlist-woocommerce 2.6.1 Missing.Authorization MEDIUM" "waitlist-woocommerce 2.5.3 Settings.Reset.via.CSRF MEDIUM" "waitlist-woocommerce 2.5.1 Various.Versions.CSRF.to.Arbitrary.Options.Update HIGH" "woocommerce-warranties-and-returns 5.3.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "wp-mailing-group No.known.fix Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-mailing-group No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordable 3.1.2 Plugin's.Authentication.Bypass HIGH" "wp-additional-logins No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-emoji-one No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-media-category-management 2.4.0 2.3.3.-.Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-media-category-management 2.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-media-category-management 2.1.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-reply-notify No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-parsidate 5.1.2 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "wp-parsidate 4.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-flybox No.known.fix CSRF MEDIUM" "wysija-newsletters 2.8.2 Spam.Vulnerability MEDIUM" "wp-image-slideshow 12.1 .Authenticated.(Subscriber+).SQL.Injection.via.Shortcode HIGH" "wpzoom-addons-for-beaver-builder 1.3.6 Authenticated.(Editor+).Local.File.Inclusion HIGH" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Testimonials.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Heading.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Image.Box.Widget MEDIUM" "wpzoom-addons-for-beaver-builder 1.3.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Team.Members.Widget MEDIUM" "wp-insurance 2.1.4 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-menu-image 2.3 Unauthenticated.Menu.Image.Deletion MEDIUM" "wp-menu-image 2.3 Missing.Authorization.to.Unauthenticated.Menu.Image.Deletion MEDIUM" "wc-ciudades-y-regiones-de-chile No.known.fix Cross-Site.Request.Forgery.via.multiple.functions MEDIUM" "woo-add-to-quote 1.5.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-add-to-quote 1.4.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-order-limit-lite 3.0.3 Missing.Authorization MEDIUM" "wc-order-limit-lite 2.0.1 Missing.Authorization MEDIUM" "wp-category-dropdown 1.9 Contributor+.Stored.XSS MEDIUM" "woowgallery 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "woowgallery 1.1.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.6 Settings.Update.via.CSRF MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers 2.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Review.Restriction.Bypass MEDIUM" "wp-ultimate-review 2.3.0 Missing.Authorization MEDIUM" "wp-ultimate-review 2.3.0 Unauthenticated.Insecure.Direct.Object.Reference MEDIUM" "wp-ultimate-review No.known.fix IP.Spoofing MEDIUM" "wp-ultimate-review 2.3.1 Settings.Update.via.CSRF MEDIUM" "wp-ultimate-review 2.1.0 Admin+.Stored.XSS LOW" "wp-ultimate-review 2.1.0 Settings.Update.via.CSRF MEDIUM" "wp-ecommerce-paypal 1.9.1 Unauthenticated.Open.Redirect HIGH" "wp-ecommerce-paypal 1.9 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-ecommerce-paypal 1.8.2 Cross-Site.Request.Forgery MEDIUM" "wp-ecommerce-paypal 1.7.4 Contributor+.Stored.XSS.in.Shortcode MEDIUM" "wp-ecommerce-paypal 1.7.3 CSRF.to.Stored.Cross-Site.Scripting HIGH" "woocommerce-box-office 1.2.3 Missing.Authorization MEDIUM" "woocommerce-box-office 1.1.51 Contributor+.Stored.XSS MEDIUM" "woocommerce-box-office 1.1.52 Unauthenticated.Ticket.Barcode.Update MEDIUM" "wp-crontrol 1.16.2 Remote.Code.Execution MEDIUM" "woo-bulk-edit-products 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "woo-bulk-edit-products 1.7.13 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-simple-firewall 20.0.6 Reflected.XSS HIGH" "wp-simple-firewall 19.1.11 Cross-Site.Request.Forgery MEDIUM" "wp-simple-firewall 18.5.10 Unauthenticated.Local.File.Inclusion CRITICAL" "wp-simple-firewall 18.5.8 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-simple-firewall 17.0.18 Unauthenticated.Stored.XSS HIGH" "wp-simple-firewall 17.0.18 Subscriber+.Arbitrary.Log.Entry.Creation MEDIUM" "wp-simple-firewall 13.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-mylinks 1.0.7 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-server-stats 1.7.8 Injected.Backdoor CRITICAL" "wp-server-stats 1.7.4 Cross-Site.Request.Forgery MEDIUM" "wp-server-stats 1.7.0 Admin+.Stored.Cross-Site.Scripting LOW" "wbcom-designs-buddypress-search No.known.fix Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Arbitrary.Post.Deletion MEDIUM" "woocommerce-wholesale-pricing 2.3.1 Unauthenticated.Information.Exposure MEDIUM" "wp-t-wap No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-table-manager 4.1.4 Missing.Authorization.to.Authenticated.(Subscriber+).Directory.Traversal.to.Folder/File.Name.Disclosure MEDIUM" "wp-table-manager 3.5.3 Contributor+.Stored.XSS MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-custom-field-for-gutenberg-editor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woo-extra-cost No.known.fix CSRF.Bypass MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.7 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.1 Cross-Site.Request.Forgery MEDIUM" "wp-responsive-video-gallery-with-lightbox 1.0.23 Reflected.XSS HIGH" "wp-user-control No.known.fix Unauthenticated.password.reset MEDIUM" "woo-whatsapp-request-quote No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wcsm-search-merchandising No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcsm-search-merchandising No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-like-button No.known.fix Missing.Authorization.via.crublabFBLBAjax LOW" "wp-like-button No.known.fix Button.Settings.Update.via.CSRF MEDIUM" "wp-like-button 1.6.4 Auth.Bypass MEDIUM" "wp-plugin-manager 1.1.8 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "wp-remote-users-sync 1.2.13 Subscriber+.SSRF HIGH" "wp-remote-users-sync 1.2.12 Subscriber+.Log.Access MEDIUM" "wp-next-post-navi No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-news-magazine 1.2.0 Arbitrary.Plugin.Activation.via.CSRF MEDIUM" "woo-custom-profile-picture No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "widgetize-pages-light No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-news-sliders No.known.fix Missing.Authorization MEDIUM" "widget-extend-builtin-query 1.06 Reflected.Cross-Site.Scripting MEDIUM" "wp-registration 6.0 Missing.Authorization.to.User.Deletion CRITICAL" "wp-registration No.known.fix Unauthenticated.Account.Takeover CRITICAL" "wowpth No.known.fix Reflected.XSS HIGH" "wowpth No.known.fix Reflected.XSS HIGH" "widget-post-slider 1.3.6 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-dynamic-keywords-injector 2.3.22 Reflected.Cross-Site.Scripting MEDIUM" "wp-dynamic-keywords-injector 2.3.16 Settings.Update.via.CSRF MEDIUM" "wp-sendfox No.known.fix Unauthenticated.Information.Disclosure MEDIUM" "wp-sendfox 1.3.1 Missing.Authorization MEDIUM" "wpradio No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpcal 0.9.5.9 Cross-Site.Request.Forgery MEDIUM" "wp-flickr-press No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpp-customization No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wsecure No.known.fix Admin+.Stored.XSS LOW" "wsecure 2.4 Remote.Code.Execution.(RCE) HIGH" "woocommerce-bulk-stock-management 2.2.34 Reflected.XSS HIGH" "widget-detector-elementor 1.2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-vk 1.3.4 Cross-Site.Request.Forgery.via.AJAX.actions MEDIUM" "wte-elementor-widgets 1.3.8 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wholesale-market 2.2.1 Unauthenticated.Arbitrary.File.Download HIGH" "wholesale-market 2.2.2 Settings.Update.via.CSRF MEDIUM" "world-travel-information No.known.fix Reflected.Cross-Site.Scripting HIGH" "wp-performance-score-booster 2.1 Settings.Change.via.CSRF MEDIUM" "wp-custom-author-url 1.0.5 Admin+.Stored.XSS LOW" "wp-seo-keyword-optimizer No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-seo-keyword-optimizer No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-seo-keyword-optimizer 2.1.9.8 Subscriber+.Arbitrary.Option.Update CRITICAL" "website-testimonials 6.1.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-limits No.known.fix Plugin's.Settings.Update.via.CSRF MEDIUM" "web-testimonials No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wptf-image-gallery No.known.fix Remote.File.Download HIGH" "wp-pagebuilder No.known.fix Admin+.Stored.Cross-Site LOW" "wp-pagebuilder 1.2.7 Author+.Stored.XSS MEDIUM" "wp-pagebuilder 1.2.4 Insecure.default.configuration.Allows.Subscribers.Editing.Access.to.Posts MEDIUM" "wp-pagebuilder 1.2.4 Multiple.Stored.Cross-Site.scripting.(XSS) MEDIUM" "wphrm 1.1 Authenticated.SQL.Injection HIGH" "wp-ticket-ultra No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "wp-nested-pages 3.2.13 Contributor+.Stored.XSS MEDIUM" "wp-nested-pages 3.2.10 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-nested-pages 3.2.9 Editor+.Stored.XSS LOW" "wp-nested-pages 3.2.8 Cross-Site.Request.Forgery.to.Local.File.Inclusion HIGH" "wp-nested-pages 3.2.7 Admin+.Stored.XSS LOW" "wp-nested-pages 3.2.4 Editor+.Plugin.Settings.Reset LOW" "wp-nested-pages 3.1.21 Admin+.Stored.Cross.Site.Scripting LOW" "wp-nested-pages 3.1.16 Open.Redirect MEDIUM" "wp-nested-pages 3.1.16 CSRF.to.Arbitrary.Post.Deletion.and.Modification HIGH" "wpbot-pro 13.5.6 Missing.Authorization.to.Authenticated.(Subscriber+).Simple.Text.Response.Creation MEDIUM" "wpbot-pro 13.5.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woo-wallet 1.5.7 Subscriber+.Funds.Creation MEDIUM" "woo-wallet 1.5.5 Authenticated.(Subscriber+).SQL.Injection.via.'search[value]' HIGH" "woo-wallet 1.5.1 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "woo-wallet 1.4.11 Missing.Authorization.to.Authenticated.(Subscriber+).User.Email.Export MEDIUM" "woo-wallet 1.4.4 For.WooCommerce.<.1.4.4.-.Subscriber+.Arbitrary.Wallet.Lock/Unlock.via.IDOR MEDIUM" "woo-wallet 1.4.0 Settings.Update.via.CSRF MEDIUM" "wpmm-memory-meter 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-counter-up 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-counter-up 2.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-forms-puzzle-captcha No.known.fix Captcha.Bypass MEDIUM" "wp-forms-puzzle-captcha No.known.fix Cross-Site.Request.Forgery.to.Cross-Site.Scripting MEDIUM" "wp-forms-puzzle-captcha No.known.fix CSRF MEDIUM" "wp-mmenu-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-smart-tool-tip No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wd-google-analytics No.known.fix Missing.Authorization.via.gawd_wd_bp_install_notice_status MEDIUM" "wd-google-analytics 1.2.9 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-sitemap No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-pdf-generator 1.2.3 Cross-Site.Request.Forgery MEDIUM" "wp-s3-smart-upload 1.5.1 Missing.Authorization MEDIUM" "widgetkit-for-elementor No.known.fix Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Templates MEDIUM" "widgetkit-for-elementor 2.5.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor 2.5.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "widgetkit-for-elementor No.known.fix Missing.Authorization.to.Notice.Dismissal NONE" "widgetkit-for-elementor No.known.fix Contributor+.Stored.XSS MEDIUM" "widgetkit-for-elementor 2.4.4 WidgetKit.<.2.4.4.-.Admin+.Stored.XSS LOW" "widgetkit-for-elementor 2.3.10 WidgetKit.<.2.3.10.-.Contributor+.Stored.XSS MEDIUM" "wp-admin-notification-center 2.3.3 Settings.Update.via.CSRF MEDIUM" "woc-open-close 4.9.2 Missing.Authorization MEDIUM" "woo-pricing-table 1.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wordapp No.known.fix Authorization.Bypass.via.Insufficiently.Unique.Cryptographic.Signature CRITICAL" "wp-dev-powers-acf-color-coded-field-types No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-headmaster No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-shipping-dpd-baltic 1.2.84 Reflected.Cross-Site.Scripting HIGH" "woo-shipping-dpd-baltic 1.2.57 DPD.baltic.<.1.2.57.-.Subscriber+.Arbitrary.Options.Deletion HIGH" "woo-shipping-dpd-baltic 1.2.11 DPD.baltic.<.1.2.11.-.Admin+.Stored.XSS MEDIUM" "wp-heyloyalty No.known.fix Unauthenticated.RCE.via.PHPUnit CRITICAL" "wp-js-impress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-private-message 1.0.6 Private.Message.Disclosure.via.IDOR MEDIUM" "wp2leads 3.4.3 Reflected.Cross-Site.Scripting MEDIUM" "wp2leads 3.3.4 Reflected.Cross-Site.Scripting MEDIUM" "wp2leads 3.2.8 Missing.Authorization MEDIUM" "worpit-admin-dashboard-plugin 4.5.0 Unauthenticated.PHP.Object.Injection CRITICAL" "woo-additional-fees-on-checkout-wordpress 1.4.8 Reflected.Cross-Site.Scripting.via.'number' MEDIUM" "we-client-logo-carousel No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-google-my-business-auto-publish 3.8 Multiple.CSRF MEDIUM" "wp-google-my-business-auto-publish 3.4 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-geonames 1.9.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-geonames 1.9 Reflected.Cross-Site.Scripting MEDIUM" "wootrello 3.2.6 Reflected.Cross-Site.Scripting MEDIUM" "wootrello 2.3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-dialog No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "wp-discord-invite 2.5.2 Admin+.Stored.Cross.Site.Scripting LOW" "wp-discord-invite 2.5.1 Arbitrary.Settings.Update.via.CSRF HIGH" "wp-discord-invite 2.5.1 Reflected.Cross-Site.Scripting.via.webhook MEDIUM" "woocommerce-predictive-search 6.1.0 Reflected.Cross-Site.Scripting MEDIUM" "website-file-changes-monitor 2.1.1 Authenticated.SQL.Injection MEDIUM" "website-file-changes-monitor 2.1.0 Admin+.Authenticated.SQL.Injection MEDIUM" "website-file-changes-monitor 1.8.3 Admin+.SQLi MEDIUM" "wp-yadisk-files No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-yadisk-files No.known.fix Admin+.Stored.XSS LOW" "webmaster-tools-verification No.known.fix Unauthenticated.Arbitrary.Plugin.Deactivation HIGH" "wp-reroute-email 1.4.8 Improper.Neutralization.of.Special.Elements.used.in.an.SQL.Command.('SQL.Injection') MEDIUM" "wp-reroute-email 1.4.8 Cross-Site.Request.Forgery HIGH" "wpdash-notes No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure MEDIUM" "wp-social-bookmarking-light No.known.fix Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wp-social-bookmarking-light 1.7.10 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-backpack No.known.fix Admin+.Stored.XSS LOW" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woorocks-magic-content-for-siteorigins-pagebuilder No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "whizz 1.1.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "whizz 1.0.8 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-responsive-slab-text 0.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-limit-failed-login-attempts 5.6 Unauthenticated.SQL.Injeciton HIGH" "wp-limit-failed-login-attempts 5.4 IP.Address.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "wp-limit-failed-login-attempts 5.1 Unauthenticated.SQLi HIGH" "wp-limit-failed-login-attempts 2.9 Arbitrary.Plugin.Installation/Activation.via.Low.Privilege.User CRITICAL" "wp-limit-failed-login-attempts 3.1 Arbitrary.Plugin.Installation/Activation.via.CSRF CRITICAL" "wp-simple-post-view 2.0.1 Post.View.Data.Reset.via.CSRF MEDIUM" "wp-social-sharing No.known.fix Admin+.Stored.XSS LOW" "wp-display-users No.known.fix Authenticated.SQL.Injection MEDIUM" "wc-product-customer-list 3.1.5 Reflected.Cross-Site.Scripting MEDIUM" "wc-product-customer-list 3.0.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-category-posts-list No.known.fix Cross-Site.Request.Forgery.via.gen_set_page MEDIUM" "wp-category-posts-list No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-security-pro 4.2.1 Admin+.Stored.Cross-Site.Scripting LOW" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core 2.7 Reflected.XSS HIGH" "wpb-show-core 2.6 Reflected.XSS HIGH" "wpb-show-core No.known.fix Unauthenticated.Server.Side.Request.Forgery MEDIUM" "wpb-show-core No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "wpb-show-core No.known.fix Reflected.Cross-Site.Scripting HIGH" "wadi-addons-for-elementor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "white-label-cms 2.7.5 Reflected.Cross-Site.Scripting MEDIUM" "white-label-cms 2.7.4 Missing.Authorization.to.Plugin.Settings.Reset MEDIUM" "white-label-cms 2.5 Admin+.PHP.Object.Injection LOW" "white-label-cms 2.2.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-less-compiler No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wpdeepl 2.4.1.2 Log.Pruning.via.CSRF MEDIUM" "wpdeepl 1.7.5 API.Key.Disclosure MEDIUM" "wpstream 4.5.5 Local.Event.Settings.Update.via.CSRF MEDIUM" "wpstream 4.4.10.6 Settings.Update.via.CSRF MEDIUM" "woocommerce-germanized 3.9.5 Reflected.Cross-Site.Scripting MEDIUM" "woo-recargo-de-equivalencia No.known.fix Cross-Site.Request.Forgery MEDIUM" "wp-calendar No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-stripe-global-payments 3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-global-payments 3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wxsync No.known.fix Contributor+.Stored.XSS MEDIUM" "wpzoom-portfolio 1.4.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.align.Attribute MEDIUM" "wpzoom-portfolio 1.2.2 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-members 3.4.9.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpmem_loginout.Shortcode MEDIUM" "wp-members 3.4.9.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-members 3.4.9.4 Unprotected.Storage.of.Potentially.Sensitive.Files MEDIUM" "wp-members 3.4.9.3 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-members 3.4.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-members 3.4.9 Contributor+.Sensitive.Information.Exposure MEDIUM" "wp-members 3.4.8 Subscriber+.Unauthorized.Plugin.Settings.Update MEDIUM" "wp-members 3.2.8.1 Cross-Site.Request.Forgery.(CSRF) HIGH" "wp-members 3.1.8 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "woosaleskit-bar No.known.fix Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-prayer No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-prayer No.known.fix Arbitrary.Prayer.Deletion.via.CSRF MEDIUM" "wp-prayer No.known.fix Email.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.9.7 Admin+.Stored.XSS LOW" "wp-prayer 1.5.5 Unauthorised.AJAX.call.via.CSRF MEDIUM" "wp-prayer 1.6.6 Cross-Site.Request.Forgery MEDIUM" "wp-prayer 1.6.7 Arbitrary.Plugin.Settings.Update.via.CSRF MEDIUM" "wp-prayer 1.6.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) HIGH" "wordpress-form-manager 1.7.3 Authenticated.Remote.Command.Execution.(RCE) CRITICAL" "wp-facebook-reviews 12.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 13.0 Admin+.Stored.XSS LOW" "wp-facebook-reviews 3.6 Reflected.Cross-Site.Scripting MEDIUM" "wp-facebook-reviews 12.2 Subscriber+.SQLi HIGH" "wp-facebook-reviews 11.0 Admin+.SQL.Injection MEDIUM" "wp-post-list-table 1.0.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wbcom-designs-buddypress-ads 1.3.1 Subscriber+.Arbitrary.Plugin.Installation,.Activation.and.Deactivation HIGH" "wpsimpletools-log-viewer No.known.fix Cross-Site.Request.Forgery.via.wpst_lw_viewer MEDIUM" "wptools-masonry-gallery-posts-for-divi 3.5.1 Reflected.Cross-Site.Scripting MEDIUM" "wptools-masonry-gallery-posts-for-divi 3.1.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wishlist-and-compare 1.0.5 Unauthorised.AJAX.call HIGH" "wizhi-multi-filters No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "woocommerce-order-barcodes 1.6.5 Cross-Site.Request.Forgery MEDIUM" "widgets-for-thumbtack-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wpgsi-professional 3.6.0 CSRF.Bypass MEDIUM" "wpgsi-professional 3.6.0 Reflected.Cross-Site.Scripting HIGH" "wpkoi-templates-for-elementor 3.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpkoi-templates-for-elementor 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpkoi-templates-for-elementor 2.5.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "wpkoi-templates-for-elementor 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Advanced.Heading.Widget MEDIUM" "wp-management-controller No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-user-extra-fields 16.7 Missing.Authorization.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "wp-user-extra-fields 16.7 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "wp-user-extra-fields 16.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wc-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wp-responsive-thumbnail-slider 1.0.5 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-responsive-thumbnail-slider 1.0.1 Cross-Site.Request.Forgery.to.Mass.Slider.Deletion MEDIUM" "wp-responsive-thumbnail-slider 1.1.10 Reflected.XSS HIGH" "wp-responsive-thumbnail-slider 1.0.1 Authenticated.Shell.Upload.&.CSRF HIGH" "wp-responsive-thumbnail-slider 1.0.1 Stored.Cross-Site.Scripting.(XSS).&.CSRF HIGH" "world-prayer-time No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-gallery-metabox No.known.fix Settings.Update.via.CSRF MEDIUM" "wp-pipes 1.4.2 Reflected.Cross-Site.Scripting.via.x1.Parameter MEDIUM" "wp-pipes 1.4.1 CSRF MEDIUM" "wp-pipes 1.4.0 Admin+.SQLi MEDIUM" "wp-dev-powers-element-selector-jquery-powers No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-edit-menu No.known.fix Arbitrary.Post.Deletion.via.CSRF MEDIUM" "wp-edit-menu 1.5.0 Unauthenticated.Arbitrary.Post.Deletion HIGH" "weforms 1.6.24 Use.of.Polyfill.io MEDIUM" "weforms 1.6.21 Missing.Authorization MEDIUM" "weforms 1.6.22 Unauthenticated.Stored.Cross-Site.Scripting.via.Referer HIGH" "weforms 1.6.19 Missing.Authorization.via.export_form_entries MEDIUM" "weforms 1.6.18 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "weforms 1.6.14 Admin+.Stored.Cross-Site.Scripting LOW" "weforms 1.6.4 CSV.Injection MEDIUM" "wovax-idx No.known.fix Missing.Authorization.to.Privilege.Escalation HIGH" "wr-price-list-for-woocommerce No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "website-article-monetization-by-magenet 1.0.12 Unauthenticated.Stored.XSS HIGH" "wptemplata 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "wc-peach-payments-gateway 3.2.0 Missing.Authorization.via.peach_core_version_rollback() MEDIUM" "woocommerce-2checkout-payment No.known.fix Missing.Authorization.via.sniff_ins MEDIUM" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).SQL.Injection MEDIUM" "wp-survey-and-poll No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-foodbakery 4.8 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-foodbakery 4.8 Unauthenticated.Privilege.Escalation.in.foodbakery_registration_validation CRITICAL" "wp-foodbakery No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-foodbakery No.known.fix Authentication.Bypass CRITICAL" "wp-foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-security-audit-log-premium 4.6.4.1 Authenticated.(Subscriber+).SQL.Injection HIGH" "wpex-replace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-meetup No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Update MEDIUM" "woo-product-tables 2.1.3 Unuthenticated.SQL.Injection HIGH" "woo-product-tables 2.0.2 Unauthenticated.Remote.Code.Execution CRITICAL" "woo-product-tables 1.8.7 Cross-Site.Request.Forgery.via.saveGroup MEDIUM" "wpgenious-job-listing No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-action-network No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-action-network 1.4.4 Admin+.SQLi MEDIUM" "wp-action-network 1.4.3 Reflected.Cross-Site.Scripting.via.'search' MEDIUM" "wcc-seo-keyword-research No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wcc-seo-keyword-research No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-fusion-lite 3.43.0 Information.Exposure MEDIUM" "wp-fusion-lite 3.42.10 Authenticated.(Contributor+).Remote.Code.Execution HIGH" "wp-fusion-lite 3.37.31 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-fusion-lite 3.37.30 CSRF.to.Data.Deletion MEDIUM" "wp-fusion-lite 3.37.30 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wd-instagram-feed 1.4.29 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wd-instagram-feed 1.3.1 XSS MEDIUM" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wp-edit-username 1.0.6 Admin+.Stored.XSS LOW" "wow-entrance-effects-wee No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-video-gallery-free No.known.fix Unauthenticated.SQLi HIGH" "wtyczka-seopilot-dla-wp No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-tweet-walls 1.0.4 Cross-Site.Request.Forgery MEDIUM" "woo-bought-together 7.2.0 Missing.Authorization MEDIUM" "woo-bought-together 7.0.4 Missing.Authorization MEDIUM" "wp-ses 1.4.5 Stored.Cross-Site.Scripting.(XSS) HIGH" "wp-mlm No.known.fix Unauthenticated.Privilege.Escalation CRITICAL" "wp-mlm No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-express-checkout 2.3.8 Unauthenticated.Price.Manipulation MEDIUM" "wp-express-checkout 2.2.9 Admin+.Stored.XSS LOW" "wallet-system-for-woocommerce 2.6.3 Cross-Site.Request.Forgery MEDIUM" "wallet-system-for-woocommerce 2.6.3 Missing.Authorization MEDIUM" "wallet-system-for-woocommerce 2.5.14 Information.Exposure.via.Log.Files MEDIUM" "wallet-system-for-woocommerce 2.5.10 Cross-Site.Request.Forgery MEDIUM" "wp-super-minify 1.6 Settings.Update.via.CSRF MEDIUM" "woo-update-variations-in-cart No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-total-branding 1.3 Authenticated.(Administrator+).Stored.Cross-Site.Scripting.via.title.Parameter MEDIUM" "wp-cloud-server 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-gateway-amazon-payments-advanced 2.0.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-users-media No.known.fix Cross-Site.Request.Forgery.in.wpusme_save_settings MEDIUM" "wp-users-media No.known.fix Missing.Authorization.via.wpusme_save_settings MEDIUM" "wp-top-news 2.3.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-top-news 2.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "webpushr-web-push-notifications 4.36.0 Reflected.Cross-Site.Scripting MEDIUM" "webpushr-web-push-notifications 4.35.0 Unauthenticated.Stored.XSS HIGH" "webpushr-web-push-notifications 4.35.0 LFI.via.CSRF MEDIUM" "wpb-advanced-faq No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-rss-by-publishers No.known.fix Admin+.SQLi MEDIUM" "wp-symposium No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Product.Editing HIGH" "wp-cart-for-digital-products 8.5.6 Reflected.XSS.in.Customer.Search HIGH" "wp-cart-for-digital-products 8.5.6 Settings.Reset.via.CSRF MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Category.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Discount.Editing HIGH" "wp-cart-for-digital-products 8.5.5 Coupon.Deletion.via.CSRF MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.via.$_SERVER['REQUEST_URI'] MEDIUM" "wp-cart-for-digital-products 8.5.5 Reflected.XSS.in.Customer.Editing HIGH" "wp-bannerize-pro 1.9.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "wp-bannerize-pro 1.7.0 Reflected.XSS HIGH" "woo-enviopack No.known.fix Reflected.Cross-Site.Scripting HIGH" "woocustomizer 2.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-client-reports 1.0.23 Cross-Site.Request.Forgery MEDIUM" "wp-maintenance 6.1.9.3 IP.Spoofing.to.Maintenance.Mode.Bypass MEDIUM" "wp-maintenance 6.1.7 Information.Exposure MEDIUM" "wp-maintenance 6.1.4 IP.Restriction.Bypass MEDIUM" "wp-maintenance 6.0.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 6.0.6 Admin+.Stored.Cross-Site.Scripting LOW" "wp-maintenance 5.0.7 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting HIGH" "wcs-qr-code-generator No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woocommerce-store-toolkit 2.3.9 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-store-toolkit 2.3.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-store-toolkit 2.3.2 Reflected.Cross-Site.Scripting HIGH" "woocommerce-store-toolkit 1.5.8 Privilege.Escalation CRITICAL" "woocommerce-store-toolkit 1.5.7 Store.Toolkit.Plugin.<=.1.5.6.-.Privilege.Escalation CRITICAL" "wp-rest-user No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-rest-user No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-custom-product-tabs-lite 1.9.1 Authenticated.(Shop.Manager+).PHP.Object.Injection HIGH" "wp-cerber 9.5 IP.Protection.Bypass MEDIUM" "wp-cerber 9.2 Unauthenticated.Stored.XSS HIGH" "wp-cerber 9.3.3 User.Enumeration.Bypass.via.Rest.API LOW" "wp-cerber 9.1 Username.Enumeration.Bypass MEDIUM" "wp-cerber 8.9.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-cerber 8.9.3 Rest-API.Protection.Bypass MEDIUM" "wp-cerber 8.9.3 2FA.Authentication.Bypass MEDIUM" "wp-cerber 2.7 Unauthenticated.Stored.XSS MEDIUM" "w-dalil No.known.fix Admin+.Stored.Cross-Site.Scripting LOW" "wp-weixin-robot No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpmovielibrary No.known.fix Reflected.XSS HIGH" "who-hit-the-page-hit-counter No.known.fix Authenticated.(Administrator+).SQL.Injection HIGH" "who-hit-the-page-hit-counter No.known.fix CSRF MEDIUM" "who-hit-the-page-hit-counter No.known.fix Hit.Counter.<=.1.4.14.3.-.Reflected.XSS HIGH" "woo-merchantx No.known.fix CSRF.Bypass MEDIUM" "wp-secure-maintainance 1.7 Admin+.Stored.XSS LOW" "widgets-for-alibaba-reviews 11.1 Authenticated.(Editor+).Arbitrary.File.Upload MEDIUM" "wp-post-author 3.8.3 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-post-author 3.8.2 Authenticated.(Administrator+).SQL.Injection HIGH" "wp-post-author 3.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-post-author 3.7.5 Missing.Authorization MEDIUM" "wp-post-author 3.6.5 Subscriber+.Rating.Manipulation MEDIUM" "wr-age-verification No.known.fix Unauthenticated.SQL.Injection HIGH" "wr-age-verification No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wr-age-verification 2.0.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-js No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "webinar-ignition 3.06.0 Cross-Site.Request.Forgery MEDIUM" "webinar-ignition 3.05.1 Missing.Authorization.to.Unauthenticated.Privilege.Escalation CRITICAL" "webinar-ignition 3.05.1 Unauthenticated.SQL.Injection CRITICAL" "webinar-ignition 3.05.1 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "webinar-ignition 3.1.2 Reflected.Cross-Site.Scripting MEDIUM" "webinar-ignition 2.14.3 Admin+.Stored.XSS LOW" "webinar-ignition 2.8.12 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpdatatables 6.3.2 Tables.&.Table.Charts.(Premium).<.6.3.2.-.Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 6.4 Tables.&.Table.Charts.(Premium).<.6.4.-.Missing.Authorization.to.DataTable.Access.&.Modification HIGH" "wpdatatables 3.4.2.14 Unauthenticated.Stored.Cross-Site.Scripting.via.CSV.Import MEDIUM" "wpdatatables 3.4.2.5 Reflected.Cross-Site.Scripting. MEDIUM" "wpdatatables 2.1.66 Admin+.PHP.Object.Injection MEDIUM" "wpdatatables 2.1.50 Contributor+.Stored.XSS MEDIUM" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 2.1.28 Admin+.Stored.Cross-Site.Scripting LOW" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Data.Deletion MEDIUM" "wpdatatables 3.4.2 Blind.SQL.Injection.via.length.Parameter CRITICAL" "wpdatatables 3.4.2 Improper.Access.Control.leading.to.Table.Permission.Takeover HIGH" "wpdatatables 3.4.2 Blind.SQL.Injection.via.start.Parameter CRITICAL" "wpdatatables 3.4.1 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 2.0.12 Cross-Site.Scripting.(XSS).&.SQL.Injection HIGH" "wpdatatables 1.5.4 Unauthenticated.SQL.Injection CRITICAL" "wpdatatables 1.5.4 Unauthenticated.Shell.Upload CRITICAL" "wp-scribd-list No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpfilesearch No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wccp-pro 15.3 Admin+.Stored.XSS LOW" "wccp-pro 15.3 Open.Redirect MEDIUM" "ws-contact-form 1.3.8 Admin+.Stored.XSS LOW" "woolook No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "web-disrupt-funnelmentals No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "web-disrupt-funnelmentals No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "web-disrupt-funnelmentals No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "ws-bootstrap-vc No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-mathjax-plus No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-appbox 4.5.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.appbox.Shortcode MEDIUM" "wp-appbox 4.5.4 Reflected.Cross-Site.Scripting MEDIUM" "wp-appbox 4.4.0 Admin+.Stored.Cross-Site.Scripting LOW" "wp-appbox 4.3.18 Authenticated.Local.File.Inclusion LOW" "wp-sitemap-page 1.7.0 Admin+.Stored.Cross.Site.Scripting LOW" "wp-job-portal 2.2.9 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "wp-job-portal 2.2.9 Insecure.Direct.Object.Reference.to.Authenticated.(Subscriber+).User.Photo.Disconnection MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Company.Deletion MEDIUM" "wp-job-portal 2.2.7 Missing.Authorization.to.Unauthenticated.Arbitrary.Email.Sending MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Authenticated.(Employer+).Arbitrary.Job.Deletion MEDIUM" "wp-job-portal 2.2.7 Insecure.Direct.Object.Reference.to.Unauthenticated.Company.Logo.Deletion MEDIUM" "wp-job-portal 2.2.6 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.5 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.2.3 Unauthenticated.SQL.Injection HIGH" "wp-job-portal 2.2.3 Missing.Authorization.to.Unauthenticated.Arbitrary.Resume.Download MEDIUM" "wp-job-portal 2.2.3 Missing.Authorization.to.Limited.Privilege.Escalation MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.getFieldsForVisibleCombobox() MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection MEDIUM" "wp-job-portal 2.2.3 Authenticated.(Admin+).SQL.Injection.via.wpjobportal_deactivate() MEDIUM" "wp-job-portal 2.2.1 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.7 Missing.Authorization.to.Unauthenticated.Local.File.Inclusion,.Arbitrary.Settings.Update,.and.User.Creation CRITICAL" "wp-job-portal 2.1.9 Subscriber+.Insecure.Direct.Object.Reference MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.1.4 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-job-portal 2.0.7 Cross-Site.Request.Forgery MEDIUM" "wp-job-portal 2.0.6 Unauthenticated.SQLi HIGH" "wp-job-portal 2.0.2 Unauthenticated.Settings.Update MEDIUM" "wp-job-portal 2.0.6 Subscriber+.Stored.XSS HIGH" "wc-support-system No.known.fix Unauthenticated.Ticket.Deletion/Update,.Settings.Update.etc MEDIUM" "wc-support-system 1.2.2 Admin+.SQLi MEDIUM" "wordpress-popup 7.8.6 Missing.Authorization.to.Unauthorized.Form.Submission MEDIUM" "wordpress-popup 7.8.6 Missing.Authorization.to.Unpublished.Form.Exposure MEDIUM" "wordpress-popup 7.8.5 Admin+.Stored.XSS LOW" "wordpress-popup 6.0.8.1 Unauthenticated.CSV.Injection HIGH" "wpo365-msgraphmailer 3.3 Open.Redirect.via.'redirect_to'.Parameter MEDIUM" "wp-ultimate-recipe 3.12.7 Authenticated.Stored.XSS MEDIUM" "word-count-analysis No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-image-zoooom 1.47 Local.File.Inclusion MEDIUM" "wp-spacecontent No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wholesale-pricing-woocommerce 3.8.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-player No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-olivecart No.known.fix Admin+.Stored.XSS LOW" "woocommerce-upload-files 84.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woocommerce-upload-files 59.4 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wplistcal No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wp-quick-shop 1.3.2 Reflected.Cross-Site.Scripting MEDIUM" "wc-cross-seller No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wc-cross-seller No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wcfm-marketplace-rest-api 1.6.0 Subscriber+.Arbitrary.Orders.Item.And.Notes.Update MEDIUM" "wp-github No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-hide-backed-notices 1.3.1 Missing.Authorization.to.Authenticated(Contributor+).Plugin.Settings.Modification MEDIUM" "wp-hide-backed-notices 1.3 Cross-Site.Request.Forgery MEDIUM" "woocommerce-wholesale-prices 2.2.0 Missing.Authorization MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Cross-Site.Request.Forgery MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Missing.Authorization.for.Plugin.Settings.Change MEDIUM" "woocommerce-wholesale-prices 2.1.5.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "wpm-news-api No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wp-githuber-md No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-githuber-md 1.16.3 Authenticated.(Author+).Arbitrary.File.Upload HIGH" "wp-cron-status-checker 1.2.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-cron-status-checker 1.2.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-stats 2.52 CSRF.to.Stored.Cross-Site.Scripting.(XSS) HIGH" "woo-inquiry No.known.fix Unauthenticated.SQL.Injection CRITICAL" "woo-variation-swatches 1.0.62 Reflected.XSS MEDIUM" "wp-debugging 2.11.7 Arbitrary.Plugin.Installation.from.Dependency.via.CSRF LOW" "wp-debugging 2.11.7 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "wp-debugging 2.11.0 Unauthenticated.Plugin's.Settings.Update MEDIUM" "wp-photo-album-plus 8.9.01.001 Unauthenticated.Arbitrary.Shortcode.Execution.via.getshortcodedrenderedfenodelay HIGH" "wp-photo-album-plus 8.8.07.004 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.02.003 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.8.00.003 Reflected.Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.7.00.004 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "wp-photo-album-plus 8.7.01.002 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.03.005 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "wp-photo-album-plus 8.6.01.005 .Cross-Site.Scripting MEDIUM" "wp-photo-album-plus 8.6.01.005 IP.Spoofing MEDIUM" "wp-photo-album-plus 8.6.01.003 Insecure.Direct.Object.Reference MEDIUM" "wp-photo-album-plus 8.0.10 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-pricing-table No.known.fix Reflected.XSS HIGH" "wpforms-lite 1.9.3.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.fieldHTML.Parameter MEDIUM" "wpforms-lite 1.9.2.3 Contributor+.Custom.Form.Theme.Creation LOW" "wpforms-lite 1.9.2.2 1.9.2.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Payment.Refund.and.Subscription.Cancellation HIGH" "wpforms-lite 1.9.2.3 Admin+.Stored.XSS LOW" "wpforms-lite 1.9.2.1 Cross-Site.Request.Forgery.(CSRF).to.Plugin's.Log.Deletion MEDIUM" "wpforms-lite 1.9.1.6 Admin+.Stored.XSS LOW" "wpforms-lite 1.8.8.2 Unauthenticated.Price.Manipulation MEDIUM" "wpforms-lite 1.8.1.3 Reflected.XSS MEDIUM" "wpforms-lite 1.7.5.5 Admin+.Arbitrary.File.Access MEDIUM" "wpforms-lite 1.6.0.2 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.5.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8.1 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "wpforms-lite 1.4.8 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-megamenu No.known.fix Authenticated.(Administrator+).PHP.Object.Injection HIGH" "wp-megamenu 1.4.1 Subscriber+.Arbitrary.Post.Access MEDIUM" "wp-megamenu 1.4.0 Unauthenticated.Arbitrary.Post.Access HIGH" "wp-megamenu 1.4.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-fancybox 1.0.2 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-sentry No.known.fix Arbitrary.Settings.Update.to.Stored.XSS.via.CSRF MEDIUM" "wp-stats-dashboard No.known.fix Authenticated.Blind.SQL.Injection HIGH" "wp-easy-contact 3.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-easycart 5.7.9 Missing.Authorization.to.Order.Updates MEDIUM" "wp-easycart 5.7.3 Authenticated.(Contributor+).SQL.Injection.via.model_number.Parameter HIGH" "wp-easycart 5.6.0 Missing.Authorization MEDIUM" "wp-easycart 5.6.5 Sensitive.Information.Exposure MEDIUM" "wp-easycart 5.6.0 Cross-Site.Request.Forgery MEDIUM" "wp-easycart 5.6.4 Contributor+.SQL.Injection MEDIUM" "wp-easycart 5.4.11 Administrator+.Time-based.SQL.Injection HIGH" "wp-easycart 5.4.9 Multiple.CSRFs MEDIUM" "wp-easycart 5.4.9 Product.Deletion.via.CSRF MEDIUM" "wp-easycart 5.4.3 Admin+.LFI MEDIUM" "wp-easycart 5.2.5 Arbitrary.Design.Settings.Update.via.CSRF MEDIUM" "wp-easycart 5.1.1 CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-easycart 3.0.21 3.0.20.-.Privilege.Escalation HIGH" "wp-yelp-review-slider 8.2 Authenticated.(Administrator+).SQL.Injection MEDIUM" "wp-yelp-review-slider 7.1 Subscriber+.SQLi HIGH" "wp-foft-loader 2.1.29 Reflected.Cross-Site.Scripting MEDIUM" "wp-foft-loader 2.1.21 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wplr-sync 6.4.1 Missing.Authorization MEDIUM" "wplr-sync 6.3.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.7.7 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.7.6 Admin+.Stored.XSS LOW" "wp-ulike 4.7.5 Admin+.Stored.XSS.via.Widgets LOW" "wp-ulike 4.7.5 Cross-Site.Request.Forgery.to.Statistic.Deletion MEDIUM" "wp-ulike 4.7.4 Admin+.Stored.XSS LOW" "wp-ulike 4.7.2.1 Subscriber+.Stored-XSS HIGH" "wp-ulike 4.7.1 Admin+.Stored.XSS LOW" "wp-ulike 4.7.0 Authenticated.(Contributor+).SQL.Injection.via.Shortcodes HIGH" "wp-ulike 4.7.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 2.7.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "wp-ulike 4.6.9 Contributor+.Stored.Cross.Site.Scripting.via.Shortcode MEDIUM" "wp-ulike 4.6.5 Unauthenticated.Rating.Tampering.via.Race.Condition LOW" "wordpress-23-related-posts-plugin No.known.fix Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wordpress-23-related-posts-plugin 2.7.2 Cross-Site.Request.Forgery MEDIUM" "wp-tools-divi-blog-carousel 1.3.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-tools-divi-blog-carousel 1.3.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpstickybar-sticky-bar-sticky-header No.known.fix Reflected.XSS HIGH" "wpstickybar-sticky-bar-sticky-header No.known.fix Unauthenticated.SQLi HIGH" "wp-dbmanager 2.80.8 Admin+.Remote.Command.Execution MEDIUM" "wp-dbmanager 2.79.2 Arbitrary.File.Delete HIGH" "wc-planzer-shipping 1.0.26 Reflected.Cross-Site.Scripting.via.processed-ids MEDIUM" "wc-quantity-plus-minus-button 1.2.0 Quantity.Plus.Minus.Button.for.WooCommerce.by.CodeAstrology.<.1,2,0.Settings.Update.via.CSRF MEDIUM" "wp-comment-designer-lite 2.0.4 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-custom-post-rss-feed No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpg-videos No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-migration-duplicator 1.4.9 Missing.Authorization.to.Directory.Traversal MEDIUM" "wp-migration-duplicator 1.4.8 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "wp-migration-duplicator 1.4.4 Subscriber+.Plugin.Settings.Update MEDIUM" "wp-migration-duplicator 1.4.5 Subscriber+.Stored.XSS HIGH" "wp-migration-duplicator 1.4.2 Missing.Authorization.to.Settings.and.Schedule.Modification MEDIUM" "wp-seo-tags No.known.fix Reflected.Cross-Site.Scripting HIGH" "webtoffee-gdpr-cookie-consent 2.6.1 Bulk.Delete.via.CSRF MEDIUM" "webtoffee-gdpr-cookie-consent 2.6.1 Unauthenticated.Stored.XSS HIGH" "wc-thanks-redirect 3.1 Reflected.Cross-Site.Scripting MEDIUM" "wc-thanks-redirect 3.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-options-editor No.known.fix Cross-Site.Request.Forgery.to.Privilege.Escalation HIGH" "woosquare 4.3 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.9 Reflected.Cross-Site.Scripting MEDIUM" "woosquare 4.2.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wordpress-logging-service No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "widget-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "wp-openagenda 1.9.0 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-reviews-shortcode 1.01.6 Missing.Authorization MEDIUM" "woo-product-reviews-shortcode 1.01.4 Cross-Site.Request.Forgery MEDIUM" "woo-product-reviews-shortcode 1.0.21 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-reviews-shortcode 1.0.17 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-structured-data-schema 4.0.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-structured-data-schema 4.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc-venipak-shipping 1.19.6 Reflected.Cross-Site.Scripting.via.'venipak_labels_link' MEDIUM" "wp-downgrade 1.2.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-stripe-donation 3.2.4 Missing.Authorization MEDIUM" "wp-stripe-donation 3.2.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-stripe-donation 3.1.6 AidWP.<.3.1.6.-.CSRF MEDIUM" "wp-stripe-donation 2.9 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-booking 6.10.0 Subscriber+.Arbitrary.Option.Update HIGH" "wdesignkit 1.1.0 Authenticated.(Administrator+).Arbitrary.File.Upload HIGH" "wp-offers No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-offers 1.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-html-sitemap No.known.fix wp-html-sitemap.html.Sitemap.Deletion.CSRF MEDIUM" "wp-cookiechoise No.known.fix CSRF.to.Stored.Cross-Site.Scripting HIGH" "wp-live-chat-software-for-wordpress 4.5.16 Cross-Site.Request.Forgery MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Settings.Update MEDIUM" "woofunnels-aero-checkout 3.11.0 Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "woofunnels-aero-checkout 3.11.0 Unauthenticated.Arbitrary.Content.Deletion MEDIUM" "wp-contact-slider 2.4.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-contact-slider 2.4.8 Admin+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.7 Editor+.Stored.Cross-Site.Scripting LOW" "wp-contact-slider 2.4.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc4bp 3.4.25 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Settings.Update MEDIUM" "wc4bp 3.4.26 Cross-Site.Request.Forgery.to.Limited.Settings.Update MEDIUM" "wc4bp 3.4.20 Missing.Authorization MEDIUM" "wc4bp 3.4.21 Authenticated.(Subscriber+).PHP.Object.Injection.in.get_simple_request HIGH" "wc4bp 3.4.16 Reflected.Cross-Site.Scripting MEDIUM" "wc4bp 3.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wc4bp 3.2.6 Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-frontend-submit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wordpress-meta-robots No.known.fix Authenticated.Blind.SQL.Injection HIGH" "webinar-and-video-conference-with-jitsi-meet 2.6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "woo-edit-templates No.known.fix Reflected.Cross-Site.Scripting.via.page MEDIUM" "woo-edit-templates 1.1.2 Reflected.XSS HIGH" "wpcasa-mail-alert 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "wp-codemirror-block 2.0.0 Contributor+.Stored.XSS MEDIUM" "wp-travel-engine 6.2.2 Missing.Authorization.to.Authenticated.(Contributor+).Plugin.Settings.Update MEDIUM" "wp-travel-engine 5.9.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.8.1 Unauthenticated.Price.Manipulation MEDIUM" "wp-travel-engine 5.8.0 Authenticated.(Administrator+).SQL.Injection CRITICAL" "wp-travel-engine 5.8.0 Unauthenticated.SQL.Injection CRITICAL" "wp-travel-engine 5.7.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-travel-engine 5.3.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-travel-engine 5.3.1 Editor+.Stored.Cross-Site.Scripting LOW" "wp-blog-manager-lite 1.1.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "wp-custom-taxonomy-image No.known.fix Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "woo-salesforce-plugin-crm-perks 1.5.9 Reflected.Cross-Site.Scripting HIGH" "wpremote 4.65 Reflected.Cross-Site.Scripting MEDIUM" "wp-login-and-logout-redirect 2.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wptables No.known.fix Reflected.XSS HIGH" "wp-clone-by-wp-academy 2.4.7 Unauthenticated.PHP.Object.Injection.via.'recursive_unserialized_replace' HIGH" "wp-clone-by-wp-academy 2.4.6 Missing.Authorization MEDIUM" "wp-clone-by-wp-academy 2.4.4 Subscriber+.Unauthorised.Action.Calls MEDIUM" "wp-clone-by-wp-academy 2.4.3 Unauthenticated.Backup.Download HIGH" "wp-clone-by-wp-academy 2.3.8 Subscriber+.Plugin.Installation MEDIUM" "wp-clone-by-wp-academy 2.3.8 Plugin.Installation.via.CSRF MEDIUM" "wp-lister-for-ebay 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.1 Reflected.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Arbitrary.File.Upload HIGH" "wp-lister-for-ebay 3.6.0 Authenticated.(Shop.Manager+).Stored.Cross-Site.Scripting MEDIUM" "wp-lister-for-ebay 3.5.8 Reflected.Cross-Site.Scripting.via.'s' MEDIUM" "wp-search-filter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-search-filter No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wpadcenter 2.5.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.wpadcenter_ad.Shortcode MEDIUM" "wpadcenter 2.5.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ad_alignment.Attribute MEDIUM" "woo-pdf-invoices-bulk-download No.known.fix Reflected.Cross-Site.Scripting.via.PHPRelativePath.Library HIGH" "wpb-popup-for-contact-form-7 1.7.6 Unauthenticated.Arbitrary.Shortcode.Execution.via.wpb_pcf_fire_contact_form HIGH" "woocommerce-shipping-gateway-per-product 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "woocommerce-shipping-gateway-per-product 2.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-event-aggregator 1.8.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.8.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-event-aggregator 1.7.7 Cross-Site.Request.Forgery.via.wpea_deauthorize_user() MEDIUM" "wp-eggdrop No.known.fix Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-eggdrop No.known.fix Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "wp-payeezy-pay 2.98 Local.File.Inclusion CRITICAL" "wprequal No.known.fix Cross-Site.Request.Forgery.to.Settings.Reset MEDIUM" "wordpress-signature No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "webriti-custom-login-page No.known.fix Cross-Site.Request.Forgery.to.Reflected.Cross-Site.Scripting MEDIUM" "wp-report-post No.known.fix Reflected.XSS HIGH" "wp-base-booking-of-appointments-services-and-events 5.0.0 Reflected.XSS HIGH" "wp-base-booking-of-appointments-services-and-events 5.1.0 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "wp-base-booking-of-appointments-services-and-events 5.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.app_export_db MEDIUM" "wp-base-booking-of-appointments-services-and-events 4.9.2 Reflected.Cross-Site.Scripting.via.status.Parameter MEDIUM" "wd-google-maps No.known.fix Authenticated.(Administrator+).SQL.Injection CRITICAL" "wd-google-maps 1.0.74 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.74 Missing.Authorization.to.Notice.Dismissal MEDIUM" "wd-google-maps 1.0.73 Unauthenticated.SQLi HIGH" "wd-google-maps 1.0.72 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "wd-google-maps 1.0.70 Authenticated.Stored.XSS MEDIUM" "wp-sms 6.9.4 Missing.Authorization MEDIUM" "wp-sms 6.5.2 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.6.3 Cross-Site.Request.Forgery MEDIUM" "wp-sms 6.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wp-sms 6.5.3 Reflected.Cross-Site.Scripting.via.'page' MEDIUM" "wp-sms 6.5.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-sms 6.5.1 Contributor+.SQLi.to.Reflected.XSS HIGH" "wp-sms 6.5.1 Cross-Site.Request.Forgery.to.Subscriber.Deletion MEDIUM" "wp-sms 6.2.0 User.Unsubscribe.via.CSRF MEDIUM" "wp-sms 6.1.5 Reflected.XSS HIGH" "wp-sms 6.0.4.1 Information.Disclosure.via.REST.API MEDIUM" "wp-sms 5.4.13 Authenticated.Stored.Cross-Site.Scripting LOW" "wp-sms 5.4.9.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "wp-social-links No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-reports No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woo-quick-reports No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.3.0 Missing.Authorization MEDIUM" "woocommerce-warranty 2.1.7 Reflected.XSS HIGH" "wp-login-attempt-log No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpbookit 1.0.2 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpbookit 1.6.10 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wpbookit 1.6.6 Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "wpbookit No.known.fix Unauthenticated.SQL.Injection HIGH" "wp-swimteam 1.45 Local.File.Inclusion MEDIUM" "woo-point-of-sale 6.2.0 Insecure.Direct.Object.Reference.to.Privilege.Escalation.via.Arbitrary.User.Email.Change CRITICAL" "wowrestro 1.1 CSRF.Bypass MEDIUM" "wh-testimonials No.known.fix Unauthenticated.Stored.XSS HIGH" "wonderplugin-video-embed 2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "wonderplugin-video-embed 1.8 Contributor+.Stored.XSS MEDIUM" "wp-featherlight No.known.fix Authenticated.(Contributor+).Stored.DOM-Based.Cross-Site.Scripting.via.Featherlight.js.JavaScript.Library MEDIUM" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-jquery-datatable 4.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpc-shop-as-customer 1.2.9 Authentication.Bypass.Due.to.Insufficiently.Unique.Key HIGH" "wpc-shop-as-customer 1.2.7 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "wp-private-media No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-private-media No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-private-media No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "wp-all-import 3.7.3 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.9 Admin+.Arbitrary.File.Upload.to.RCE MEDIUM" "wp-all-import 3.6.9 Admin+.Directory.traversal.via.file.upload MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.File.Upload MEDIUM" "wp-all-import 3.6.8 Admin+.Arbitrary.Code.Execution MEDIUM" "wp-all-import 3.6.5 Reflected.Cross-Site.Scripting MEDIUM" "wp-all-import 3.6.3 Admin+.Stored.Cross-Site.Scripting LOW" "wp-all-import 3.4.7 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.4.6 Cross-Site.Scripting.(XSS) MEDIUM" "wp-all-import 3.2.5 Multiple.Vulnerabilities CRITICAL" "wp-all-import 3.2.4 RCE HIGH" "wp-inventory-manager 2.3.3 Reflected.Cross-Site.Scripting MEDIUM" "wp-inventory-manager 2.1.0.14 Inventory.Items.Deletion.via.CSRF MEDIUM" "wp-inventory-manager 2.1.0.13 Reflected.Cross-Site.Scripting HIGH" "wp-inventory-manager 2.1.0.12 Reflected.XSS HIGH" "wordpress-popular-posts 7.2.0 Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "wordpress-popular-posts 6.3.3 Contributor+.Stored.XSS MEDIUM" "wordpress-popular-posts 6.1.0 Unauthenticated.Views.Manipulation MEDIUM" "wordpress-popular-posts 6.0.0 Reflected.Cross-Site.Scripting MEDIUM" "wordpress-popular-posts 5.3.4 Admin+.Stored.Cross-Site.Scripting LOW" "wordpress-popular-posts 5.3.3 Authenticated.Code.Injection HIGH" "wordpress-popular-posts 5.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "wp-transactions 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "wp-video-posts No.known.fix Cross-Site.Request.Forgery.to.Remote.Code.Execution HIGH" "wp-video-posts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wpzoom-shortcodes No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.box.Shortcode MEDIUM" "wpzoom-shortcodes 1.0.2 Reflected.Cross-Site.Scripting MEDIUM" "wp-user-profile-avatar 1.0.6 Cross-Site.Request.Forgery.to.Settings.Update MEDIUM" "wp-user-profile-avatar 1.0.2 Contributor+.Stored.XSS MEDIUM" "wp-user-profile-avatar 1.0.1 Author+.Avatar.Deletion/Update.via.IDOR LOW" "wp-user-profile-avatar 1.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-worthy 1.7.0-0cde1c2 Cross-Site.Request.Forgery MEDIUM" "wp-mail-smtp-pro 3.8.1 Unauthenticated.Email.Address.Disclosure MEDIUM" "we-testimonial-slider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wp-reset 2.03 Missing.Authorization.to.License.Key.Modification MEDIUM" "wp-reset 2.0 Sensitive.Information.Exposure.due.to.Insufficient.Randomness MEDIUM" "wp-reset 5.99 Subscriber+.Database.Reset CRITICAL" "wp-reset 5.99 Database.Reset.via.CSRF CRITICAL" "wp-reset 1.90 Authenticated.Stored.XSS MEDIUM" "woo-product-attachment 2.2.0 Checkout.Attachements.Update.via.CSRF MEDIUM" "woo-product-attachment 2.1.8 Reflected.Cross-Site.Scripting MEDIUM" "woo-product-attachment 2.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wp-calameo 2.1.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wpcomplete 2.9.5 Reflected.Cross-Site.Scripting HIGH" "wp-upg No.known.fix Unauthenticated.RCE CRITICAL" "wp-translate No.known.fix Missing.Authorization MEDIUM" "wp-visual-adverts No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-nice-loader No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "wpr-admin-amplify No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-hide No.known.fix Unauthenticated.Settings.Update MEDIUM" "wedevs-project-manager 2.6.18 Authenticated.(Subscriber+).SQL.Injection.via.orderby.Parameter MEDIUM" "wedevs-project-manager 2.6.18 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Options.Update MEDIUM" "wedevs-project-manager No.known.fix Admin+.Stored.XSS LOW" "wedevs-project-manager 2.6.17 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wedevs-project-manager 2.6.16 Authenticated.(Subscriber+).Sensitive.Information.Exposure.via.Project.Task.List.REST.API MEDIUM" "wedevs-project-manager No.known.fix Authenticated.(Project.Manager+).SQL.Injection MEDIUM" "wedevs-project-manager 2.6.15 Missing.Authorization.to.Project.Milestone.and.Task.Creation/Deletion MEDIUM" "wedevs-project-manager 2.6.14 Insecure.Direct.Object.Reference.to.Unauthenticated.Authorization.Bypass HIGH" "wedevs-project-manager 2.6.9 Subscriber+.Stored.XSS HIGH" "wedevs-project-manager 2.6.8 Missing.Authorization MEDIUM" "wedevs-project-manager 2.6.1 Subscriber+.SQLi HIGH" "wedevs-project-manager 2.6.5 Subscriber+.Privilege.Escalation HIGH" "wedevs-project-manager 2.4.14 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "wedevs-project-manager 2.4.10 CSRF.Nonce.Bypasses MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery MEDIUM" "wedevs-project-manager 2.4.1 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "wps-child-theme-generator 1.2 Path.Traversal CRITICAL" "woocommerce-google-dynamic-retargeting-tag 1.7.17 Reflected.Cross-Site.Scripting MEDIUM" "wp-lijit-wijit No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xtra-settings No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "xml-multilanguage-sitemap-generator No.known.fix Missing.Authorization MEDIUM" "xorbin-digital-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xpinner-lite No.known.fix Cross-Site.Scripting.(XSS).&.CSRF MEDIUM" "xlsx-viewer No.known.fix Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "xatkit-chatbot-connector 2.1.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xo-liteslider No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xo-liteslider 3.3.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.6.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.6.3 Authenticated.(Contributor+).Post.Disclosure.via.Post.Duplication MEDIUM" "xpro-elementor-addons 1.4.6.6 Contributor+.Stored.XSS MEDIUM" "xpro-elementor-addons 1.4.6.1 Authenticated.(Contributor+).Sensitive.Information.Exposure.via.Elementor.Template MEDIUM" "xpro-elementor-addons 1.4.4.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Grid.Widget MEDIUM" "xpro-elementor-addons 1.4.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3.2 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "xpro-elementor-addons 1.4.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Widgets MEDIUM" "xpro-elementor-addons 1.4.3.1 Authenticated.(Admin+).Cross.Site.Scripting MEDIUM" "xpro-elementor-addons 1.4.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xpd-reduce-image-filesize No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "xt-woo-points-rewards 1.6.6 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-points-rewards 1.4.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xserver-typesquare-webfonts 2.0.8 Missing.Authorization.via.typesquare_admin_init() MEDIUM" "xtremelocator No.known.fix Xtreme.Locator.Dealer.Locator.Plugin.1,5.–.Authenticated.SQL.Injection HIGH" "xserver-migrator 1.6.2.1 Arbitrary.File.Upload.via.CSRF HIGH" "xml-sitemaps-for-videos No.known.fix CSRF MEDIUM" "xagio-seo 7.0.0.21 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xforwoocommerce No.known.fix Authenticated.(Subscriber+).Local.File.Inclusion HIGH" "xforwoocommerce 1.7.0 Low.Priv.Arbitrary.Blog.Options.Update/Access/Deletion.&.Plugin's.Settings.Update/Export/Import HIGH" "xt-woo-quick-view-lite 2.0.0 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-quick-view-lite 1.9.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xola-bookings-for-tours-activities No.known.fix Missing.Authorization MEDIUM" "xo-event-calendar 2.3.7 Reflected.Cross-Site.Scripting HIGH" "xpresslane-integration-for-woocommerce No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "xt-woo-variation-swatches 1.8.8 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-variation-swatches 1.8.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xqueue-maileon 2.16.1 Admin+.Stored.XSS LOW" "xcloner-backup-and-restore 4.7.4 Unauthenticated.Full.Path.Disclosure MEDIUM" "xcloner-backup-and-restore 4.3.6 Plugin.Settings.Reset MEDIUM" "xcloner-backup-and-restore 4.2.13 4.2.12.-.Unprotected.AJAX.Action CRITICAL" "xcloner-backup-and-restore 4.2.153 Cross-Site.Request.Forgery CRITICAL" "xcloner-backup-and-restore 3.1.5 Backup.and.Restore.<.3.1.5.-.Authenticated.Path.Traversal MEDIUM" "xcloner-backup-and-restore 3.1.3 Backup.and.Restore.3.1.2.-.XSS.&.Command.Execution MEDIUM" "xcloner-backup-and-restore 3.1.2 Backup.and.Restore.<.3.1.2.-.Multiple.Vulnerabilities.(RCE.&.LFI) HIGH" "xcloner-backup-and-restore 3.1.1 Backup.and.Restore.<.3.1.1.-.Multiple.Actions.CSRF HIGH" "x-forms-express No.known.fix Stored.Cross-Site.Scripting.(XSS) MEDIUM" "xllentech-english-islamic-calendar 2.6.8 Authenticated.SQL.Injection MEDIUM" "xt-woo-ajax-add-to-cart 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "xt-woo-ajax-add-to-cart 1.0.4 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "xili-tidy-tags 1.12.05 Reflected.Cross-Site.Scripting MEDIUM" "xili-tidy-tags 1.12.04 Cross-Site.Request.Forgery MEDIUM" "xml-for-google-merchant-center 3.0.12 Reflected.Cross-Site.Scripting MEDIUM" "xml-for-google-merchant-center 3.0.2 Reflected.XSS HIGH" "xml-for-avito 2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "xorbin-analog-flash-clock No.known.fix Flash-based.XSS MEDIUM" "xl-tab 1.5 Authenticated.(Contributor+).Post.Disclosure MEDIUM" "xl-tab 1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "xo-security 1.5.3 XSS MEDIUM" "xv-random-quotes No.known.fix Settings.Reset.via.CSRF MEDIUM" "xv-random-quotes No.known.fix Reflected.XSS HIGH" "xml-sitemap-feed 5.4.9 Unauthenticated.Local.File.Inclusion HIGH" "youram-youtube-embed No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-stripe 2.0.2 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-advanced-reviews 1.4.0 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-tab-manager 1.35.1 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-navigation 5.2.0 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-ajax-navigation 3.11.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "yith-paypal-express-checkout-for-woocommerce 1.2.6 Subscriber+.Settings.Update MEDIUM" "years-since No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-vendors 3.8.1 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-vendors 3.4.1 Subscriber+.Settings.Update MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.5 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.6.4 Reflected.Cross-Site.Scripting MEDIUM" "yellow-pencil-visual-theme-customizer 7.5.9 Admin+.Stored.XSS LOW" "yellow-pencil-visual-theme-customizer 7.5.4 Reflected.Cross-Site.Scripting HIGH" "yellow-pencil-visual-theme-customizer 7.2.1 Unauthenticated.Arbitrary.Options.Updates HIGH" "yds-support-ticket-system No.known.fix Authenticated.(Subscriber+).SQL.Injection MEDIUM" "yds-support-ticket-system No.known.fix Cross-Site.Request.Forgery MEDIUM" "yet-another-stars-rating 3.4.4 Missing.Authorization.via.init MEDIUM" "yet-another-stars-rating 3.4.2 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 3.1.3 Subscriber+.Stored.XSS HIGH" "yet-another-stars-rating 3.0.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yet-another-stars-rating 3.0.0 Reflected.Cross-Site.Scripting MEDIUM" "yet-another-stars-rating 1.8.7 PHP.Object.Injection HIGH" "youtube-channel 3.23.0 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "youtube-channel 3.23.0 Admin+.Stored.XSS LOW" "yith-woocommerce-compare 2.38.0 Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-compare 2.20.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-compare 2.3.15 Subscriber+.Settings.Update MEDIUM" "ymc-smart-filter 2.9.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "ymc-smart-filter 2.8.34 Cross-Site.Request.Forgery MEDIUM" "ymc-smart-filter 2.8.33 Unauthenticated.LFI CRITICAL" "yith-maintenance-mode 1.4.0 Multiple.Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.3.8 Admin+.Stored.Cross-Site.Scripting LOW" "yith-maintenance-mode 1.2.0 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "youtube-shortcode No.known.fix Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-subscription 1.3.6 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-multi-step-checkout 1.7.5 Subscriber+.Settings.Update MEDIUM" "yawpp No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yada-wiki 3.4.1 Contributor+.Stored.XSS MEDIUM" "youtube-video-inserter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yellow-yard 2.8.12 Contributor+.Stored.XSS MEDIUM" "yellow-yard 2.8.12 Reflected.Cross-Site.Scripting HIGH" "yahoo-media-player No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-gift-cards-premium 3.20.0 Unauthenticated.Arbitrary.File.Upload CRITICAL" "yith-woocommerce-gift-cards-premium 3.3.1 RCE.via.Arbitrary.File.Upload CRITICAL" "yith-woocommerce-order-tracking 2.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-order-tracking 1.2.11 Subscriber+.Settings.Update MEDIUM" "yumpu-epaper-publishing 3.0.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yumpu-epaper-publishing 3.0.0 Missing.Authorization.to.PDF.Upload,.Publishing,.and.API.Key.Modification MEDIUM" "yith-woocommerce-recover-abandoned-cart 1.3.4 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-ajax-search 2.8.1 Unauthenticated.SQL.Injection HIGH" "yith-woocommerce-ajax-search 2.7.1 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-ajax-search 2.4.1 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yith-woocommerce-ajax-search 1.7.1 Subscriber+.Settings.Update MEDIUM" "yaysmtp 2.6.3 2.6.2.-.Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.4.6 Unauthenticated.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.1 Subscriber+.Stored.Cross-Site.Scripting HIGH" "yaysmtp 2.2.2 Admin+.Stored.Cross-Site.Scripting LOW" "yaysmtp 2.2.1 Subscriber+.SMTP.Credentials.Leak MEDIUM" "yaysmtp 2.2.1 Subscriber+.Logs.Disclosure MEDIUM" "youtube-embed 5.2.2 Contributor+.Stored.XSS MEDIUM" "youtube-embed 3.3.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "yotpo-social-reviews-for-woocommerce 1.7.10 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-best-sellers 1.1.13 Subscriber+.Settings.Update MEDIUM" "youtube-widget-responsive 1.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "yawave No.known.fix Unauthenticated.SQL.Injection HIGH" "yacp No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-custom-thank-you-page-for-woocommerce 1.1.8 Subscriber+.Settings.Update MEDIUM" "yogo-booking 1.6.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-frequently-bought-together 1.2.11 Subscriber+.Settings.Update MEDIUM" "ydn-download No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-pdf-invoice 1.2.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-zoom-magnifier 1.3.12 Subscriber+.Settings.Update MEDIUM" "yesno 1.0.12 Authenticated.(contributor+).Blind.SQL.Injection HIGH" "yith-woocommerce-affiliates 1.6.3 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-gift-cards 4.13.0 Missing.Authorization.to.Unauthenticated.WooCommerce.Settings.Update MEDIUM" "yith-woocommerce-gift-cards 1.3.8 Subscriber+.Settings.Update MEDIUM" "yop-poll 6.5.27 Unauthenticated.Vote.Manipulation.via.Race.Condition MEDIUM" "yop-poll 6.5.29 Reusable.Captcha.via.validateImage MEDIUM" "yop-poll 6.4.3 IP.Spoofing MEDIUM" "yop-poll 6.3.5 Author+.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Options.Module MEDIUM" "yop-poll 6.3.1 Author+.Stored.Cross-Site.Scripting.via.Preview.Module MEDIUM" "yop-poll 6.2.8 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yop-poll 6.1.5 Authenticated.Stored.XSS LOW" "yop-poll 6.1.2 Reflected.Cross-Site.Scripting HIGH" "yop-poll 6.0.3 Cross-Site.Scripting.(XSS) MEDIUM" "yop-poll 5.8.1 Stored.Cross-Site.Scripting.(XSS) MEDIUM" "youforms-free-for-copecart No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yoo-bar No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yookassa 2.3.1 Subscriber+.Arbitrary.Settings.Update MEDIUM" "yookassa 2.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "youtube-embed-plus 11.8.2 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "youtube-video-player 2.6.4 Admin+.Stored.XSS LOW" "youtube-video-player 2.3.9 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-mailchimp 2.1.4 Subscriber+.Settings.Update MEDIUM" "youzify-moderation No.known.fix Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "yr-activity-link 1.2.4 Contributor+.Stored.XSS MEDIUM" "yith-woocommerce-cart-messages 1.4.5 Subscriber+.Settings.Update MEDIUM" "youmax-channel-embeds-for-youtube-businesses No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "youmax-channel-embeds-for-youtube-businesses No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-woocommerce-quick-view 1.21.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-quick-view 1.3.15 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-bulk-product-editing 1.2.15 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-waiting-list 1.3.11 Subscriber+.Settings.Update MEDIUM" "yamaps 0.6.30 Contributor+.Stored.XSS MEDIUM" "yamaps 0.6.26 Contributor+.Stored.XSS MEDIUM" "youtube-speedload No.known.fix Cross-Site.Request.Forgery MEDIUM" "yith-infinite-scrolling 1.8.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-authorizenet-payment-gateway 1.1.13 Subscriber+.Settings.Update MEDIUM" "yandexnews-feed-by-teplitsa No.known.fix Admin+.Stored.XSS LOW" "yet-another-related-posts-plugin 5.30.11 Missing.Authorization MEDIUM" "yet-another-related-posts-plugin 5.30.10 Authenticated(Administrator+).Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.10 Admin+.Stored.XSS LOW" "yet-another-related-posts-plugin 5.30.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Subscriber+.SQLi HIGH" "yet-another-related-posts-plugin 5.30.5 Yet.Another.Related.Posts.Plugin.<.5.30.5.-.Subscriber+.LFI HIGH" "yet-another-related-posts-plugin 5.30.3 Yet.Another.Related.Posts.Plugin.<.5.30.3.-.Contributor+.Stored.XSS MEDIUM" "yith-custom-login 1.7.4 Reflected.Cross-Site.Scripting MEDIUM" "yith-custom-login 1.7.1 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yotpo-reviews-for-woocommerce No.known.fix Arbitrary.Settings.Update.via.CSRF MEDIUM" "yith-woocommerce-brands-add-on 1.3.7 Subscriber+.Settings.Update MEDIUM" "youneeq-panel No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-added-to-cart-popup 1.3.13 Subscriber+.Settings.Update MEDIUM" "ymc-states-map No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yt-cookie-nonsense No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Missing.Authorization MEDIUM" "yikes-inc-easy-mailchimp-extender No.known.fix Sensitive.Information.Exposure.via.logfile HIGH" "yikes-inc-easy-mailchimp-extender 6.9.0 Admin+.Stored.Cross-Site.Scripting LOW" "yikes-inc-easy-mailchimp-extender 6.8.9 Reflected.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.8 Reflected.XSS HIGH" "yikes-inc-easy-mailchimp-extender 6.8.7 Contributor+.Stored.XSS MEDIUM" "yikes-inc-easy-mailchimp-extender 6.8.9 Admin+.Stored.XSS LOW" "yikes-inc-easy-mailchimp-extender 6.8.6 Reflected.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-mailchimp-extender 6.6.3 Authenticated.Cross-Site.Scripting.(XSS) CRITICAL" "yith-woocommerce-questions-and-answers 1.2.0 Subscriber+.Settings.Update MEDIUM" "yayextra 1.3.8 Unauthenticated.Arbitrary.File.Upload.via.handle_upload_file.Function CRITICAL" "yith-woocommerce-account-funds-premium 1.34.0 Missing.Authorization MEDIUM" "yotuwp-easy-youtube-embed 1.3.14 Unauthenticated.Local.File.Inclusion CRITICAL" "yotuwp-easy-youtube-embed 1.3.14 Authenticated.(Contributor+).Arbitrary.File.Inclusion.via.Shortcode MEDIUM" "yotuwp-easy-youtube-embed 1.3.13 Admin+.Stored.XSS LOW" "youtube-feeder No.known.fix CSRF.to.Stored.XSS HIGH" "yoo-slider 2.2.0 Reflected.Cross-Site.Scripting HIGH" "yoo-slider 2.1.0 Arbitrary.Template.Import.via.CSRF MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Creation/Edition.via.CSRF MEDIUM" "yoo-slider 2.1.0 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yoo-slider 2.1.0 Arbitrary.Slider.Duplication/Deletion.via.CSRF MEDIUM" "you-shang No.known.fix Authenticated.Stored.Cross-Site.Scripting LOW" "yuzo-related-post 5.12.94 Unauthenticated.Call.Any.Action.or.Update.Any.Option MEDIUM" "yith-desktop-notifications-for-woocommerce 1.2.8 Subscriber+.Settings.Update MEDIUM" "ycyclista No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yottie-lite No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-request-a-quote 1.6.4 Unauthorised.AJAX.call.via.CSRF MEDIUM" "yith-woocommerce-request-a-quote 1.4.9 Subscriber+.Settings.Update MEDIUM" "yandex-money-button No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yandex-money-button No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yandex-money-button 2.4.0 Reflected.Cross-Site.Scripting.(XSS) HIGH" "youtube-playlist-player 4.6.8 Contributor+.Stored.XSS MEDIUM" "youtube-playlist-player 4.6.5 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "yith-color-and-label-variations-for-woocommerce 1.8.13 Subscriber+.Settings.Update MEDIUM" "yith-pre-order-for-woocommerce 1.2.1 Subscriber+.Settings.Update MEDIUM" "yith-advanced-refund-system-for-woocommerce 1.0.12 Subscriber+.Settings.Update MEDIUM" "yaad-sarig-payment-gateway-for-wc 2.2.5 Subscriber+.Log.Read/Deletion MEDIUM" "yith-woocommerce-social-login 1.3.6 Subscriber+.Settings.Update MEDIUM" "yatri-tools No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yatri-tools 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "youtube-channel-gallery No.known.fix Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yml-for-yandex-market 4.7.3 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 4.2.4 Reflected.Cross-Site.Scripting MEDIUM" "yml-for-yandex-market 3.10.8 Reflected.XSS HIGH" "yith-woocommerce-product-bundles 1.1.17 Subscriber+.Settings.Update MEDIUM" "yayforms 1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yabp No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.14.2 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.13.1 Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.9.3 Unauthenticated.Content.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.6.0 Unuathenticated.Cross-Site.Scripting MEDIUM" "yith-woocommerce-product-add-ons 4.3.1 Authenticated(Shop.Manager+).PHP.Object.Injection MEDIUM" "yith-woocommerce-product-add-ons 4.2.1 Missing.Authorization MEDIUM" "yith-woocommerce-product-add-ons 2.1.0 Authenticated.Local.File.Inclusion MEDIUM" "yith-woocommerce-product-add-ons 2.1.0 Reflected.Cross-Site.Scripting HIGH" "yith-woocommerce-product-add-ons 1.5.23 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-points-and-rewards 1.3.6 Subscriber+.Settings.Update MEDIUM" "yahoo-boss No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 3.33.0 Authenticated.(Admin+).Stored.Cross-Site.Scripting MEDIUM" "yith-woocommerce-wishlist 3.15.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-woocommerce-wishlist 2.2.14 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-catalog-mode 2.16.1 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yith-product-size-charts-for-woocommerce 1.1.13 Subscriber+.Settings.Update MEDIUM" "yith-woocommerce-badges-management 1.3.21 Subscriber+.Settings.Update MEDIUM" "youzify 1.3.4 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update.(save_addon_key_license) MEDIUM" "youzify No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Options.Update MEDIUM" "youzify 1.3.3 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Review.Deletion MEDIUM" "youzify 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.youzify_media.Shortcode MEDIUM" "youzify 1.3.1 Subscriber+.Arbitrary.Attachment.Deletion MEDIUM" "youzify 1.2.8 Missing.Authorization MEDIUM" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.6 Authenticated.(Contributor+).SQL.Injection CRITICAL" "youzify 1.2.3 Insecure.Direct.Object.Reference MEDIUM" "youzify 1.2.2 Contributor+.Stored.XSS MEDIUM" "youzify 1.2.0 Unauthenticated.SQLi HIGH" "youzify 1.0.7 Stored.Cross-Site.Scripting.via.Biography HIGH" "yt-player 1.5.3 Reflected.Cross-Site.Scripting MEDIUM" "yt-player 1.5.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "yt-player 1.4 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "yatra 2.1.15 Admin+.Stored.XSS LOW" "youtube-showcase 3.4.0 Missing.Authorization.to.Arbitrary.Post/Page.Creation MEDIUM" "youtube-showcase 3.3.6 Settings.Update.via.CSRF MEDIUM" "yeemail 2.1.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "yourchannel 1.2.6 Admin+.Stored.XSS LOW" "yourchannel 1.2.4 Unauthenticated.Settings.Reset MEDIUM" "yourchannel 1.2.5 Multiple.CSRF MEDIUM" "yourchannel 1.2.2 Subscriber+.Stored.XSS HIGH" "yourchannel 1.2.3 Contributor+.Stored.XSS.via.Shortcode MEDIUM" "yith-essential-kit-for-woocommerce-1 2.35.0 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Install,.Activation,.and.Deactivation MEDIUM" "yith-essential-kit-for-woocommerce-1 2.14.0 Cross-Site.Scripting.via.shortcode.ajax MEDIUM" "yummy-recipes No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "yikes-inc-easy-custom-woocommerce-product-tabs No.known.fix Shop.Manager+.PHP.Object.Injection MEDIUM" "yikes-inc-easy-custom-woocommerce-product-tabs 1.8.0 Admin+.Stored.XSS LOW" "yikes-inc-easy-custom-woocommerce-product-tabs 1.7.8 Unauthenticated.Toggle.Content.Setting.Update MEDIUM" "yphplista No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "yphplista No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zalomeni No.known.fix Admin+.Stored.XSS LOW" "zigaform-calculator-cost-estimation-form-builder-lite 7.4.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "zigaform-calculator-cost-estimation-form-builder-lite 7.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zionbuilder No.known.fix Contributor+.Stored.XSS MEDIUM" "zionbuilder 3.6.10 Authenticated.(Editor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-crm-forms 1.7.9.8 Contributor+.SQL.Injection MEDIUM" "zoho-crm-forms 1.7.8.9 Reflected.Cross-Site.Scripting MEDIUM" "zoho-crm-forms 1.7.6.2 Subscriber+.Arbitrary.Options.Update HIGH" "zoho-crm-forms 1.7.2.9 Admin+.Stored.Cross-Site.Scripting LOW" "zoho-crm-forms 1.6.9.2 Authenticated.Cross.Site.Scripting.(XSS) MEDIUM" "zita-site-library 1.6.4 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File.Upload MEDIUM" "zita-site-library 1.6.2 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "zita-site-library 1.6.3 Missing.Authorization.to.Page.Creation.and.Options.Modification MEDIUM" "zx-csv-upload No.known.fix ZX_CSV.Upload.1.–.Authenticated.SQL.Injection HIGH" "zero-bs-crm 5.5.1 Client+.XSS MEDIUM" "zero-bs-crm 5.5.1 CRM.Admin+.XSS LOW" "zero-bs-crm 5.4.0 PHAR.Deserialisation.via.CSRF HIGH" "zero-bs-crm 5.5.0 Admin+.Stored.XSS LOW" "zero-bs-crm 5.5 Contributor+.Stored.XSS MEDIUM" "zero-bs-crm 5.4.3 Admin+.Cross-Site.Scripting LOW" "zero-bs-crm 4.2.4 Unauthorized.Invoice.Disclosure LOW" "zerobounce 1.0.12 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "zotpress 7.3.13 Missing.Authorization MEDIUM" "zotpress 7.3.11 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zotpress 7.3.10 Authenticated.(Contributor+).Cross-Site.Scripting MEDIUM" "zotpress 7.3.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zotpress 7.3.5 Reflected.XSS HIGH" "zotpress 7.3.4 Unauthenticated.Reflected.XSS HIGH" "zotpress 6.1.3 SQL.Injection CRITICAL" "zephyr-project-manager 3.3.103 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.3.103 Missing.Authorization.to.Authenticated.(Subscriber+).Status.Updates MEDIUM" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Insecure.Direct.Object.Reference MEDIUM" "zephyr-project-manager 3.3.102 Authenticated.(Subscriber+).Limited.Privilege.Escalation HIGH" "zephyr-project-manager 3.3.101 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.filename.Parameter MEDIUM" "zephyr-project-manager 3.3.100 Unauthenticated.Information.Exposure MEDIUM" "zephyr-project-manager 3.3.99 Editor+.XSS LOW" "zephyr-project-manager 3.3.99 Authenticated.(Subscriber+).Privilege.Escalation.via.User.Meta.Update HIGH" "zephyr-project-manager 3.3.94 Plugin.Data.Deletion.via.CSRF MEDIUM" "zephyr-project-manager 3.2.55 Unauthorised.AJAX.Calls.To.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Multiple.Unauthenticated.SQLi CRITICAL" "zephyr-project-manager 3.2.5 Unauthorised.REST.Calls.to.Stored.XSS HIGH" "zephyr-project-manager 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "zephyr-project-manager 3.2.41 Reflected.Cross-Site.Scripting MEDIUM" "zd-youtube-flv-player No.known.fix Server-Side.Request.Forgery HIGH" "zoho-forms 4.0.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zoho-forms 3.0.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "zoho-forms 3.0.1 Contributor+.Stored.XSS MEDIUM" "zero-spam 5.5.7 Spam.Protection.Bypass MEDIUM" "zero-spam 5.4.5 Admin+.SQL.Injection MEDIUM" "zero-spam 5.2.11 Admin+.SQL.Injection MEDIUM" "zendesk-help-center 1.0.5 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "zoho-campaigns 2.1.0 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_optin_save MEDIUM" "zoho-campaigns 2.0.8 Cross-Site.Request.Forgery.via.zcwc_integration_disconnect MEDIUM" "zoho-campaigns 2.0.7 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zm-ajax-login-register No.known.fix Unauthenticated.Authentication.Bypass CRITICAL" "zephyr-modern-admin-theme 1.5.0 Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "zoho-marketinghub 1.2.8 Authenticated.(Contributor+).SQL.Injection CRITICAL" "zip-attachments 1.5 Arbitrary.File.Download HIGH" "zip-codes-redirect 5.1.2 Reflected.Cross-Site.Scripting MEDIUM" "zip-codes-redirect 4.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "zen-mobile-app-native No.known.fix Remote.File.Upload HIGH" "zooom No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "znajdz-prace-z-pracapl No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Settings.Update MEDIUM" "zynith-seo No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Option.Deletion CRITICAL" "zynith-seo No.known.fix Unauthenticated.Stored.Cross-Site.Scripting HIGH" "zlick-paywall 2.2.2 CSRF.Bypasses LOW" "ziteboard-online-whiteboard 3.0.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.ziteboard.Shortcode MEDIUM" "zigaform-form-builder-lite 7.4.3 Unauthenticated.Stored.Cross-Site.Scripting MEDIUM" "zigaform-form-builder-lite 7.4.8 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zmseo No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "z-downloads 1.11.8 Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "z-downloads 1.11.6 Unauthenticated.Stored.XSS HIGH" "z-downloads 1.11.5 Admin+.Arbitrary.File.Upload MEDIUM" "z-downloads 1.11.7 Admin+.Stored.XSS.via.SVG.Upload LOW" "z-downloads 1.11.4 Authenticated.(Admin+).Arbitrary.File.Upload CRITICAL" "zoho-flow 2.8.1 Authenticated.(Administrator+).SQL.Injection MEDIUM" "zeno-font-resizer 1.8.0 Admin+.Stored.XSS LOW" "zajax-ajax-navigation No.known.fix Cross-Site.Request.Forgery.to.Stored.Cross-Site.Scripting MEDIUM" "z-url-preview 2.0.0 Cross-Site.Scripting.(XSS) MEDIUM" "ziggeo 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zip-recipes No.known.fix Unauthenticated.Sensitive.Information.Exposure MEDIUM" "zip-recipes 8.1.1 Authenticated(Contributor+).SQL.Injection HIGH" "zip-recipes 8.0.8 Cross-Site.Request.Forgery MEDIUM" "zip-recipes 8.0.8 Multiple.CSRF MEDIUM" "zip-recipes 8.0.7 Reflected.XSS HIGH" "zij-kart No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "zippy 1.6.10 Authenticated.(Editor+).Arbitrary.File.Upload HIGH" "zstore-manager-basic No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Cache.Clearing MEDIUM" "zartis-job-plugin No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "z-inventory-manager 3.1.7 Unauthenticated.PHP.Object.Injection CRITICAL" "zarinpal-paid-downloads No.known.fix Admin+.Arbitrary.File.Upload MEDIUM" "zarinpal-paid-downloads No.known.fix Reflected.XSS HIGH" "zarinpal-paid-downloads No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "zm-gallery No.known.fix ZM.Gallery.1,0.–.Authenticated.Blind.SQL.Injection HIGH" "zox-news 3.17.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Modification HIGH" "zemanta No.known.fix Missing.Authorization.to.Authenticated.(Subscriber+).Attachment.Upload.and.Set.Post.Featured.Image MEDIUM" "zoho-salesiq 1.0.9 XSS.&.CSRF HIGH")
 	pp "Plugin: Version"
 	rplugins=(`grep -oP ".*/wp-content/plugins/\K[a-zA-Z0-9-_.]+" $file | sort -u`)
 	d=true; [[ ! ${rplugins[@]} ]] && d=false || d=true
@@ -90,8 +90,8 @@ plugins(){
 
 themes(){
 	flagz=()
-	releases_themes=("elegant-pink 1.3.3" "learnmore 1.0.4" "mediciti-lite 1.3.0")
-	vulns_themes=("5star No.known.fix CSRF.File.Upload HIGH" "15zine 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "accesspress-store 2.5.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "attorney No.known.fix Reflected.XSS HIGH" "attorney No.known.fix Unauthenticated.Arbitrary.Page/Post.Deletion MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Server-Side.Request.Forgery.via.form_to_url_action MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "avada 7.11.7 Authenticated.(Admin+).SQL.Injection.via.entry HIGH" "avada 7.11.7 Unauthenticated.Sensitive.Information.Exposure.via.Form.Uploads.Directory.Listing MEDIUM" "avada 7.11.5 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "avada 7.11.2 Subscriber+.Portfolio.Permalinks.Creation MEDIUM" "avada 7.11.2 Author+.Arbitrary.File.Upload.via.Zip.Extraction HIGH" "avada 7.11.2 Contributor+.SSRF HIGH" "avada 7.11.2 Contributor+.Arbitrary.File.Upload MEDIUM" "axioma 1.1.2 Information.Disclosure HIGH" "attire 2.0.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "auto-car No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "atlast-business No.known.fix Reflected.XSS HIGH" "adforest 5.1.9 Authentication.Bypass CRITICAL" "adforest 5.1.8 Classified.Ads.WordPress.Theme.<.5.1.8.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post/Attachment.Deletion MEDIUM" "adforest 5.1.7 Privilege.Escalation.via.Password.Reset/Account.Takeover CRITICAL" "adforest 5.1.7 Authentication.Bypass CRITICAL" "antreas 1.0.7 Unauthenticated.Function.Injection CRITICAL" "accesspress-root 2.6.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "affluent 1.1.2 Unauthenticated.Function.Injection CRITICAL" "aports No.known.fix Reflected.XSS HIGH" "arya-multipurpose-pro No.known.fix Reflected.XSS HIGH" "accessbuddy No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "almera 1.1.8 Information.Disclosure HIGH" "accesspress-parallax 4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "akal No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "adifier-system 3.1.4 .Unauthenticated.Local.File.Inclusion CRITICAL" "adifier-system 3.1.4 Unauthenticated.SQL.Injection CRITICAL" "adventure-journal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aidreform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "airin-blog 1.6.3 Unauthenticated.PHP.Object.Injection HIGH" "awake No.known.fix Local.File.Disclosure HIGH" "awake No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "allegiant No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "allegiant 1.2.6 Unauthenticated.Function.Injection CRITICAL" "adifier 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "accesspress-mag 2.6.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-ray No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aapna No.known.fix Reflected.XSS HIGH" "aurum-minimalist-shopping-theme 4.0.3 WordPress.&.WooCommerce.Shopping.Theme.<.4.0.3.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Content.Import MEDIUM" "agncy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "appointment 3.2.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "aries No.known.fix Local.File.Disclosure HIGH" "aries No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "accesspress-lite 2.93 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "awpbusinesspress 0.2.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "aplite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accesspress-staple No.known.fix Authenticated.(Subscriber+).Arbitrary.Plugin.Activation.and.Deactivation HIGH" "accesspress-staple No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "accountra 1.0.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "antioch No.known.fix Arbitrary.File.Download HIGH" "artificial-intelligence 1.2.4 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "arendelle 1.1.13 Reflected.XSS HIGH" "arendelle 1.1.11 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "activello No.known.fix Reflected.XSS HIGH" "activello 1.4.2 Unauthenticated.Function.Injection CRITICAL" "anand No.known.fix Reflected.XSS HIGH" "accesspress-basic 3.2.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "althea-wp 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "astra 4.6.9 Contributor+.Stored.XSS MEDIUM" "astra 4.6.5 Editor+.Stored.XSS.via.Theme.Header/Footer LOW" "amela 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "agency-lite 1.1.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ashe 2.244 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "ashe 2.234 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "anima 1.4.1.1 Contributor+.Stored.XSS MEDIUM" "aquarella-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aquarella-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accio 1.1.1 Information.Disclosure HIGH" "ask-me 6.8.7 Post.Deletion.via.CSRF MEDIUM" "ask-me 6.8.4 CSRF.in.Edit.Profile MEDIUM" "ask-me 6.8.2 Multiple.CSRF.in.AJAX.Actions HIGH" "ask-me 6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "anfaust No.known.fix Reflected.XSS HIGH" "arya-multipurpose No.known.fix Unauthenticated.Reflected.XSS HIGH" "auberge 1.4.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "astore No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "anih No.known.fix Creative.Agency.WordPress.Theme.<=.2024.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "arilewp 2.9.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "brooklyn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brooklyn No.known.fix PHP.Object.Injection HIGH" "bello 1.6.0 Authenticated.Cross-Site.Scripting.(XSS).and.XFS MEDIUM" "bello 1.6.0 Unauthenticated.Blind.SQL.Injection CRITICAL" "bello 1.6.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "bloghub No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bootstrap-coach 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "bloglo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "brite 1.0.15 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "blain No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bolster No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "brand No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brand No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brand No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bingopress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bizpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "betheme 27.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "betheme 27.5.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "betheme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betheme 27.5.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "betheme 27.1.2 Missing.Authorization MEDIUM" "betheme 26.8 Reflected.XSS HIGH" "betheme 26.6.3 Subscriber+.Stored.XSS MEDIUM" "betheme 26.6 Contributor+.PHP.Object.Injection MEDIUM" "betheme 26.6.3 Subscriber+.Unauthorised.Action MEDIUM" "betheme 26.6.3 Missing.Authorization HIGH" "betheme 26.6 Subscriber+.PHP.Object.Injection MEDIUM" "bravada 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bretheon No.known.fix Local.File.Disclosure HIGH" "bretheon No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "bani No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bani No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bani No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "buddyboss-theme 2.5.01 Cross-Site.Request.Forgery MEDIUM" "buddyboss-theme 2.4.61 Missing.Authorization MEDIUM" "bacola No.known.fix Cross-Site.Request.Forgery MEDIUM" "bonkers 1.0.6 Unauthenticated.Function.Injection CRITICAL" "brasserie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bootstrap-fitness 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "blockbooster 1.0.11 Missing.Authorization MEDIUM" "bingle 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "bookyourtravel 8.18.19 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "blessing 1.3.2.1 Information.Disclosure HIGH" "business-pro No.known.fix Reflected.XSS HIGH" "bricks 1.10.2 Authenticated.(Bricks.Page.Builder.Access+).Stored.Cross-Site.Scripting MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.reset_settings MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.save_settings MEDIUM" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.5.4 Subscriber+.Arbitrary.Post/Page.Edition HIGH" "bricks 1.5.4 Subscriber+.Remote.Code.Execution HIGH" "bard 2.217 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "bard 2.211 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bazaar-lite 1.8.6 Reflected.XSS HIGH" "boot-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "busiprof No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "busiprof 2.3.8 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bunnypresslite 2.1 Reflected.XSS HIGH" "blocksy 2.0.78 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.51 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.47 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.40 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.34 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.20 Authenticated.(Editor+).Stored.Cross-Site.Scripting LOW" "basil 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "business-directory No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "blogpoet 1.0.3 Missing.Authorization.via.blogpoet_install_and_activate_plugins() MEDIUM" "bootstrap-photography No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buddyboss-platform 2.6.0 Subscriber+.Comment.on.Private.Post.via.IDOR MEDIUM" "book-landing-page 1.2.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "buzzclub 2.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update MEDIUM" "bootstrap-ultimate No.known.fix Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "businessexpo 0.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "businesswp 1.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bakes-and-cakes 1.2.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "brilliance No.known.fix Subscriber+.Stored.XSS HIGH" "brilliance 1.3.0 Unauthenticated.Function.Injection CRITICAL" "blossom-spa 1.3.5 Sensitive.Information.Exposure MEDIUM" "beauty-premium No.known.fix Arbitrary.File.Upload MEDIUM" "bicycleshop 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blossom-shop 1.1.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "busicare 1.1.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bootstrap-blog 10.2.3 Reflected.Cross-Site.Scripting MEDIUM" "barter 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "baton No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bloger 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "brandy 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "business-one-page 1.3.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "bbe 1.53 Direct.Object.Reference MEDIUM" "balkon 1.3.3 Reflected.Cross-Site.Scripting HIGH" "broadcast-lite 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "broadcast-lite 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "beauty No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.tpl_featured_cat_id.Parameter MEDIUM" "benevolent 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "boliin No.known.fix Reflected.XSS HIGH" "brain-power No.known.fix Reflected.XSS HIGH" "bridge 18.2.1 Open.Redirect HIGH" "bridge 11.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "blockst 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "careerup 2.3.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "careplus No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "cas No.known.fix Unauthenticated.Arbitrary.File.Access HIGH" "cas No.known.fix Unauthenticated.SSRF HIGH" "consus 1.0.7 Cross-Site.Request.Forgery MEDIUM" "college 1.5.1 Reflected.XSS HIGH" "corporate-event No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cozipress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "create 2.9.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "citybook 2.4.4 Unauthenticated.Reflected.XSS HIGH" "citybook 2.3.4 Multiple.Vulnerabilities HIGH" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "colorway No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "colorway 3.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "constix No.known.fix Reflected.XSS HIGH" "cloudpress 2.4.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "carzine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "clean-retina 3.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "car-repair-services 4.0 Unauthenticated.Reflected.XSS.&.XFS HIGH" "corsa No.known.fix Subscriber+.Arbitrary.Plugin.Installation CRITICAL" "construct 2.8.3 Local.File.Disclosure HIGH" "construct 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "clotya No.known.fix Cross-Site.Request.Forgery MEDIUM" "classima 2.1.11 Reflected.Cross-Site.Scripting MEDIUM" "connections-reloaded No.known.fix Reflected.XSS HIGH" "conult No.known.fix Reflected.XSS HIGH" "colornews 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "consultstreet 1.6.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "customizr 4.4.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "customizr 4.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "customizr 4.3.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "catch-base 3.4.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "carspot 2.2.3 Multiple.Vulnerabilities MEDIUM" "cardealer 1.1.9 Information.Disclosure HIGH" "colormag 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "colormag 3.1.3 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "couponis-demo 2.2 Unauthenticated.SQL.Injection CRITICAL" "consultera No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "chic-lifestyle 10.0.8 Reflected.Cross-Site.Scripting MEDIUM" "construction-landing-page 1.3.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "chained No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cyclone-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "club-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "cactus No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "clockstone No.known.fix Arbitrary.File.Upload CRITICAL" "counterpoint No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "counterpoint No.known.fix Reflected.XSS HIGH" "cafe-bistro 1.1.4 Reflected.XSS HIGH" "colibri-wp 1.0.99 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "colibri-wp 1.0.101 Cross-Site.Request.Forgery.to.Limited.Plugin.Installation MEDIUM" "construction-lite 1.2.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "chaostheory 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "cuisine-palace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cuisine-palace No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "coachify 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "consultpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "consultpress-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "consultpress-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cosmetsy No.known.fix Cross-Site.Request.Forgery MEDIUM" "chic-lite 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "custom-community 2.0.25 Stored.Cross-Site.Scripting.(XSS) HIGH" "careerfy 6.3.0 Authenticated.Stored.XSS MEDIUM" "careerfy 4.4.0 Unauthenticated.Reflected.XSS MEDIUM" "careerfy 4.3.0 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "careerfy 4.1.0 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "careerfy 3.9.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "digital-store 1.3.3 Unspecified.XSS MEDIUM" "directory 3.0.2 Reflected.XSS HIGH" "divi 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi 4.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "divi 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi 4.0.10 Authenticated.Code.Injection MEDIUM" "divi 3.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi 2.6.4 Privilege.Escalation HIGH" "dt-the7 11.14.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "dt-the7 11.6.1 Reflected.XSS HIGH" "dt-the7 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "digi-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "discy 5.5.3 Missing.validation.lead.to.functionality.abuse LOW" "discy 5.0 Subscriber+.Broken.Access.Control.to.change.settings MEDIUM" "discy 5.2 Restore.Default.Settings.via.CSRF MEDIUM" "discy 5.2 Settings.Update.via.CSRF MEDIUM" "darcie 1.1.6 Reflected.XSS HIGH" "digitally No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digitally No.known.fix Reflected.XSS HIGH" "dailydeal No.known.fix File.Upload.Remote.Code.Execution HIGH" "deadline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dwt-listing 3.3.4 Directory.&.Listing.WordPress.Theme.<.3.3.4.-.Reflected.Cross-Site.Scripting MEDIUM" "diplomat 1.0.3 Information.Disclosure HIGH" "disconnected No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "delicate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "designexo 3.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "digital-newspaper 1.1.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "drop 1.22 Reflected.XSS HIGH" "doko 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "eighteen-tags 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "eptonic No.known.fix Valums.Uploader.Shell.Upload.Exploit CRITICAL" "edge 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "esotera 1.2.6 Contributor+.Stored.XSS MEDIUM" "eduma 5.4.8 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.2.4 Reflected.XSS HIGH" "everse 1.8.10 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.12 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "empowerment No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "excellent 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "esteem 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "eventpress 5.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "event 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elasta 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "elasta 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "elation No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elation 1.1.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "everest-news No.known.fix Reflected.XSS HIGH" "elegant-pink 1.3.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "elevate-wp 1.0.17 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "enlighten 1.3.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "empowerwp 1.0.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "epic No.known.fix Arbitrary.File.Download HIGH" "everest-news-pro No.known.fix Reflected.XSS HIGH" "envo-business No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "education-lms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "elitepress 2.0.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "education-zone 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "echelon 2.8.3 Local.File.Disclosure HIGH" "echelon 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "exquisite-wp No.known.fix DOM.Cross-Site.Scripting.(XSS) MEDIUM" "envo-multipurpose No.known.fix Missing.Authorization LOW" "enfold 6.0.4 Contributor+.Stored.XSS.via.wrapper_class.and.class.Parameters MEDIUM" "enfold 5.6.10 Reflected.Cross-Site.Scripting MEDIUM" "enfold 5.6.5 Reflected.Cross-Site.Scripting MEDIUM" "enfold 4.8.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "easybook 1.2.2 Multiple.Vulnerabilities HIGH" "estrutura-basica No.known.fix Local.File.Download. HIGH" "fashionable-store No.known.fix Reflected.XSS HIGH" "fraction-theme 1.1.2 Privilege.Escalation HIGH" "flashy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "findgo 1.3.32 Directory.Listing.<.1.3.32.-.Unauthenticated.Reflected.and.Authenticated.Stored.XSS MEDIUM" "flixita 1.0.83 Reflected.Cross-Site.Scripting.via.id.Parameter MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "flatsome 3.17.6 Unauthenticated.PHP.Object.Injection CRITICAL" "flatsome 3.17.0 Reflected.XSS HIGH" "freely No.known.fix Information.Disclosure HIGH" "fashstore No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "financio 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "freesia-empire 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fusion-builder 7.11.6 Authenticated(Contributor+).Sensitive.Information.Exposure.via.Form.Entries MEDIUM" "fusion-builder 3.11.2 Subscriber+.SQL.injection.and.broken.access.control.vulnerability.in.Critical.CSS HIGH" "fusion 2.8.3 Local.File.Disclosure HIGH" "fusion 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "fire-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fotawp 1.4.2 Missing.Authorization.via.fotawp_install_and_activate_plugins() MEDIUM" "fullbase 1.2.1 Reflected.XSS HIGH" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.quality_customizer_notify_dismiss_action MEDIUM" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.ti_customizer_notify_dismiss_recommended_plugins MEDIUM" "full-frame 2.7.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "footysquare No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "furnob No.known.fix Cross-Site.Request.Forgery MEDIUM" "focusblog 2.0.0 Unauthenticated.Option.Update MEDIUM" "focusblog 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "findeo 1.3.1 Arbitrary.Property.Deletion.via.IDOR HIGH" "findeo 1.3.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "forumengine 1.9 Reflected.Cross-Site.Scripting MEDIUM" "foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "foodbakery 2.0 Unauthenticated.Reflected.XSS MEDIUM" "fluida 1.8.8.1 Contributor+.Stored.XSS MEDIUM" "foxiz 2.3.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "filmix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fotography 2.4.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "findus 1.1.15 Directory.Listing.<.1.1.15.-.Authenticated.Persistent.XSS MEDIUM" "fortune No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fude No.known.fix Reflected.XSS HIGH" "fioxen No.known.fix Reflected.XSS HIGH" "fifteen No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "givingpress-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "gameplan No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "geomagazine No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "grey-opaque No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Download-Button.Shortcode MEDIUM" "gutenbook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goodnex 1.1.3 Information.Disclosure HIGH" "golo 1.3.3 Unauthenticated.Reflected.XSS MEDIUM" "gucherry-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gaga-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "goto 2.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "goto 2.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "goto 2.0 Tour.&.Travel.<.2.0.-.Unauthenticated.Reflected.XSS MEDIUM" "gym-express No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "g-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "graphene 2.9.3 Unauthenticated.Password.Protected.Post.Access MEDIUM" "ghostwriter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goodnews5 No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "goya 1.0.8.8 Unauthenticated.Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "gaga-corp No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "gump No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gema-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gowilds No.known.fix Reflected.XSS HIGH" "greenmart 2.5.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "greenmart 2.4.3 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "homey No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "hotelica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hmd 2.2 Reflected.Cross-Site.Scripting MEDIUM" "halpes No.known.fix Reflected.XSS HIGH" "hasten-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "hive-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hueman 3.7.25 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hueman 3.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "hueman 3.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "hugo-wp 1.0.10 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "hello-agency 1.0.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "houzez 3.4.2 Missing.Authorization MEDIUM" "houzez 3.3.0 Subscriber+.Privilege.Escalation HIGH" "houzez 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "himalayas No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "himalayas 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "headway 3.8.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "hasium No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hasium 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "honeypress 2.3.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "homevillas-real-estate 2.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "highlight 1.0.30 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hestia 3.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hotel-galaxy No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "himer 2.1.3 Social.Questions.and.Answers.<.2.1.3.-.CSRF.While.Sending.the.Invites MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Contributor+.Stored.XSS MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Subscriber+.Private.Group.Joining.via.IDOR MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Multiple.CSRF.on.the.Group.Section MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Arbitrary.Group.Joining.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Bypass.Poll.Voting.Restrictions.via.CSRF MEDIUM" "himer 1.9.3 Missing.validation.lead.to.functionality.abuse LOW" "interface 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "intothedark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "intrace 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "inspiro 7.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "infinite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.project_url.Parameter MEDIUM" "ignition 2.0.0 Unauthenticated.Option.Update MEDIUM" "ignition 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "i-transform No.known.fix Cross-Site.Request.Forgery MEDIUM" "ih-business-pro No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "injob 3.4.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "i-amaze No.known.fix Cross-Site.Request.Forgery MEDIUM" "ilex 1.4.2 Reflected.XSS HIGH" "intrepidity No.known.fix File.Upload.and.Option.Update.via.CSRF HIGH" "idyllic 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "illdy 2.1.7 Unauthenticated.Function.Injection CRITICAL" "js-o3-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-o3-lite No.known.fix Reflected.XSS HIGH" "julia-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jobcareer 3.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "jobcareer 2.5.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "jobcareer 2.4.1 User.enumeration.&.Reset.password CRITICAL" "jupiterx 2.0.7 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jupiterx 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "jewelry-store 2.3.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "jetapo 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jobeleon-wpjobboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "jnews 8.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jannah 5.4.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jannah 5.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jobify 4.2.8 Job.Board.WordPress.Theme.<.4.2.8.-.Missing.Authorization.to.Unauthenticated.Server-Side.Request.Forgery,.Arbitrary.Image.Upload,.and.Image.Generation MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Unauthenticated.Arbitrary.File.Read HIGH" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Missing.Authorization MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Cross-Site.Request.Forgery MEDIUM" "js-paper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-paper No.known.fix Reflected.XSS HIGH" "jupiter 6.10.2 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jupiter 6.10.2 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiter 6.10.2 Subscriber+.Arbitrary.Plugin.Deletion MEDIUM" "jobscout 1.1.5 Cross-Site.Request.Forgery.to.Notice.Dimissal MEDIUM" "javo-spot 3.0.0 Unauthenticated.Directory.Traversal HIGH" "jetapo-with-woocommerce 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "kleo 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "kahuna 1.7.0.1 Contributor+.Stored.XSS MEDIUM" "kata 1.2.9 Reflected.XSS HIGH" "kormosala 1.0.23 Unauthenticated.Reflected.XSS MEDIUM" "kata-app No.known.fix Reflected.XSS HIGH" "krste 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "kingclub-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "kata-business No.known.fix Reflected.XSS HIGH" "konzept 2.5 Unauthenticated.Reflected.XSS MEDIUM" "looki-lite 1.3.0 Reflected.XSS HIGH" "liquido No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lestin No.known.fix Reflected.XSS HIGH" "lifestyle-magazine 10.2.1 Reflected.Cross-Site.Scripting MEDIUM" "listingpro 2.9.5 Subscriber+.Local.File.Inclusion HIGH" "listingpro 2.9.5 Unauthenticated.SQL.Injection CRITICAL" "listingpro 2.9.5 Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "listingpro 2.6.1 Unauthenticated.Arbitrary.Plugin.Installation/Activation/Deactivation CRITICAL" "listingpro 2.6.1 Unauthenticated.Sensitive.Data.Disclosure.(Usernames,.Emails.etc) HIGH" "listingpro 2.5.4 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "listingpro 2.0.14.5 Reflected.&.Persistent.Cross-Site.Scripting MEDIUM" "lawyerpress-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "listeo 1.6.11 Multiple.Authenticated.IDOR.Vulnerabilities MEDIUM" "listeo 1.6.11 Multiple.XSS.&.XFS.vulnerabilities MEDIUM" "listingo 3.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "lovetravel 2.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "lovetravel 3.8 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "luxe 2.0.0 Unauthenticated.Option.Update MEDIUM" "luxe 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "learnmore No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "learnmore No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lawyer-landing-page 1.2.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "lattice 1.1.4 Unspecified.XSS MEDIUM" "meta-news 1.1.8 Unauthenticated.Local.File.Inclusion CRITICAL" "motor 3.1.0 Unauthenticated.Local.File.Inclusion HIGH" "mosaic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "mediciti-lite No.known.fix Reflected.XSS HIGH" "mediciti-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "mystique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "modern 1.4.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "mesmerize 1.6.124 Cross-Site.Request.Forgery.to.Cache.Clearing MEDIUM" "monograph No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "multifox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "medicate No.known.fix Local.File.Disclosure HIGH" "medicate No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "my-flatonica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mags 1.1.7 Unauthenticated.Local.File.Inclusion CRITICAL" "mantra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "magazine-edge No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "moseter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moseter No.known.fix Reflected.XSS HIGH" "my-white No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "metro-magazine 1.3.8 Missing.Authorization.to.Notice.Dismissal MEDIUM" "medikaid 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "ms-lms-starter-theme 1.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "monolit 2.0.7 Reflected.XSS HIGH" "modular 2.8.3 Local.File.Disclosure HIGH" "modular 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "meris No.known.fix Reflected.XSS HIGH" "materialis 1.1.30 Missing.Authorization.to.Limited.Arbitrary.Options.Update MEDIUM" "modins No.known.fix Reflected.XSS HIGH" "medzone-lite 1.2.6 Unauthenticated.Function.Injection CRITICAL" "medibazar No.known.fix Cross-Site.Request.Forgery MEDIUM" "medicpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "method 2.8.3 Local.File.Disclosure HIGH" "method 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "manbiz2 No.known.fix Local.File.Disclosure HIGH" "manbiz2 No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "mocho-blog No.known.fix Reflected.XSS HIGH" "monalisa 2.1.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mediumishh No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "my-wooden-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "minus 2.0.0 Unauthenticated.Option.Update MEDIUM" "minus 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "myriad 2.8.3 Local.File.Disclosure HIGH" "myriad 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "meridia 2.2.8 Reflected.Cross-Site.Scripting MEDIUM" "meridia 2.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "mTheme-Unus 2.3 Directory.Traversal HIGH" "machic No.known.fix Cross-Site.Request.Forgery MEDIUM" "multipurpose No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "networker 1.1.10 Tech.News.WordPress.Theme.with.Dark.Mode.<.1.1.10.-.Missing.Authorization MEDIUM" "newspaper-x 1.3.2 Unauthenticated.Function.Injection CRITICAL" "newsmash 1.0.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsmash 1.0.35 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "nova-lite 1.3.9 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newsxpress 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "nexter 2.0.4 Missing.Authorization MEDIUM" "nexter 2.0.4 Authenticated.(Subscriber+).SQL.Injection.via.'to'.and.'from' HIGH" "newsmunch 1.0.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nokke 1.2.4 Reflected.XSS HIGH" "nokke 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newshit 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "neighborly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "newsdaily No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nexos 1.8 Real.Estate.<.1.8.-.Unauthenticated.Reflected.XSS.&.SQL.Injection CRITICAL" "nexos 1.6.1 Real.Estate.<.1.6.1.-.SQL.Injection.&.Persistent.XSS CRITICAL" "nictitate No.known.fix Cross-Site.Request.Forgery MEDIUM" "nothing-personal No.known.fix Reflected.XSS HIGH" "nightlife No.known.fix CSRF.File.Upload HIGH" "nichebase 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nichebase 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "nioland 1.2.7 Reflected.Cross-Site.Scripting.via.s MEDIUM" "newscard 1.4 Unauthenticated.Local.File.Inclusion CRITICAL" "newsmatic 1.3.3 Missing.Authorization MEDIUM" "newsmatic 1.3.5 Unauthenticated.Information.Exposure.via.newsmatic_filter_posts_load_tab_content MEDIUM" "neosense 1.8 Unrestricted.File.Upload CRITICAL" "noo-jobmonster 4.7.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "noo-jobmonster 4.7.6 Unauthenticated.Privilege.Escalation CRITICAL" "noo-jobmonster 4.6.6.1 Directory.Listing.in.Upload.Folder MEDIUM" "noo-jobmonster 4.5.2.9 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "naturemag-lite No.known.fix Unauthenticated.Function.Injection CRITICAL" "nsc No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nirvana No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ngo-charity-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "newsmag No.known.fix Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "newsmag 2.4.2 Unauthenticated.Function.Injection CRITICAL" "newspaper 12.6.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "news-flash No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "news-unlimited No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "oceanic No.known.fix Cross-Site.Request.Forgery MEDIUM" "onepress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "onepress 2.3.7 Cross-Site.Request.Forgery.via.save_settings() MEDIUM" "oceanwp 3.5.5 Subscriber+.Sensitive.Information.Exposure MEDIUM" "optimizepress 1.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "one-page-conference No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opor-ayam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opor-ayam No.known.fix Reflected.XSS HIGH" "orchid-store 1.5.7 .Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Activation MEDIUM" "one-paze No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "offset-writing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "offset-writing No.known.fix Reflected.XSS HIGH" "onair2 3.9.9.2 Unauthenticated.RFI.and.SSRF MEDIUM" "onetone No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "outdoor 3.9.7 Reflected.XSS HIGH" "orgarium No.known.fix Reflected.XSS HIGH" "ona 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "olivia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "power-mag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pinboard No.known.fix includes/theme-options.php.tab.Parameter.XSS MEDIUM" "pixgraphy 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "point No.known.fix Cross-Site.Request.Forgery MEDIUM" "paroti No.known.fix Reflected.XSS HIGH" "purity-of-soul No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purity-of-soul No.known.fix Reflected.XSS HIGH" "pixigo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "parallelus-intersect 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "phlox-pro 5.16.5 Reflected.Cross-Site.Scripting.via.Search.Parameters MEDIUM" "purosa 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "purosa 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "parabola No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "patch-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "parallelus-salutation 3.0.16 Stored.XSS MEDIUM" "parallelus-salutation 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pubnews 1.0.8 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "patricia-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "performag 2.0.0 Unauthenticated.Option.Update MEDIUM" "performag 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "pinfinity 2.0 Reflected.Cross-site.Scripting.(XSS) MEDIUM" "preschool-and-kindergarten 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "phototouch 1.2.2 Arbitrary.File.Upload.via.themify-ajax.php CRITICAL" "pliska 0.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "parallelus-traject 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "platform No.known.fix Cross-Site.Request.Forgery.(CSRF) HIGH" "polka-dots No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "polka-dots No.known.fix Reflected.XSS HIGH" "pont No.known.fix Privilige.Escalation HIGH" "porto 7.1.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "porto 7.1.1 Unauthenticated.Local.File.Inclusion.via.porto_ajax_posts CRITICAL" "plato 1.1.9 Reflected.XSS HIGH" "parallaxsome 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "patricia-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "partdo No.known.fix Cross-Site.Request.Forgery MEDIUM" "plain-post 1.0.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "perfect-portfolio 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "perfect-portfolio 1.1.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "popularis-verse 1.0.2 Cross-Site.Request.Forgery MEDIUM" "punte 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "prolist 1.27 Directory.Listing.<.1.27.-.Unauthenticated.Reflected.XSS MEDIUM" "pixova-lite 2.0.7 Unauthenticated.Function.Injection CRITICAL" "pinzolo 1.2.10 Reflected.XSS HIGH" "photology 1.1.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "pisole No.known.fix Reflected.XSS HIGH" "parallax-blog No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "posterity No.known.fix Contributor+.Stored.XSS MEDIUM" "posterity 3.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "purus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "purus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "parallelus-unite 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pathway 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "pressive 2.0.0 Unauthenticated.Option.Update MEDIUM" "pressive 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "qempo No.known.fix Reflected.XSS HIGH" "quota 1.2.5 Unspecified.XSS MEDIUM" "quasar 2.0 Privilege.Escalation HIGH" "qizon No.known.fix Reflected.XSS HIGH" "quality 2.7.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "roseta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rara-business 1.2.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rara-business 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "restricted-site-access No.known.fix IP.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "responsive-mobile No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "raise-mag No.known.fix Reflected.XSS HIGH" "rife-free 2.4.19 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rife-free 2.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revivenews 1.0.3 Missing.Authorization.via.revivenews_install_and_activate_plugins() MEDIUM" "restaurant-and-cafe 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "relax-spa 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "ripple 1.2.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "reconstruction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "revolve No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "rise 2.0.0 Unauthenticated.Option.Update MEDIUM" "rise 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "royal-elementor-kit 1.0.117 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "royal-elementor-kit 1.0.117 Missing.Authorization.to.Arbitrary.Transient.Update MEDIUM" "rambo 2.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "reality 2.5.6 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "reality 2.5.3 Unauthenticated.Reflected.XSS MEDIUM" "reality 2.4.0 Multiple.Persistent.XSS MEDIUM" "restaurant-pt 1.1.3 Reflected.XSS HIGH" "rehub-theme 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "rehub-theme 19.6.2 Unauthenticated.Local.File.Inclusion CRITICAL" "rehub-theme 19.6.2 Authenticated.(Editor+).Local.File.Inclusion HIGH" "roven-blog 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "radcliffe-2 2.0.18 Missing.Authorization MEDIUM" "regina-lite No.known.fix Reflected.XSS HIGH" "regina-lite 2.0.6 Unauthenticated.Function.Injection CRITICAL" "robolist-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "responsive 5.0.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive 5.0.3 Missing.Authorization.to.HMTL.Injection HIGH" "raindrops 1.700 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "realhomes 4.3.7 Privilege.Escalation CRITICAL" "realestate-7 3.3.5 Multiple.CSRF MEDIUM" "realestate-7 3.3.5 Reflected.XSS HIGH" "realestate-7 3.3.2 Reflected.XSS HIGH" "realestate-7 3.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "realestate-7 3.0.5 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 3.0.4 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 2.9.5 Multiple.Vulnerabilities HIGH" "realestate-7 2.9.1 Stored.XSS.&.IDOR MEDIUM" "rovenstart 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "simpolio No.known.fix Privilige.Escalation HIGH" "sliding-door No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "scrollme No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "saul 1.1.0 Reflected.XSS HIGH" "smartmag-responsive-retina-wordpress-magazine No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Log.Files MEDIUM" "silesia No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "store-commerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "swape 1.2.1 Authentication.Bypass.and.Stored.XSS CRITICAL" "spikes No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "storevilla 1.4.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "septera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sahifa 3.0.0 Site.Setting.Reset.CSRF HIGH" "sahifa 3.0.0 Multiple.Full.Path.Disclosure MEDIUM" "sparkling 2.4.9 Unauthenticated.Function.Injection CRITICAL" "silk-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "swing-lite 1.2.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "sportsmag No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "soulmedic No.known.fix Local.File.Disclosure HIGH" "soulmedic No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "short 1.7.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "soundblast No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "scylla-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "scoreme No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "shapely 1.2.9 Unauthenticated.Function.Injection CRITICAL" "squaretype 3.0.4 Unauthenticated.Private/Schedule.Posts.Disclosure MEDIUM" "specialist No.known.fix CSRF.File.Upload HIGH" "spikes-black No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "spasalon 2.2.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "salzburg-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "storied 2.0.0 Unauthenticated.Option.Update MEDIUM" "storied 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "shopbiz-lite 1.7.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "simplecharm 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "sean-lite 1.4.6 Reflected.XSS HIGH" "squared 2.0.0 Unauthenticated.Option.Update MEDIUM" "squared 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "suffice 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "spice-software 1.1.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "striking-r 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "striking-r 2.3.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "style No.known.fix Information.Disclosure HIGH" "start No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shuban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shuban No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shuban No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "startkit No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "sarada-lite 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "simplifii No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "spiko 1.1.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "superio 1.2.33 Job.Board.<.1.2.33.-.Subscriber+.Stored.Cross-Site.Scripting LOW" "startupzy 1.1.2 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "showbiz 1.7.1 Local.File.Disclosure HIGH" "showbiz No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "statfort No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "socialdriver 2024 Prototype.Pollution.to.XSS HIGH" "seabird No.known.fix Local.File.Disclosure HIGH" "seabird No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "sominx No.known.fix Reflected.XSS HIGH" "sociallyviral No.known.fix Cross-Site.Request.Forgery MEDIUM" "spa-and-salon 1.2.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "storepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "speculor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "speculor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "speculor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "smartit No.known.fix Information.Disclosure HIGH" "spawp 1.4.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "sweetdate 3.8.0 Unauthenticated.Privilege.Escalation CRITICAL" "soledad 8.6.0 Unauthenticated.Limited.Local.File.Inclusion HIGH" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.6 Cross-Site.Request.Forgery MEDIUM" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.2 Unauthenticated.PHP.Object.Injection CRITICAL" "soledad 8.4.2 Reflected.Cross-Site.Scripting MEDIUM" "soledad 8.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "soledad 8.2.6 Subscriber+.Cross-Site.Scripting MEDIUM" "soledad 8.2.5 Reflected.Cross-site.Scripting MEDIUM" "saleszone No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "stockholm 9.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "stockholm 9.7 Unauthenticated.Local.File.Inclusion CRITICAL" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "shoppette 1.0.5 Unspecified.XSS MEDIUM" "sinatra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "temp-mail-x No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-ultralight No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tainacan-interface 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "the-authority No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tempera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "th-shop-mania 1.5.0 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "travel-agency-booking No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-next No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "travel-tour 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "teardrop No.known.fix Privilige.Escalation HIGH" "topcat-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-conference 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "travel-booking 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "traveler 3.1.7 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "traveler 3.1.7 Unauthenticated.SQL.Injection.via.order_id HIGH" "traveler 2.8.4 Unauthenticated.SQL.Injection HIGH" "traveler 2.8.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "traveler 2.8.2 Unauthenticated.Reflected.XSS MEDIUM" "traveler 2.7.8.6 Reflected.&.Persistent.XSS.Issues MEDIUM" "traveler 2.7.8.4 Reflected.&.Stored.XSS MEDIUM" "tuaug4 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tuaug4 No.known.fix Reflected.XSS HIGH" "thegem 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "townhub 1.3.0 Unauthenticated.Reflected.XSS HIGH" "townhub 1.0.6 Multiple.Vulnerabilities HIGH" "techism No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-monday No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "tiki-time No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tiki-time No.known.fix Reflected.XSS HIGH" "travel-agency 1.4.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "tijaji No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tijaji No.known.fix Reflected.XSS HIGH" "trendy-news 1.0.15 Cross-Site.Request.Forgery MEDIUM" "totalpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tevily No.known.fix Reflected.XSS HIGH" "travel-monster 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "truemag No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "t1 No.known.fix Open.Redirect MEDIUM" "tweaker5 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "thrive-theme 3.24.2 Cross-Site.Request.Forgery HIGH" "thrive-theme 3.24.0 Missing.Authorization HIGH" "thrive-theme 3.24.0 Subscriber+.Privilege.Escalation HIGH" "thrive-theme 2.2.4 Unauthenticated.Option.Update MEDIUM" "tydskrif No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tydskrif No.known.fix Reflected.XSS HIGH" "theroof 1.0.4 Unauthenticated.Reflected.XSS HIGH" "travey 1.0.5 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "top-store 1.5.5 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "triton-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "total 2.1.60 Missing.Authorization.to.Authenticated.(Subscriber+).Sections.Update MEDIUM" "theron-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "theme-translation-for-polylang 3.2.17 Unauthenticated.Translation.Settings.Update MEDIUM" "themify-ultra 7.3.6 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Privilege.Escalation HIGH" "the-launcher 1.3.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "transcend 1.2.0 Unauthenticated.Function.Injection CRITICAL" "tantyyellow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tantyyellow No.known.fix Reflected.XSS HIGH" "traveltour 5.2.4 Reflected.XSS HIGH" "upfrontwp No.known.fix Reflected.XSS HIGH" "udesign 4.11.3 Missing.Authorization MEDIUM" "uncode-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ultralight No.known.fix Reflected.XSS HIGH" "ultimatum 2.9.1.5 Local.File.Disclosure HIGH" "ultimatum 2.9.1.5 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "unique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "unakit 1.2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "unakit 1.2.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "ultrapress No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "unicon-lite 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "unseen-blog No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "u-design No.known.fix Reflected.Cross-Site.Scripting HIGH" "u-design 2.7.10 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "visual-composer-starter 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "vernissage 1.3 Privilige.Escalation HIGH" "virtue 3.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Author MEDIUM" "vmagazine-lite 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vertice 1.0.11 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "venice-lite 1.5.5 Reflected.XSS HIGH" "voice 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "voice 2.0.0 Unauthenticated.Option.Update MEDIUM" "videoblog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "vw-automobile-lite No.known.fix Missing.Authorization MEDIUM" "viala No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viala No.known.fix Reflected.XSS HIGH" "vmagazine-news 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vmag 1.2.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "viburno 1.3.2 Reflected.XSS HIGH" "verbosa 1.2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viralike No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viralike 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "villar 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "villar 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "viable-blog No.known.fix Reflected.XSS HIGH" "vilva 1.2.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "wallstreet 2.0.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "westand 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "welowe No.known.fix Reflected.XSS HIGH" "workio 1.0.3 Unauthenticated.Reflected.XSS MEDIUM" "weddingalbum No.known.fix Information.Disclosure HIGH" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wplms 1.9.9.1 Missing.Authorization.to.Unauthenticated.User.Token.Generation MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5 Authenticated.(Student+).Remote.Code.Execution HIGH" "wplms 1.9.9.1 Unauthenticated.Privilege.Escalation CRITICAL" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.Directory.Deletion HIGH" "wplms 1.9.9.5.2 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wplms 1.9.9.5.3 Authenticated.(Instructor+).SQL.Injection MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wplms 1.9.9.5 Unauthenticated.Arbitrary.Directory.Deletion HIGH" "wplms 4.963 Unauthenticated.Arbitrary.File.Read.and.Deletion CRITICAL" "wplms 4.900 Cross-Site.Request.Forgery HIGH" "wpcake No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-moose 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-moose 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "workscout 2.0.33 Authenticated.Stored.XSS.&.XFS HIGH" "wedding-bride 1.0.2 Reflected.XSS HIGH" "wr-nitro No.known.fix Unauthenticated.Arbitrary.Plugin.Installation CRITICAL" "weeklynews 2.2.9 Cross-Site.Scripting.(XSS) MEDIUM" "winters No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "whimsy-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wyzi-business-finder 2.4.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "workup 2.1.6 Unauthenticated.Reflected.XSS MEDIUM" "wp-sierra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-sierra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wellness No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woohoo No.known.fix Settings.Update.via.CSRF MEDIUM" "woostify 1.9.2 CSRF.Bypass MEDIUM" "wp-portfolio 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wishful-blog No.known.fix Reflected.XSS HIGH" "woodmart 8.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woodmart 7.2.5 Reflected.XSS HIGH" "woodmart 7.2.2 Subscriber+.Stored.XSS HIGH" "woodmart 7.1.2 License.Update/Deactivation.via.CSRF MEDIUM" "woodmart 7.1.2 Unauthenticated.Arbitrary.Shortcode.Injection HIGH" "wp-magazine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "woffice 5.4.15 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.12 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice 4.0.2 Unauthenticated.Disclosure.of.Notification.Titles MEDIUM" "wlow 1.2.7 Reflected.XSS HIGH" "wp-forge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wibar 1.2.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "workreap 2.6.4 Subscriber+.Arbitrary.Posts.Deletion.via.IDOR MEDIUM" "workreap 2.6.3 Freelance.Marketplace.and.Directory.<.2.6.3.-.Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "workreap 2.2.2 Multiple.CSRF.+.IDOR.Vulnerabilities HIGH" "workreap 2.2.2 Missing.Authorization.Checks.in.Ajax.Actions HIGH" "workreap 2.2.2 Unauthenticated.Upload.Leading.to.Remote.Code.Execution CRITICAL" "weaver-xtreme 6.4 Contributor+.Stored.XSS MEDIUM" "weaver-xtreme 6.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wp-real-estate No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "xstore 9.3.9 Reflected.Cross-Site.Scripting HIGH" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "xstore 9.3.9 Subscriber+.Arbitrary.Options.Update HIGH" "xstore 9.3.9 Unauthenticated.SQLi HIGH" "xenon No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "xin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "yourjourney No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "yuki 1.3.15 Cross-Site.Request.Forgery.to.Theme.Setting.Reset MEDIUM" "yuki 1.3.14 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Setting.Reset MEDIUM" "yuki 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "zigcy-cosmetics 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zigcy-lite 2.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zeever 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "zbench No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zenon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "zigcy-baby 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zilom No.known.fix Reflected.XSS HIGH" "zox-news 3.17.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH")
+	releases_themes=("hello-agency 1.0.7" "highlight 1.0.42" "wp-real-estate 1.2.1")
+	vulns_themes=("5star No.known.fix CSRF.File.Upload HIGH" "15zine 3.3.0 Reflected.Cross-Site.Scripting MEDIUM" "attorney No.known.fix Reflected.XSS HIGH" "attorney No.known.fix Unauthenticated.Arbitrary.Page/Post.Deletion MEDIUM" "akal No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "adifier 3.1.4 Reflected.Cross-Site.Scripting MEDIUM" "aplite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "atlast-business No.known.fix Reflected.XSS HIGH" "anih No.known.fix Creative.Agency.WordPress.Theme.<=.2024.-.Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "antreas 1.0.7 Unauthenticated.Function.Injection CRITICAL" "antioch No.known.fix Arbitrary.File.Download HIGH" "accesspress-mag 2.6.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "almera 1.1.8 Information.Disclosure HIGH" "appointment 3.2.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "auto-car No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "accountra 1.0.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "auberge 1.4.5 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "adforest 5.1.9 Authentication.Bypass CRITICAL" "adforest 5.1.8 Classified.Ads.WordPress.Theme.<.5.1.8.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Post/Attachment.Deletion MEDIUM" "adforest 5.1.7 Authentication.Bypass CRITICAL" "adforest 5.1.7 Privilege.Escalation.via.Password.Reset/Account.Takeover CRITICAL" "accesspress-root 2.6.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "awake No.known.fix Local.File.Disclosure HIGH" "awake No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "amela 1.0.12 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.14 Reflected.Cross-Site.Scripting MEDIUM" "amela 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accesspress-store 2.5.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aurum-minimalist-shopping-theme 4.0.3 WordPress.&.WooCommerce.Shopping.Theme.<.4.0.3.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Content.Import MEDIUM" "attire 2.0.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "accesspress-lite 2.93 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "arya-multipurpose No.known.fix Unauthenticated.Reflected.XSS HIGH" "althea-wp 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "adventure-journal No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "aidreform No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "axioma 1.1.2 Information.Disclosure HIGH" "agncy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "accesspress-ray No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "airin-blog 1.6.3 Unauthenticated.PHP.Object.Injection HIGH" "accessbuddy No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "arilewp 2.9.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "activello No.known.fix Reflected.XSS HIGH" "activello 1.4.2 Unauthenticated.Function.Injection CRITICAL" "astore No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "artificial-intelligence 1.2.4 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "accio 1.1.1 Information.Disclosure HIGH" "anima 1.4.1.1 Contributor+.Stored.XSS MEDIUM" "ashe 2.244 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "ashe 2.234 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "anfaust No.known.fix Reflected.XSS HIGH" "adifier-system 3.1.4 Unauthenticated.SQL.Injection CRITICAL" "adifier-system 3.1.4 .Unauthenticated.Local.File.Inclusion CRITICAL" "ask-me 6.8.7 Post.Deletion.via.CSRF MEDIUM" "ask-me 6.8.4 CSRF.in.Edit.Profile MEDIUM" "ask-me 6.8.2 Multiple.CSRF.in.AJAX.Actions HIGH" "ask-me 6.8.2 Reflected.Cross-Site.Scripting MEDIUM" "aapna No.known.fix Reflected.XSS HIGH" "allegiant No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "allegiant 1.2.6 Unauthenticated.Function.Injection CRITICAL" "astra 4.6.9 Contributor+.Stored.XSS MEDIUM" "astra 4.6.5 Editor+.Stored.XSS.via.Theme.Header/Footer LOW" "accesspress-parallax 4.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "agency-lite 1.1.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aries No.known.fix Local.File.Disclosure HIGH" "aries No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "awpbusinesspress 0.2.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "accesspress-basic 3.2.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "aquarella-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "aquarella-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "avada 7.11.7 Authenticated.(Admin+).SQL.Injection.via.entry HIGH" "avada 7.11.7 Unauthenticated.Sensitive.Information.Exposure.via.Form.Uploads.Directory.Listing MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Server-Side.Request.Forgery.via.form_to_url_action MEDIUM" "avada 7.11.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "avada 7.11.5 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "avada 7.11.2 Contributor+.SSRF HIGH" "avada 7.11.2 Contributor+.Arbitrary.File.Upload MEDIUM" "avada 7.11.2 Subscriber+.Portfolio.Permalinks.Creation MEDIUM" "avada 7.11.2 Author+.Arbitrary.File.Upload.via.Zip.Extraction HIGH" "anand No.known.fix Reflected.XSS HIGH" "aports No.known.fix Reflected.XSS HIGH" "arendelle 1.1.13 Reflected.XSS HIGH" "arendelle 1.1.11 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.13 Reflected.Cross-Site.Scripting MEDIUM" "arendelle 1.1.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "accesspress-staple No.known.fix Authenticated.(Subscriber+).Arbitrary.Plugin.Activation.and.Deactivation HIGH" "accesspress-staple No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "arya-multipurpose-pro No.known.fix Reflected.XSS HIGH" "affluent 1.1.2 Unauthenticated.Function.Injection CRITICAL" "bridge 18.2.1 Open.Redirect HIGH" "bridge 11.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "bacola No.known.fix Cross-Site.Request.Forgery MEDIUM" "basil 2.0.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "business-directory No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "businesswp 1.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "barter 1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bretheon No.known.fix Local.File.Disclosure HIGH" "bretheon No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "bunnypresslite 2.1 Reflected.XSS HIGH" "bello 1.6.0 Authenticated.Cross-Site.Scripting.(XSS).and.XFS MEDIUM" "bello 1.6.0 Unauthenticated.Blind.SQL.Injection CRITICAL" "bello 1.6.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "brand No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brand No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "brand No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "business-one-page 1.3.0 Missing.Authorization.to.Notice.Dismissal MEDIUM" "brite 1.0.15 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "bicycleshop 1.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blain No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bingopress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "blogpoet 1.0.3 Missing.Authorization.via.blogpoet_install_and_activate_plugins() MEDIUM" "bakes-and-cakes 1.2.7 Missing.Authorization.to.Notice.Dismissal MEDIUM" "bookyourtravel 8.18.19 Authenticated.(Subscriber+).Privilege.Escalation HIGH" "businessexpo 0.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bootstrap-photography No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "business-pro No.known.fix Reflected.XSS HIGH" "blocksy 2.0.78 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.51 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.47 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.43 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.40 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.34 Contributor+.Stored.XSS MEDIUM" "blocksy 2.0.27 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "blocksy 2.0.20 Authenticated.(Editor+).Stored.Cross-Site.Scripting LOW" "bbe 1.53 Direct.Object.Reference MEDIUM" "buddyboss-platform 2.6.0 Subscriber+.Comment.on.Private.Post.via.IDOR MEDIUM" "blockbooster 1.0.11 Missing.Authorization MEDIUM" "busiprof No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "busiprof 2.3.8 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "bizpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "broadcast-lite 2.0.7 Reflected.Cross-Site.Scripting MEDIUM" "broadcast-lite 2.0.3 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bloglo 1.1.4 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "balkon 1.3.3 Reflected.Cross-Site.Scripting HIGH" "bloger 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "busicare 1.1.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "brooklyn 4.9.9.3 Authenticated.(Subscriber+).PHP.Object.Injection.in.ot_decode HIGH" "brooklyn No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brooklyn No.known.fix PHP.Object.Injection HIGH" "brandy 1.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bolster No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "beauty-premium No.known.fix Arbitrary.File.Upload MEDIUM" "baton No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "brain-power No.known.fix Reflected.XSS HIGH" "benevolent 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "bootstrap-ultimate No.known.fix Unauthenticated.Limited.Local.File.Inclusion CRITICAL" "blockst 1.0.8 Reflected.Cross-Site.Scripting MEDIUM" "buddyboss-theme 2.5.01 Cross-Site.Request.Forgery MEDIUM" "buddyboss-theme 2.4.61 Missing.Authorization MEDIUM" "bootstrap-blog 10.2.3 Reflected.Cross-Site.Scripting MEDIUM" "boliin No.known.fix Reflected.XSS HIGH" "bazaar-lite 1.8.6 Reflected.XSS HIGH" "bootstrap-coach 1.1.2 Reflected.Cross-Site.Scripting MEDIUM" "bricks 1.9.7 Authenticated.(Contributor+).Privilege.Escalation.via.create_autosave HIGH" "bricks 1.10.2 Authenticated.(Bricks.Page.Builder.Access+).Stored.Cross-Site.Scripting MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.reset_settings MEDIUM" "bricks 1.8.2 Cross-Site.Request.Forgery.via.save_settings MEDIUM" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.9.6.1 Unauthenticated.Remote.Code.Execution CRITICAL" "bricks 1.5.4 Subscriber+.Remote.Code.Execution HIGH" "bricks 1.5.4 Subscriber+.Arbitrary.Post/Page.Edition HIGH" "brasserie No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "buzzclub 2.0.5 Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Arbitrary.Option.Update MEDIUM" "bani No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bani No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "bani No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "bravada 1.1.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "bard 2.217 Reflected.Cross-Site.Scripting.via.add_query_arg.Parameter MEDIUM" "bard 2.211 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "brilliance No.known.fix Subscriber+.Stored.XSS HIGH" "brilliance 1.3.0 Unauthenticated.Function.Injection CRITICAL" "book-landing-page 1.2.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "betheme 27.6.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Custom.JS MEDIUM" "betheme 27.5.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.SVG.File MEDIUM" "betheme No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "betheme 27.5.7 Authenticated.(Contributor+).PHP.Object.Injection HIGH" "betheme 27.1.2 Missing.Authorization MEDIUM" "betheme 26.8 Reflected.XSS HIGH" "betheme 26.6.3 Subscriber+.Stored.XSS MEDIUM" "betheme 26.6 Contributor+.PHP.Object.Injection MEDIUM" "betheme 26.6.3 Subscriber+.Unauthorised.Action MEDIUM" "betheme 26.6.3 Missing.Authorization HIGH" "betheme 26.6 Subscriber+.PHP.Object.Injection MEDIUM" "bingle 1.0.5 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "bloghub No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "bootstrap-fitness 1.0.6 Reflected.Cross-Site.Scripting MEDIUM" "boot-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "blossom-spa 1.3.5 Sensitive.Information.Exposure MEDIUM" "bonkers 1.0.6 Unauthenticated.Function.Injection CRITICAL" "beauty No.known.fix Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.tpl_featured_cat_id.Parameter MEDIUM" "blossom-shop 1.1.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "blessing 1.3.2.1 Information.Disclosure HIGH" "custom-community 2.0.25 Stored.Cross-Site.Scripting.(XSS) HIGH" "colibri-wp 1.0.99 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "colibri-wp 1.0.101 Cross-Site.Request.Forgery.to.Limited.Plugin.Installation MEDIUM" "construction-landing-page 1.3.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "cas No.known.fix Unauthenticated.SSRF HIGH" "cas No.known.fix Unauthenticated.Arbitrary.File.Access HIGH" "careerup 2.3.1 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "clockstone No.known.fix Arbitrary.File.Upload CRITICAL" "catch-base 3.4.7 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "consultpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "consultpress-lite No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "consultpress-lite No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "cloudpress 2.4.9 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "click-mag 3.7.0 Viral.WordPress.News.Magazine/Blog.Theme.<.3.7.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Deletion HIGH" "careplus No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "chic-lite 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "college 1.5.1 Reflected.XSS HIGH" "cozipress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "corporate-event No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cactus No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "consus 1.0.7 Cross-Site.Request.Forgery MEDIUM" "colorway No.known.fix Cross-Site.Request.Forgery MEDIUM" "colorway No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "colorway 3.4.2 Cross-Site.Scripting.(XSS) MEDIUM" "classima 2.1.11 Reflected.Cross-Site.Scripting MEDIUM" "clotya No.known.fix Cross-Site.Request.Forgery MEDIUM" "chained No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "citybook 2.4.4 Unauthenticated.Reflected.XSS HIGH" "citybook 2.3.4 Multiple.Vulnerabilities HIGH" "campress No.known.fix Unauthenticated.Local.File.Inclusion CRITICAL" "consultstreet 1.6.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "cuisine-palace No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "cuisine-palace No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "colornews 1.2.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "conult No.known.fix Reflected.XSS HIGH" "careerfy 6.3.0 Authenticated.Stored.XSS MEDIUM" "careerfy 4.4.0 Unauthenticated.Reflected.XSS MEDIUM" "careerfy 4.3.0 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "careerfy 4.1.0 Multiple.Cross-Site.Scripting.(XSS).Issues MEDIUM" "careerfy 3.9.0 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "cardealer 1.6.5 Missing.Authorization.to.Authenticated.(Subscriber+).Change.and.Delete.JS.and.CSS.Files MEDIUM" "cardealer 1.6.5 Cross-Site.Request.Forgery.to.User.Update.via.update_user_profile HIGH" "cardealer 1.6.5 Arbitrary.Theme.Option.Update.to.Authenticated.(Subscriber+).Privilege.Escalation HIGH" "cardealer 1.6.4 Authenticated.(Subscriber+).Arbitrary.File.Deletion.and.Read HIGH" "cardealer 1.1.9 Information.Disclosure HIGH" "carzine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "chaostheory 1.3.2 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "counterpoint No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "counterpoint No.known.fix Reflected.XSS HIGH" "connections-reloaded No.known.fix Reflected.XSS HIGH" "coachify 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "club-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "clean-retina 3.0.7 Unauthenticated.Local.File.Inclusion CRITICAL" "cyclone-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "construct 2.8.3 Local.File.Disclosure HIGH" "construct 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "construction-lite 1.2.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "cosmetsy No.known.fix Cross-Site.Request.Forgery MEDIUM" "carspot 2.4.4 Unauthenticated.Arbitrary.Password.Reset/Account.Takeover CRITICAL" "carspot 2.2.3 Multiple.Vulnerabilities MEDIUM" "colormag 3.1.7 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Display.Name MEDIUM" "colormag 3.1.3 Missing.Authorization.to.Arbitrary.Plugin.Installation MEDIUM" "consultera No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "cafe-bistro 1.1.4 Reflected.XSS HIGH" "chic-lifestyle 10.0.8 Reflected.Cross-Site.Scripting MEDIUM" "customizr 4.4.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "customizr 4.3.1 Arbitrary.Settings.Update.via.CSRF MEDIUM" "customizr 4.3.3 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "car-repair-services 4.0 Unauthenticated.Reflected.XSS.&.XFS HIGH" "corsa No.known.fix Subscriber+.Arbitrary.Plugin.Installation CRITICAL" "create 2.9.2 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "constix No.known.fix Reflected.XSS HIGH" "couponis-demo 2.2 Unauthenticated.SQL.Injection CRITICAL" "digital-store 1.3.3 Unspecified.XSS MEDIUM" "deadline No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "dwt-listing 3.3.5 Directory.&.Listing.WordPress.Theme.<=3.3.4.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "dwt-listing 3.3.4 Directory.&.Listing.WordPress.Theme.<.3.3.4.-.Reflected.Cross-Site.Scripting MEDIUM" "dailydeal No.known.fix File.Upload.Remote.Code.Execution HIGH" "darcie 1.1.6 Reflected.XSS HIGH" "delicate No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "digital-newspaper 1.1.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "discy 5.5.3 Missing.validation.lead.to.functionality.abuse LOW" "discy 5.0 Subscriber+.Broken.Access.Control.to.change.settings MEDIUM" "discy 5.2 Restore.Default.Settings.via.CSRF MEDIUM" "discy 5.2 Settings.Update.via.CSRF MEDIUM" "doko 1.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "designexo 3.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "divi 4.25.1 Authenticated.(Contributor+).DOM-Based.Stored.Cross-Site.Scripting MEDIUM" "divi 4.23.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "divi 4.5.3 4.5.2,.Extra.2.0.-.4.5.2,.Divi.Builder.2.0.-.4.5.2).-.Authenticated.Arbitrary.File.Upload MEDIUM" "divi 4.0.10 Authenticated.Code.Injection MEDIUM" "divi 3.17.3 Authenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "divi 2.6.4 Privilege.Escalation HIGH" "disconnected No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "directory 3.0.2 Reflected.XSS HIGH" "design-comuni-wordpress-theme 1.1.2 Unauthenticated.Stored.XSS HIGH" "dt-the7 11.14.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.url.Attribute MEDIUM" "dt-the7 11.6.1 Reflected.XSS HIGH" "dt-the7 2.1.1 Cross-Site.Scripting.(XSS) MEDIUM" "drop 1.22 Reflected.XSS HIGH" "diplomat 1.0.3 Information.Disclosure HIGH" "digi-store No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "digitally No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "digitally No.known.fix Reflected.XSS HIGH" "estrutura-basica No.known.fix Local.File.Download. HIGH" "everse 1.2.4 Reflected.XSS HIGH" "everse 1.8.10 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.12 Reflected.Cross-Site.Scripting MEDIUM" "everse 1.8.6 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "echelon 2.8.3 Local.File.Disclosure HIGH" "echelon 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "everest-news-pro No.known.fix Reflected.XSS HIGH" "elation No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "elation 1.1.01 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "exquisite-wp No.known.fix DOM.Cross-Site.Scripting.(XSS) MEDIUM" "everest-news No.known.fix Reflected.XSS HIGH" "esotera 1.2.6 Contributor+.Stored.XSS MEDIUM" "enlighten 1.3.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "envo-business No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "elasta 1.0.9 Reflected.Cross-Site.Scripting MEDIUM" "elasta 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "epic No.known.fix Arbitrary.File.Download HIGH" "empowerwp 1.0.22 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "empowerment No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "esteem 1.5.1 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "excellent 1.3.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "easybook 1.2.2 Multiple.Vulnerabilities HIGH" "eptonic No.known.fix Valums.Uploader.Shell.Upload.Exploit CRITICAL" "eighteen-tags 3.1.1 Reflected.Cross-Site.Scripting MEDIUM" "education-lms No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "eventpress 5.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "education-zone 1.3.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "elitepress 2.0.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "eduma 5.4.8 Reflected.Cross-Site.Scripting MEDIUM" "elevate-wp 1.0.17 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "enfold 7.0 Authenticated.(Subscriber+).Server-Side.Request.Forgery.via.attachment_id MEDIUM" "enfold 7.0 Missing.Authorization.to.Sensitive.Information.Disclosure.in.avia-export-class.php MEDIUM" "enfold 6.0.4 Contributor+.Stored.XSS.via.wrapper_class.and.class.Parameters MEDIUM" "enfold 5.6.10 Reflected.Cross-Site.Scripting MEDIUM" "enfold 5.6.5 Reflected.Cross-Site.Scripting MEDIUM" "enfold 4.8.4 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "edge 2.1.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "elegant-pink 1.3.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "envo-multipurpose No.known.fix Missing.Authorization LOW" "event 1.2.3 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "fluida 1.8.8.1 Contributor+.Stored.XSS MEDIUM" "findus 1.1.15 Directory.Listing.<.1.1.15.-.Authenticated.Persistent.XSS MEDIUM" "fifteen No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "fortune No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fullbase 1.2.1 Reflected.XSS HIGH" "forumengine 1.9 Reflected.Cross-Site.Scripting MEDIUM" "flex-mag 3.6.0 Responsive.WordPress.News.Theme.<.3.6.0.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Option.Deletion HIGH" "fusion 2.8.3 Local.File.Disclosure HIGH" "fusion 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "freely No.known.fix Information.Disclosure HIGH" "fire-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "fashstore No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "footysquare No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "foxiz 2.3.6 Unauthenticated.Server-Side.Request.Forgery HIGH" "fioxen No.known.fix Reflected.XSS HIGH" "fraction-theme 1.1.2 Privilege.Escalation HIGH" "furnob No.known.fix Cross-Site.Request.Forgery MEDIUM" "flixita 1.0.83 Reflected.Cross-Site.Scripting.via.id.Parameter MEDIUM" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.ti_customizer_notify_dismiss_recommended_plugins MEDIUM" "formula 0.5.2 Reflected.Cross-Site.Scripting.via.quality_customizer_notify_dismiss_action MEDIUM" "foodbakery 2.2 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "foodbakery 2.0 Unauthenticated.Reflected.XSS MEDIUM" "findeo 1.3.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) HIGH" "findeo 1.3.1 Arbitrary.Property.Deletion.via.IDOR HIGH" "fotawp 1.4.2 Missing.Authorization.via.fotawp_install_and_activate_plugins() MEDIUM" "fotography 2.4.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "fusion-builder 7.11.6 Authenticated(Contributor+).Sensitive.Information.Exposure.via.Form.Entries MEDIUM" "fusion-builder 3.11.2 Subscriber+.SQL.injection.and.broken.access.control.vulnerability.in.Critical.CSS HIGH" "freesia-empire 1.4.2 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Multiple.Shortcodes MEDIUM" "flatsome 3.19.0 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "flatsome 3.17.6 Unauthenticated.PHP.Object.Injection CRITICAL" "flatsome 3.17.0 Reflected.XSS HIGH" "fashionable-store No.known.fix Reflected.XSS HIGH" "fude No.known.fix Reflected.XSS HIGH" "filmix No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "full-frame 2.7.3 Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "focusblog 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "focusblog 2.0.0 Unauthenticated.Option.Update MEDIUM" "financio 1.1.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "flashy No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "findgo 1.3.32 Directory.Listing.<.1.3.32.-.Unauthenticated.Reflected.and.Authenticated.Stored.XSS MEDIUM" "gucherry-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "goodnews5 No.known.fix Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "goya 1.0.8.8 Unauthenticated.Reflected.Cross-Site.Scripting.via.Multiple.Parameters MEDIUM" "geomagazine No.known.fix Unauthenticated.Reflected.XSS MEDIUM" "givingpress-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "greenmart 2.5.2 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "greenmart 2.4.3 Reflected.Cross-Site.Scripting.(XSS) CRITICAL" "gump No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "grey-opaque No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Download-Button.Shortcode MEDIUM" "gameplan No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "ghostwriter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gema-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "golo 1.6.11 Directory.&.Listing,.Travel.WordPress.Theme.<.1.6.11.-.Missing.Authorization.to.Privilege.Escalation.via.Unauthenticated.Arbitrary.User.Password.Change CRITICAL" "golo 1.3.3 Unauthenticated.Reflected.XSS MEDIUM" "graphene 2.9.3 Unauthenticated.Password.Protected.Post.Access MEDIUM" "goodnex 1.1.3 Information.Disclosure HIGH" "gowilds No.known.fix Reflected.XSS HIGH" "goto 2.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "goto 2.1 Unauthenticated.Blind.SQL.Injection CRITICAL" "goto 2.0 Tour.&.Travel.<.2.0.-.Unauthenticated.Reflected.XSS MEDIUM" "gaga-corp No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "gaga-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "gutenbook No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "g-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "gym-express No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "houzez 3.4.2 Missing.Authorization MEDIUM" "houzez 3.4.2 Missing.Authorization MEDIUM" "houzez 3.3.0 Subscriber+.Privilege.Escalation HIGH" "houzez 3.2.5 Reflected.Cross-Site.Scripting MEDIUM" "headway 3.8.9 Authenticated.Cross-Site.Scripting.(XSS) MEDIUM" "halpes No.known.fix Reflected.XSS HIGH" "hueman 3.7.25 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hueman 3.6.4 Arbitrary.Settings.Update.via.CSRF MEDIUM" "hueman 3.6.4 Cross-Site.Request.Forgery.(CSRF) MEDIUM" "homey 2.4.4 Limited.Authentication.Bypass HIGH" "homey 2.4.4 Cross-Site.Request.Forgery.to.User.Verification MEDIUM" "homey No.known.fix Unauthenticated.Privilege.Escalation.in.homey_save_profile CRITICAL" "homey No.known.fix Authenticated.(Subscriber+).Privilege.Escalation HIGH" "hello-agency 1.0.6 Missing.Authorization.to.Notice.Dismissal MEDIUM" "honeypress 2.3.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "highlight 1.0.30 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hasium No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hasium 1.6.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "hmd 2.2 Reflected.Cross-Site.Scripting MEDIUM" "himalayas No.known.fix Authenticated.(Administrator+).Stored.Cross-Site.Scripting MEDIUM" "himalayas 1.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "hotel-galaxy No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "himer 2.1.3 Social.Questions.and.Answers.<.2.1.3.-.CSRF.While.Sending.the.Invites MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Arbitrary.Group.Joining.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Bypass.Poll.Voting.Restrictions.via.CSRF MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Contributor+.Stored.XSS MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Subscriber+.Private.Group.Joining.via.IDOR MEDIUM" "himer 2.1.1 Social.Questions.and.Answers.<.2.1.1.-.Multiple.CSRF.on.the.Group.Section MEDIUM" "himer 1.9.3 Missing.validation.lead.to.functionality.abuse LOW" "homevillas-real-estate 2.3 Multiple.Cross-Site.Scripting.Issues MEDIUM" "hasten-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "hive-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "hugo-wp 1.0.10 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "hestia 3.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "hotelica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "intothedark No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "i-amaze No.known.fix Cross-Site.Request.Forgery MEDIUM" "intrace 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "injob 3.4.1 Authenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "intrepidity No.known.fix File.Upload.and.Option.Update.via.CSRF HIGH" "ilex 1.4.2 Reflected.XSS HIGH" "idyllic 1.1.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "i-transform No.known.fix Cross-Site.Request.Forgery MEDIUM" "illdy 2.1.7 Unauthenticated.Function.Injection CRITICAL" "inspiro 7.2.3 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "ignition 2.0.0 Unauthenticated.Option.Update MEDIUM" "ignition 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "ih-business-pro No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "interface 3.1.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "infinite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.project_url.Parameter MEDIUM" "jannah 5.4.5 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jannah 5.4.4 Reflected.Cross-Site.Scripting.(XSS) HIGH" "jupiterx 2.0.7 Subscriber+.Arbitrary.Plugin.Deactivation.and.Settings.Update MEDIUM" "jupiterx 2.0.7 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jobeleon-wpjobboard 1.9.2 Reflected.Cross-Site.Scripting MEDIUM" "javo-spot 3.0.0 Unauthenticated.Directory.Traversal HIGH" "jobscout 1.1.5 Cross-Site.Request.Forgery.to.Notice.Dimissal MEDIUM" "jobify 4.2.8 Job.Board.WordPress.Theme.<.4.2.8.-.Missing.Authorization.to.Unauthenticated.Server-Side.Request.Forgery,.Arbitrary.Image.Upload,.and.Image.Generation MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Unauthenticated.Arbitrary.File.Read HIGH" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Missing.Authorization MEDIUM" "jobify No.known.fix Job.Board.WordPress.Theme.<=.4.2.3.-.Cross-Site.Request.Forgery MEDIUM" "jetapo 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jetapo-with-woocommerce 1.1 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "jupiter 6.10.2 Subscriber+.Path.Traversal.and.Local.File.Inclusion HIGH" "jupiter 6.10.2 Subscriber+.Privilege.Escalation.and.Post.Deletion CRITICAL" "jupiter 6.10.2 Subscriber+.Arbitrary.Plugin.Deletion MEDIUM" "jnews 11.6.7 WordPress.Newspaper.Magazine.Blog.AMP.Theme.<.11.6.7.-.Unauthorized.User.Registration MEDIUM" "jnews 8.0.6 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "js-o3-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-o3-lite No.known.fix Reflected.XSS HIGH" "julia-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "jewelry-store 2.3.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "js-paper No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "js-paper No.known.fix Reflected.XSS HIGH" "jobcareer 3.5 Multiple.Cross-Site.Scripting.(XSS) MEDIUM" "jobcareer 2.5.1 Authenticated.Stored.Cross-Site.Scripting MEDIUM" "jobcareer 2.4.1 User.enumeration.&.Reset.password CRITICAL" "kata-app No.known.fix Reflected.XSS HIGH" "kleo 5.4.4 Reflected.Cross-Site.Scripting MEDIUM" "kingclub-theme No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "kormosala 1.0.23 Unauthenticated.Reflected.XSS MEDIUM" "kata 1.2.9 Reflected.XSS HIGH" "kahuna 1.7.0.1 Contributor+.Stored.XSS MEDIUM" "krste 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "kata-business No.known.fix Reflected.XSS HIGH" "konzept 2.5 Unauthenticated.Reflected.XSS MEDIUM" "lovetravel 2.0 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "lovetravel 3.8 Unauthenticated.Reflected.XSS.&.XFS MEDIUM" "looki-lite 1.3.0 Reflected.XSS HIGH" "listeo 1.6.11 Multiple.Authenticated.IDOR.Vulnerabilities MEDIUM" "listeo 1.6.11 Multiple.XSS.&.XFS.vulnerabilities MEDIUM" "luxe 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "luxe 2.0.0 Unauthenticated.Option.Update MEDIUM" "listingo No.known.fix Business.Listing.and.Directory.WordPress.Theme.<=.3.2.7.-.Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "listingo 3.2.7 Unauthenticated.Arbitrary.File.Upload CRITICAL" "lifestyle-magazine 10.2.1 Reflected.Cross-Site.Scripting MEDIUM" "lafka No.known.fix Multi.Store.Burger.-.Pizza.&.Food.Delivery.WooCommerce.Theme.<=.4.5.7.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "lattice 1.1.4 Unspecified.XSS MEDIUM" "lawyerpress-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "listivo 2.3.68 Classified.Ads.WordPress.Theme.<.2.3.68.-.Reflected.Cross-Site.Scripting MEDIUM" "listingpro 2.9.5 Subscriber+.Local.File.Inclusion HIGH" "listingpro 2.9.5 Unauthenticated.SQL.Injection CRITICAL" "listingpro 2.9.5 Cross-Site.Request.Forgery.to.Account.Takeover HIGH" "listingpro 2.6.1 Unauthenticated.Arbitrary.Plugin.Installation/Activation/Deactivation CRITICAL" "listingpro 2.6.1 Unauthenticated.Sensitive.Data.Disclosure.(Usernames,.Emails.etc) HIGH" "listingpro 2.5.4 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "listingpro 2.0.14.5 Reflected.&.Persistent.Cross-Site.Scripting MEDIUM" "liquido No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "lawyer-landing-page 1.2.5 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "learnmore No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "learnmore No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "lestin No.known.fix Reflected.XSS HIGH" "metro-magazine 1.3.8 Missing.Authorization.to.Notice.Dismissal MEDIUM" "my-flatonica No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "meridia 2.2.8 Reflected.Cross-Site.Scripting MEDIUM" "meridia 2.2.7 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "modular 2.8.3 Local.File.Disclosure HIGH" "modular 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "multifox No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "mocho-blog No.known.fix Reflected.XSS HIGH" "motor 3.1.0 Unauthenticated.Local.File.Inclusion HIGH" "machic No.known.fix Cross-Site.Request.Forgery MEDIUM" "mantra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "medzone-lite 1.2.6 Unauthenticated.Function.Injection CRITICAL" "my-white No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "method 2.8.3 Local.File.Disclosure HIGH" "method 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "medikaid 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "mesmerize 1.6.124 Cross-Site.Request.Forgery.to.Cache.Clearing MEDIUM" "modins No.known.fix Reflected.XSS HIGH" "meris No.known.fix Reflected.XSS HIGH" "massive-dynamic No.known.fix Unauthenticated.Local.File.Inclusion HIGH" "multipurpose No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "materialis 1.1.30 Missing.Authorization.to.Limited.Arbitrary.Options.Update MEDIUM" "minus 2.0.0 Unauthenticated.Option.Update MEDIUM" "minus 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "monolit 2.0.7 Reflected.XSS HIGH" "myriad 2.8.3 Local.File.Disclosure HIGH" "myriad 2.8.3 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "mosaic No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "mediciti-lite No.known.fix Reflected.XSS HIGH" "mediciti-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "medicate No.known.fix Local.File.Disclosure HIGH" "medicate No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "moseter No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "moseter No.known.fix Reflected.XSS HIGH" "medibazar No.known.fix Cross-Site.Request.Forgery MEDIUM" "modern 1.4.2 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "meta-news 1.1.8 Unauthenticated.Local.File.Inclusion CRITICAL" "mags 1.1.7 Unauthenticated.Local.File.Inclusion CRITICAL" "my-wooden-under-construction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "mediumishh No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "mTheme-Unus 2.3 Directory.Traversal HIGH" "monograph No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "manbiz2 No.known.fix Local.File.Disclosure HIGH" "manbiz2 No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "monalisa 2.1.3 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "medicenter 14.7 Health.Medical.Clinic.WordPress.Theme.<.14.7.-.Missing.Authorization MEDIUM" "ms-lms-starter-theme 1.1.9 Unauthenticated.Sensitive.Information.Exposure MEDIUM" "medicpress-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "magazine-edge No.known.fix Subscriber+.Arbitrary.Plugin.Activation MEDIUM" "mystique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsmag No.known.fix Subscriber+.Reflected.Cross-Site.Scripting MEDIUM" "newsmag 2.4.2 Unauthenticated.Function.Injection CRITICAL" "nexos 1.8 Real.Estate.<.1.8.-.Unauthenticated.Reflected.XSS.&.SQL.Injection CRITICAL" "nexos 1.6.1 Real.Estate.<.1.6.1.-.SQL.Injection.&.Persistent.XSS CRITICAL" "neosense 1.8 Unrestricted.File.Upload CRITICAL" "nokri 1.6.3 Unauthenticated.Arbitrary.Password.Change CRITICAL" "nova-lite 1.3.9 Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "newspaper 12.6.6 Authenticated.(Author+).Stored.Cross-Site.Scripting.via.Attachment.Meta MEDIUM" "networker 1.1.10 Tech.News.WordPress.Theme.with.Dark.Mode.<.1.1.10.-.Missing.Authorization MEDIUM" "nichebase 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nichebase 1.2.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newscard 1.4 Unauthenticated.Local.File.Inclusion CRITICAL" "newsxpress 1.0.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "newshit 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "newscrunch 1.8.4.1 Cross-Site.Request.Forgery.to.Arbitrary.File.Upload HIGH" "newscrunch 1.8.4.1 Authenticated.(Subscriber+).Arbitrary.File.Upload CRITICAL" "news-flash No.known.fix Authenticated.(Editor+).PHP.Object.Injection HIGH" "noo-jobmonster 4.7.6 Unauthenticated.Privilege.Escalation CRITICAL" "noo-jobmonster 4.7.5 Unauthenticated.Arbitrary.File.Deletion CRITICAL" "noo-jobmonster 4.6.6.1 Directory.Listing.in.Upload.Folder MEDIUM" "noo-jobmonster 4.5.2.9 Unauthenticated.Reflected.Cross-Site.Scripting MEDIUM" "newspaper-x 1.3.2 Unauthenticated.Function.Injection CRITICAL" "nioland 1.2.7 Reflected.Cross-Site.Scripting.via.s MEDIUM" "nexter 2.0.4 Missing.Authorization MEDIUM" "nexter 2.0.4 Authenticated.(Subscriber+).SQL.Injection.via.'to'.and.'from' HIGH" "nsc No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "news-unlimited No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "nothing-personal No.known.fix Reflected.XSS HIGH" "newsmash 1.0.72 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsmash 1.0.35 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "nictitate No.known.fix Cross-Site.Request.Forgery MEDIUM" "newsmunch 1.0.36 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "nightlife No.known.fix CSRF.File.Upload HIGH" "ngo-charity-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "neighborly No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "nirvana No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "newsmatic 1.3.3 Missing.Authorization MEDIUM" "newsmatic 1.3.5 Unauthenticated.Information.Exposure.via.newsmatic_filter_posts_load_tab_content MEDIUM" "nokke 1.2.4 Reflected.XSS HIGH" "nokke 1.2.3 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.2.4 Reflected.Cross-Site.Scripting MEDIUM" "nokke 1.0.11 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "newsdaily No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "naturemag-lite No.known.fix Unauthenticated.Function.Injection CRITICAL" "oceanic No.known.fix Cross-Site.Request.Forgery MEDIUM" "onair2 3.9.9.2 Unauthenticated.RFI.and.SSRF MEDIUM" "olivia No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "one-paze No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "ona 1.18.3 Reflected.Cross-Site.Scripting MEDIUM" "optimizepress 1.6 Unauthenticated.Arbitrary.File.Upload CRITICAL" "onetone No.known.fix Unauthenticated.Stored.Cross-Site.Scripting.(XSS) MEDIUM" "outdoor 3.9.7 Reflected.XSS HIGH" "opor-ayam No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "opor-ayam No.known.fix Reflected.XSS HIGH" "offset-writing No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "offset-writing No.known.fix Reflected.XSS HIGH" "oceanwp 3.5.5 Subscriber+.Sensitive.Information.Exposure MEDIUM" "one-page-conference No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "orgarium No.known.fix Reflected.XSS HIGH" "orchid-store 1.5.7 .Missing.Authorization.to.Authenticated.(Subscriber+).Limited.Plugin.Activation MEDIUM" "onepress No.known.fix Missing.Authorization MEDIUM" "onepress No.known.fix Authenticated.(Author+).Stored.Cross-Site.Scripting MEDIUM" "onepress 2.3.7 Cross-Site.Request.Forgery.via.save_settings() MEDIUM" "parallelus-salutation 3.0.16 Stored.XSS MEDIUM" "parallelus-salutation 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "pisole No.known.fix Reflected.XSS HIGH" "photography No.known.fix Missing.Authorization MEDIUM" "parallaxsome 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "pixgraphy 1.3.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pixova-lite 2.0.7 Unauthenticated.Function.Injection CRITICAL" "parabola No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "pinboard No.known.fix includes/theme-options.php.tab.Parameter.XSS MEDIUM" "purosa 1.1.3 Reflected.Cross-Site.Scripting MEDIUM" "purosa 1.1.0 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "plain-post 1.0.4 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "prolist 1.27 Directory.Listing.<.1.27.-.Unauthenticated.Reflected.XSS MEDIUM" "posterity No.known.fix Contributor+.Stored.XSS MEDIUM" "posterity 3.4 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "plato 1.1.9 Reflected.XSS HIGH" "pont No.known.fix Privilige.Escalation HIGH" "pinzolo 1.2.10 Reflected.XSS HIGH" "platform No.known.fix Cross-Site.Request.Forgery.(CSRF) HIGH" "pressive 2.0.0 Unauthenticated.Option.Update MEDIUM" "pressive 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "paroti No.known.fix Reflected.XSS HIGH" "pinfinity 2.0 Reflected.Cross-site.Scripting.(XSS) MEDIUM" "patch-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purus No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purus No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "purus No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "performag 2.0.0 Unauthenticated.Option.Update MEDIUM" "performag 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "purity-of-soul No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "purity-of-soul No.known.fix Reflected.XSS HIGH" "pixigo No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "perfect-portfolio 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "perfect-portfolio 1.1.6 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "pathway 1.0.16 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "partdo No.known.fix Cross-Site.Request.Forgery MEDIUM" "phototouch 1.2.2 Arbitrary.File.Upload.via.themify-ajax.php CRITICAL" "parallax-blog No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "parallelus-unite 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "porto 7.1.1 Unauthenticated.Local.File.Inclusion.via.porto_ajax_posts CRITICAL" "porto 7.1.1 Authenticated.(Contributor+).Local.File.Inclusion.via.Post.Meta HIGH" "parallelus-intersect 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "puzzles 4.2.5 Unauthenticated.PHP.Object.Injection HIGH" "puzzles No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Shortcode MEDIUM" "puzzles 4.2.5 Missing.Authorization.to.Authenticated.(Subscriber+).Stored.Cross-Site.Scripting MEDIUM" "pubnews 1.0.8 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation HIGH" "preschool-and-kindergarten 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "patricia-lite No.known.fix Cross-Site.Request.Forgery MEDIUM" "pliska 0.3.6 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Author.Display.Name MEDIUM" "patricia-blog No.known.fix Cross-Site.Request.Forgery MEDIUM" "punte 1.1.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "point No.known.fix Cross-Site.Request.Forgery MEDIUM" "pressmart 1.2.17 Modern.Elementor.WooCommerce.WordPress.Theme.<.1.2.17.-.Unauthenticated.Arbitrary.Shortcode.Execution HIGH" "phlox-pro 5.16.5 Reflected.Cross-Site.Scripting.via.Search.Parameters MEDIUM" "pearl 3.4.8 Corporate.Business.<.3.4.8.-.Unauthenticated.Local.File.Inclusion CRITICAL" "parallelus-traject 2.0 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "popularis-verse 1.0.2 Cross-Site.Request.Forgery MEDIUM" "power-mag No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "polka-dots No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "polka-dots No.known.fix Reflected.XSS HIGH" "photology 1.1.4 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "qizon No.known.fix Reflected.XSS HIGH" "quota 1.2.5 Unspecified.XSS MEDIUM" "quasar 2.0 Privilege.Escalation HIGH" "quality 2.7.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "qempo No.known.fix Reflected.XSS HIGH" "royal-elementor-kit 1.0.117 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "royal-elementor-kit 1.0.117 Missing.Authorization.to.Arbitrary.Transient.Update MEDIUM" "rara-business 1.2.6 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rara-business 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "rambo 2.1.4 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "rife-free 2.4.19 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "rife-free 2.4.20 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "raindrops 1.700 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "roven-blog 1.0.4 Reflected.Cross-Site.Scripting MEDIUM" "rehub-theme 19.6.2 Authenticated.(Editor+).Local.File.Inclusion HIGH" "rehub-theme 19.6.2 Authenticated.(Subscriber+).SQL.Injection HIGH" "rehub-theme 19.6.2 Unauthenticated.Local.File.Inclusion CRITICAL" "reality 2.5.6 Multiple.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "reality 2.5.3 Unauthenticated.Reflected.XSS MEDIUM" "reality 2.4.0 Multiple.Persistent.XSS MEDIUM" "ripple 1.2.1 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "realhomes 4.3.7 Privilege.Escalation CRITICAL" "revolve No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "restaurant-and-cafe 1.2.2 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "realestate-7 3.5.2 Unauthenticated.Privilege.Escalation CRITICAL" "realestate-7 3.3.5 Reflected.XSS HIGH" "realestate-7 3.3.5 Multiple.CSRF MEDIUM" "realestate-7 3.3.2 Reflected.XSS HIGH" "realestate-7 3.1.1 Reflected.Cross-Site.Scripting.(XSS) HIGH" "realestate-7 3.0.5 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 3.0.4 Unauthenticated.Reflected.XSS MEDIUM" "realestate-7 2.9.5 Multiple.Vulnerabilities HIGH" "realestate-7 2.9.1 Stored.XSS.&.IDOR MEDIUM" "roseta No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "rovenstart 1.2.2 Reflected.Cross-Site.Scripting MEDIUM" "raise-mag No.known.fix Reflected.XSS HIGH" "responsive 5.0.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "responsive 5.0.3 Missing.Authorization.to.HMTL.Injection HIGH" "radcliffe-2 2.0.18 Missing.Authorization MEDIUM" "restricted-site-access No.known.fix IP.Spoofing.to.Protection.Mechanism.Bypass MEDIUM" "regina-lite No.known.fix Reflected.XSS HIGH" "regina-lite 2.0.6 Unauthenticated.Function.Injection CRITICAL" "responsive-mobile No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "revivenews 1.0.3 Missing.Authorization.via.revivenews_install_and_activate_plugins() MEDIUM" "reconstruction No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "restaurant-pt 1.1.3 Reflected.XSS HIGH" "robolist-lite No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "rise 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "rise 2.0.0 Unauthenticated.Option.Update MEDIUM" "relax-spa 1.1.1 Reflected.Cross-Site.Scripting MEDIUM" "simplecharm 1.4.4 Reflected.Cross-Site.Scripting MEDIUM" "scoreme No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "spikes-black No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "silk-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "statfort No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "sarada-lite 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "saul 1.1.0 Reflected.XSS HIGH" "sahifa 3.0.0 Site.Setting.Reset.CSRF HIGH" "sahifa 3.0.0 Multiple.Full.Path.Disclosure MEDIUM" "silesia No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "start No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "scylla-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "socialv 2.0.16 Social.Network.and.Community.BuddyPress.Theme.<.2.0.16.-.Missing.Authorization.to.Arbitrary.File.Download MEDIUM" "superio 1.2.33 Job.Board.<.1.2.33.-.Subscriber+.Stored.Cross-Site.Scripting LOW" "spiko 1.1.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "shopbiz-lite 1.7.7 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "swape 1.2.1 Authentication.Bypass.and.Stored.XSS CRITICAL" "soulmedic No.known.fix Local.File.Disclosure HIGH" "soulmedic No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "spikes No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "soledad 8.6.0 Unauthenticated.Limited.Local.File.Inclusion HIGH" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.6 Cross-Site.Request.Forgery MEDIUM" "soledad 8.4.6 Missing.Authorization MEDIUM" "soledad 8.4.2 Authenticated.(Contributor+).SQL.Injection HIGH" "soledad 8.4.2 Unauthenticated.PHP.Object.Injection CRITICAL" "soledad 8.4.2 Reflected.Cross-Site.Scripting MEDIUM" "soledad 8.2.6 Subscriber+.Cross-Site.Scripting MEDIUM" "soledad 8.2.5 Reflected.Cross-site.Scripting MEDIUM" "swing-lite 1.2.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "simpolio No.known.fix Privilige.Escalation HIGH" "shapely 1.2.9 Unauthenticated.Function.Injection CRITICAL" "spice-software 1.1.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "style No.known.fix Information.Disclosure HIGH" "smartmag-responsive-retina-wordpress-magazine No.known.fix Unauthenticated.Sensitive.Information.Exposure.via.Log.Files MEDIUM" "scrollme No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "shoppette 1.0.5 Unspecified.XSS MEDIUM" "startkit No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "salzburg-blog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "store-commerce No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sparkling No.known.fix Missing.Authorization.to.Unauthenticated.Arbitrary.Plugin.Activation/Deactivation MEDIUM" "sparkling 2.4.9 Unauthenticated.Function.Injection CRITICAL" "septera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "specialist No.known.fix CSRF.File.Upload HIGH" "startupzy 1.1.2 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "storepress No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "seabird No.known.fix Local.File.Disclosure HIGH" "seabird No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "suffice 1.1.6 Reflected.Cross-Site.Scripting MEDIUM" "smartit No.known.fix Information.Disclosure HIGH" "sportsmag No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "sociallyviral No.known.fix Cross-Site.Request.Forgery MEDIUM" "socialdriver 2024 Prototype.Pollution.to.XSS HIGH" "striking-r 2.3.5 Reflected.Cross-Site.Scripting MEDIUM" "striking-r 2.3.5 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "spasalon 2.2.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "simplifii No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "storevilla 1.4.2 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "spawp 1.4.1 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "storied 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "storied 2.0.0 Unauthenticated.Option.Update MEDIUM" "short 1.7.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "stockholm 9.7 Unauthenticated.Local.File.Inclusion CRITICAL" "stockholm 9.7 Authenticated.(Contributor+).Local.File.Inclusion HIGH" "sominx No.known.fix Reflected.XSS HIGH" "squaretype 3.0.4 Unauthenticated.Private/Schedule.Posts.Disclosure MEDIUM" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "storely No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "saleszone No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "squared 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "squared 2.0.0 Unauthenticated.Option.Update MEDIUM" "showbiz 1.7.1 Local.File.Disclosure HIGH" "showbiz No.known.fix WordPress.Slider.Revolution.Shell.Upload CRITICAL" "spa-and-salon 1.2.8 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "speculor No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "speculor No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "speculor No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "sweetdate 3.8.0 Unauthenticated.Privilege.Escalation CRITICAL" "sinatra No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "sliding-door No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "soundblast No.known.fix Unauthenticated.Arbitrary.File.Upload CRITICAL" "sean-lite 1.4.6 Reflected.XSS HIGH" "shuban No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "shuban No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "shuban No.known.fix Subscriber+.Arbitrary.Option.Update CRITICAL" "tydskrif No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tydskrif No.known.fix Reflected.XSS HIGH" "travel-monster 1.1.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "topcat-lite No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Privilege.Escalation HIGH" "themify-ultra 7.3.6 Authenticated.(Subscriber+).PHP.Object.Injection HIGH" "themify-ultra 7.3.6 Missing.Authorization MEDIUM" "themify-ultra 7.3.6 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "teardrop No.known.fix Privilige.Escalation HIGH" "theroof 1.0.4 Unauthenticated.Reflected.XSS HIGH" "the-conference 1.2.1 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "triton-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "theron-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "the-monday No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "theme-translation-for-polylang 3.2.17 Unauthenticated.Translation.Settings.Update MEDIUM" "thegem 5.9.2 Reflected.Cross-Site.Scripting MEDIUM" "transcend 1.2.0 Unauthenticated.Function.Injection CRITICAL" "tuaug4 No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tuaug4 No.known.fix Reflected.XSS HIGH" "the-next No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "truemag No.known.fix Unauthenticated.Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "traveler 3.1.9 Unauthenticated.Local.File.Inclusion.via.hotel_alone_load_more_post CRITICAL" "traveler 3.1.9 Reflected.Cross-Site.Scripting MEDIUM" "traveler No.known.fix Authenticated.(Contributor+).Local.File.Inclusion.via.Shortcode HIGH" "traveler 3.1.7 Unauthenticated.SQL.Injection.via.order_id HIGH" "traveler 3.1.7 Missing.Authorization.in.Several.AJAX.Actions MEDIUM" "traveler 2.8.4 Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "traveler 2.8.4 Unauthenticated.SQL.Injection HIGH" "traveler 2.8.2 Unauthenticated.Reflected.XSS MEDIUM" "traveler 2.7.8.6 Reflected.&.Persistent.XSS.Issues MEDIUM" "traveler 2.7.8.4 Reflected.&.Stored.XSS MEDIUM" "the-launcher 1.3.3 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "travel-agency 1.4.2 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "tantyyellow No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tantyyellow No.known.fix Reflected.XSS HIGH" "tweaker5 No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "top-store 1.5.5 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "travey 1.0.5 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "townhub 1.3.0 Unauthenticated.Reflected.XSS HIGH" "townhub 1.0.6 Multiple.Vulnerabilities HIGH" "travel-tour 1.2.0 Reflected.Cross-Site.Scripting MEDIUM" "travel-booking 1.2.3 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "traveltour 5.2.4 Reflected.XSS HIGH" "totalpress No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tempera No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "tijaji No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tijaji No.known.fix Reflected.XSS HIGH" "tiki-time No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "tiki-time No.known.fix Reflected.XSS HIGH" "the-authority No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "the-ultralight No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "total 2.1.60 Missing.Authorization.to.Authenticated.(Subscriber+).Sections.Update MEDIUM" "t1 No.known.fix Open.Redirect MEDIUM" "trendy-news 1.0.15 Cross-Site.Request.Forgery MEDIUM" "tevily No.known.fix Reflected.XSS HIGH" "techism No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "th-shop-mania 1.5.0 Authenticated.(Subscriber+).Arbitrary.Plugin.Installation/Activation HIGH" "tainacan-interface 2.7.2 Reflected.Cross-Site.Scripting MEDIUM" "temp-mail-x No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "thrive-theme 3.24.2 Cross-Site.Request.Forgery HIGH" "thrive-theme 3.24.0 Missing.Authorization HIGH" "thrive-theme 3.24.0 Subscriber+.Privilege.Escalation HIGH" "thrive-theme 2.2.4 Unauthenticated.Option.Update MEDIUM" "travel-agency-booking No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "udesign 4.11.3 Missing.Authorization MEDIUM" "unseen-blog No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "uncode 2.9.1.7 Authenticated.(Subscriber+).Stored.Cross-Site.Scripting.via.mle-description MEDIUM" "uncode 2.9.1.7 Subscriber+.Arbitrary.File.Read.in.uncode_recordMedia MEDIUM" "uncode 2.9.1.7 Unauthenticated.Arbitrary.File.Read.in.uncode_admin_get_oembed HIGH" "u-design No.known.fix Reflected.Cross-Site.Scripting HIGH" "u-design 2.7.10 DOM.Cross-Site.Scripting.(XSS) MEDIUM" "ultimatum 2.9.1.5 Local.File.Disclosure HIGH" "ultimatum 2.9.1.5 WordPress.Slider.Revolution.Shell.Upload CRITICAL" "unakit 1.2.5.3 Reflected.Cross-Site.Scripting MEDIUM" "unakit 1.2.4.2 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "upfrontwp No.known.fix Reflected.XSS HIGH" "uncode-lite No.known.fix Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "unique No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "ultralight No.known.fix Reflected.XSS HIGH" "ultrapress No.known.fix Authenticated.(Contributor+).PHP.Object.Injection HIGH" "unicon-lite 1.2.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "vernissage 1.3 Privilige.Escalation HIGH" "vilva 1.2.3 Cross-Site.Request.Forgery.to.Notice.Dismissal MEDIUM" "viala No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viala No.known.fix Reflected.XSS HIGH" "vmagazine-lite 1.3.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "viralike No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "viralike 1.0.5 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vmagazine-news 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "visual-composer-starter 3.4.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "videoblog No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "villar 1.1.0 Reflected.Cross-Site.Scripting MEDIUM" "villar 1.0.8 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "vertice 1.0.11 Various.Versions.and.Themes.-.Missing.Authorization MEDIUM" "verbosa 1.2.3.1 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "viable-blog No.known.fix Reflected.XSS HIGH" "vmag 1.2.8 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "viburno 1.3.2 Reflected.XSS HIGH" "vw-automobile-lite No.known.fix Missing.Authorization MEDIUM" "virtue 3.4.9 Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Post.Author MEDIUM" "vw-storefront 1.0.0 Missing.Authorization.to.Authenticated.(Subscriber+).Settings.Reset MEDIUM" "veda No.known.fix MultiPurpose.WordPress.Theme.<=.4.2.-.Authenticated.(Subscriber+).PHP.Object.Injection CRITICAL" "venice-lite 1.5.5 Reflected.XSS HIGH" "voice 2.0.0 Unauthenticated.Option.Update MEDIUM" "voice 2.0.0 Unauthenticated.Arbitrary.File.Upload.and.Option.Deletion CRITICAL" "wp-real-estate No.known.fix Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "workio 1.0.3 Unauthenticated.Reflected.XSS MEDIUM" "workscout 2.0.33 Authenticated.Stored.XSS.&.XFS HIGH" "wp-moose 1.0.7 Reflected.Cross-Site.Scripting MEDIUM" "wp-moose 1.0.1 Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "welowe No.known.fix Reflected.XSS HIGH" "workup 2.1.6 Unauthenticated.Reflected.XSS MEDIUM" "wp-sierra No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-sierra No.known.fix Unauthorised.AJAX.Calls.via.Freemius MEDIUM" "wallstreet 2.0.5 Reflected.Cross-Site.Scripting.via.Customizer.Notify MEDIUM" "winters No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "wyzi-business-finder 2.4.3 Reflected.Cross-Site.Scripting.(XSS) MEDIUM" "wedding-bride 1.0.2 Reflected.XSS HIGH" "weddingalbum No.known.fix Information.Disclosure HIGH" "woostify 1.9.2 CSRF.Bypass MEDIUM" "woodmart 8.0.4 Unauthenticated.Arbitrary.Shortcode.Execution MEDIUM" "woodmart 7.2.5 Reflected.XSS HIGH" "woodmart 7.2.2 Subscriber+.Stored.XSS HIGH" "woodmart 7.1.2 License.Update/Deactivation.via.CSRF MEDIUM" "woodmart 7.1.2 Unauthenticated.Arbitrary.Shortcode.Injection HIGH" "wlow 1.2.7 Reflected.XSS HIGH" "weeklynews 2.2.9 Cross-Site.Scripting.(XSS) MEDIUM" "weaver-xtreme 6.4 Contributor+.Stored.XSS MEDIUM" "weaver-xtreme 6.2 Contributor+.Stored.Cross-Site.Scripting MEDIUM" "wibar 1.2.1 Authenticated.Stored.Cross-Site.Scripting HIGH" "woffice 5.4.15 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.12 Unauthenticated.Privilege.Escalation CRITICAL" "woffice 5.4.9 Reflected.Cross-Site.Scripting MEDIUM" "woffice 4.0.2 Unauthenticated.Disclosure.of.Notification.Titles MEDIUM" "wpcake No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-portfolio 2.5 Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "wellness No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wp-forge No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "workreap 2.6.4 Subscriber+.Arbitrary.Posts.Deletion.via.IDOR MEDIUM" "workreap 2.6.3 Freelance.Marketplace.and.Directory.<.2.6.3.-.Subscriber+.Private.Message.Disclosure.via.IDOR MEDIUM" "workreap 2.2.2 Missing.Authorization.Checks.in.Ajax.Actions HIGH" "workreap 2.2.2 Unauthenticated.Upload.Leading.to.Remote.Code.Execution CRITICAL" "workreap 2.2.2 Multiple.CSRF.+.IDOR.Vulnerabilities HIGH" "whimsy-framework No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "westand 2.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "woohoo No.known.fix Settings.Update.via.CSRF MEDIUM" "wishful-blog No.known.fix Reflected.XSS HIGH" "wp-magazine No.known.fix Reflected.Cross-Site.Scripting MEDIUM" "wr-nitro No.known.fix Unauthenticated.Arbitrary.Plugin.Installation CRITICAL" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "wplms 1.9.9.5.3 Authenticated.(Subscriber+).SQL.Injection MEDIUM" "wplms 1.9.9.1 Missing.Authorization.to.Unauthenticated.User.Token.Generation MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Student+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.5 Authenticated.(Student+).Remote.Code.Execution HIGH" "wplms 1.9.9.1 Unauthenticated.Privilege.Escalation CRITICAL" "wplms 1.9.9.5.2 Authenticated.(Contributor+).Arbitrary.Directory.Deletion HIGH" "wplms 1.9.9.5.2 Authenticated.(Subscriber+).Arbitrary.File.Deletion HIGH" "wplms 1.9.9.5.3 Authenticated.(Instructor+).SQL.Injection MEDIUM" "wplms 1.9.9.5.2 Authenticated.(Instructor+).Arbitrary.File.Upload HIGH" "wplms 1.9.9.1 Unauthenticated.Arbitrary.File.Upload CRITICAL" "wplms 1.9.9.5 Unauthenticated.Arbitrary.Directory.Deletion HIGH" "wplms 4.963 Unauthenticated.Arbitrary.File.Read.and.Deletion CRITICAL" "wplms 4.900 Cross-Site.Request.Forgery HIGH" "xenon No.known.fix Unauthenticated.Cross-Site.Scripting.(XSS) MEDIUM" "xin No.known.fix Unauthenticated.PHP.Object.Injection CRITICAL" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Missing.Authorization MEDIUM" "xstore 9.3.9 Unauthenticated.Local.File.Inclusion CRITICAL" "xstore 9.3.9 Subscriber+.Arbitrary.Options.Update HIGH" "xstore 9.3.9 Unauthenticated.SQLi HIGH" "xstore 9.3.9 Reflected.Cross-Site.Scripting HIGH" "yuki 1.3.15 Cross-Site.Request.Forgery.to.Theme.Setting.Reset MEDIUM" "yuki 1.3.14 Missing.Authorization.to.Authenticated.(Subscriber+).Theme.Setting.Reset MEDIUM" "yuki 1.3.8 Reflected.Cross-Site.Scripting MEDIUM" "yourjourney No.known.fix Reflected.Cross-Site.Scripting.via.Prototype.Pollution MEDIUM" "zigcy-cosmetics 1.0.6 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zbench No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting MEDIUM" "zass No.known.fix WooCommerce.Theme.for.Handmade.Artists.and.Artisans.<=.3.9.9.10.-.Missing.Authorization.to.Authenticated.(Subscriber+).Demo.Import MEDIUM" "zilom No.known.fix Reflected.XSS HIGH" "zenon-lite No.known.fix Authenticated.(Contributor+).Stored.Cross-Site.Scripting.via.Button.Shortcode MEDIUM" "zeever 1.1.1 Multiple.Versions.-.Missing.Authorization.to.Notice.Dismissal MEDIUM" "zox-news 3.17.0 Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "zigcy-baby 1.0.7 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zigcy-lite 2.1.0 Backdoored.Plugins.&.Themes.from.AccessPress.Themes CRITICAL" "zoxpress 2.12.1 The.All-In-One.WordPress.News.Theme.<.2.12.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Update HIGH" "zoxpress 2.12.1 The.All-In-One.WordPress.News.Theme.<.2.12.1.-.Missing.Authorization.to.Authenticated.(Subscriber+).Arbitrary.Options.Deletion HIGH")
 	pp "Theme: Version"
         rthemes=(`grep -oP ".*/wp-content/themes/\K[a-zA-Z0-9-_.]+" $file | sort -u`)
         d=true; [[ ! ${rthemes[@]} ]] && d=false || d=true